kooora4lives.net Open in urlscan Pro
2606:4700:20::ac43:47ec Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kooora4lives.net/
Effective URL:
https://kooora4lives.net/home/
Submission: On February 19 via manual (February 19th 2022, 8:09:08 pm UTC) from CR — Scanned from DE

Summary HTTP 346 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 62 IPs in 11 countries across 56 domains to perform 346 HTTP transactions. The main IP is 2606:4700:20::ac43:47ec, located in United States and belongs to CLOUDFLARENET, US. The main domain is kooora4lives.net.
TLS certificate: Issued by E1 on February 1st 2022. Valid for: 3 months.

This is the only time kooora4lives.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 11	2606:4700:20:... 2606:4700:20::ac43:47ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.108.145.172 104.108.145.172	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
31	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:20:... 2606:4700:20::681b:4071	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	45.133.44.4 45.133.44.4	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
12	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	158.69.251.190 158.69.251.190	16276 (OVH) (OVH)
4	2a0c:5c81:514... 2a0c:5c81:5142::2	55081 (24SHELLS) (24SHELLS)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2 40	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 8	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
13	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
3	188.42.29.196 188.42.29.196	7979 (SERVERS-COM) (SERVERS-COM)
3	5.178.65.246 5.178.65.246	50673 (SERVERIUS-AS) (SERVERIUS-AS)
5	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13	172.67.10.198 172.67.10.198	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 5	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::18 2a02:2638::18	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
9	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	62.144.160.15 62.144.160.15	12312 (ECOTEL) (ECOTEL)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
7 20	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2 2	18.195.184.255 18.195.184.255	16509 (AMAZON-02) (AMAZON-02)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 4	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	104.108.145.8 104.108.145.8	16625 (AKAMAI-AS) (AKAMAI-AS)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
1	51.89.21.5 51.89.21.5	16276 (OVH) (OVH)
2	104.111.242.245 104.111.242.245	() ()
346	62

11 2606:4700:20::ac43:47ec (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

kooora4lives.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.kooora4lives.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.145.172 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-172.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

jscdn.greeter.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681b:4071 (United States)

ASN13335 (CLOUDFLARENET, US)

www.kooora4live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.133.44.4 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

player.aplhb.adipolo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

adipolo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.69.251.190 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns546644.ip-158-69-251.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)

ghb.aplhb.adipolo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.87 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.42.29.196 (Luxembourg)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 5.178.65.246 (Amersfoort, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

pbjs.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adipololtd-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.67.10.198 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.251.249.14 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::18 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.144.160.15 (Germany) 1 redirects

ASN12312 (ECOTEL, DE)

ssl.hurra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.162 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.184.255 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-184-255.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::13 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.108.145.8 (Berlin, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Kassel, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.5 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p38.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (None, )

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	googlesyndication.com 2 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120 c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com	505 KB
52	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	467 KB
24	gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn2.gstatic.com www.gstatic.com fonts.gstatic.com	300 KB
17	criteo.net static.criteo.net — Cisco Umbrella Rank: 638 pix.eu.criteo.net — Cisco Umbrella Rank: 7678 csm.eu.criteo.net — Cisco Umbrella Rank: 7893	490 KB
14	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 736 rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14241 ads.eu.criteo.com — Cisco Umbrella Rank: 7942 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 10187 gum.criteo.com — Cisco Umbrella Rank: 355 mug.criteo.com — Cisco Umbrella Rank: 3197	55 KB
13	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	2 MB
13	smilewanted.com prebid.smilewanted.com — Cisco Umbrella Rank: 8384	1 KB
13	33across.com ssc.33across.com — Cisco Umbrella Rank: 1312	2 KB
11	kooora4lives.net 3 redirects kooora4lives.net www.kooora4lives.net	97 KB
10	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	2 KB
10	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1324 m.addthis.com — Cisco Umbrella Rank: 1287 api-public.addthis.com — Cisco Umbrella Rank: 3693	221 KB
8	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 865	3 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	292 KB
8	adipolo.com player.aplhb.adipolo.com — Cisco Umbrella Rank: 129266 adipolo.com — Cisco Umbrella Rank: 111279 ghb.aplhb.adipolo.com — Cisco Umbrella Rank: 135660	144 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	5 KB
7	kooora4live.com www.kooora4live.com
6	openx.net adipololtd-d.openx.net — Cisco Umbrella Rank: 241286 rtb.openx.net — Cisco Umbrella Rank: 1330 us-u.openx.net	1 KB
5	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 598	3 KB
5	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	12 KB
5	4dex.io script.4dex.io — Cisco Umbrella Rank: 1902 mp.4dex.io — Cisco Umbrella Rank: 2329	25 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 9027	1 KB
3	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 463 Failed	3 KB
3	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5927	534 B
3	e-planning.net pbjs.e-planning.net — Cisco Umbrella Rank: 6090	472 B
3	betweendigital.com ads.betweendigital.com — Cisco Umbrella Rank: 1448	1 KB
3	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1014	800 B
2	teads.tv sync.teads.tv	344 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 683 s.tribalfusion.com — Cisco Umbrella Rank: 1640	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 269 pr-bh.ybp.yahoo.com Failed	919 B
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 307	936 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 529	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 36433	532 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 582	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4441	720 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2478	207 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 653 r.turn.com — Cisco Umbrella Rank: 2694	869 B
2	hurra.com 1 redirects ssl.hurra.com — Cisco Umbrella Rank: 85629	422 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	histats.com s10.histats.com — Cisco Umbrella Rank: 17271 s4.histats.com — Cisco Umbrella Rank: 14990	5 KB
2	greeter.me jscdn.greeter.me — Cisco Umbrella Rank: 144040	17 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 493	534 B
1	o2online.de portal.o2online.de — Cisco Umbrella Rank: 53320	609 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 927	463 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 21278	521 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 491	535 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 197	5 KB
1	adtelligent.com player.adtelligent.com — Cisco Umbrella Rank: 5338	5 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 741	418 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1518	823 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	37 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 330	1 KB
0	3lift.com Failed eb2.3lift.com Failed
0	smaato.net Failed s.ad.smaato.net Failed
0	w55c.net Failed pm.w55c.net Failed
0	netmng.com Failed google2waycm.netmng.com Failed
346	56

	Domain	Requested by
40	tpc.googlesyndication.com	2 redirects pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com s0.2mdn.net
26	pagead2.googlesyndication.com	kooora4lives.net pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com www.googletagservices.com s0.2mdn.net
20	cm.g.doubleclick.net	7 redirects c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com googleads.g.doubleclick.net
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com www.googletagservices.com kooora4lives.net
13	s0.2mdn.net	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com kooora4lives.net s0.2mdn.net
13	prebid.smilewanted.com	player.aplhb.adipolo.com
13	ssc.33across.com	player.aplhb.adipolo.com
11	securepubads.g.doubleclick.net	jscdn.greeter.me securepubads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
10	kooora4lives.net	2 redirects kooora4lives.net
9	static.criteo.net	ads.eu.criteo.com player.aplhb.adipolo.com static.criteo.net
9	www.gstatic.com	googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
8	onetag-sys.com	1 redirects player.aplhb.adipolo.com c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
8	www.googletagservices.com	jscdn.greeter.me googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
7	fonts.googleapis.com	googleads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com cdnjs.cloudflare.com
7	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com jscdn.greeter.me
7	www.kooora4live.com
6	pix.eu.criteo.net	ads.eu.criteo.com
6	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
6	s7.addthis.com	kooora4lives.net s7.addthis.com
5	fonts.gstatic.com	fonts.googleapis.com
5	www.google.com	1 redirects tpc.googlesyndication.com c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
5	ap.lijit.com	2 redirects player.aplhb.adipolo.com
5	ib.adnxs.com	1 redirects player.aplhb.adipolo.com googleads.g.doubleclick.net
5	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
5	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	gum.criteo.com	2 redirects static.criteo.net
4	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
4	bidder.criteo.com	player.aplhb.adipolo.com static.criteo.net
4	ghb.aplhb.adipolo.com	player.aplhb.adipolo.com
3	mug.criteo.com
3	dsum-sec.casalemedia.com	1 redirects googleads.g.doubleclick.net
3	api-public.addthis.com	s7.addthis.com
3	prebid-eu.creativecdn.com	player.aplhb.adipolo.com
3	adipololtd-d.openx.net	player.aplhb.adipolo.com
3	pbjs.e-planning.net	player.aplhb.adipolo.com
3	ads.betweendigital.com	player.aplhb.adipolo.com
3	prebid.a-mo.net	player.aplhb.adipolo.com
3	mp.4dex.io	player.aplhb.adipolo.com
3	player.aplhb.adipolo.com	jscdn.greeter.me player.aplhb.adipolo.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	kooora4lives.net
2	ups.analytics.yahoo.com	2 redirects
2	pixel.advertising.com	2 redirects
2	c1.adform.net	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	d5p.de17a.com	2 redirects
2	dclk-match.dotomi.com	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
2	csm.eu.criteo.net	ads.eu.criteo.com
2	ssl.hurra.com	1 redirects ads.eu.criteo.com
2	script.4dex.io	player.aplhb.adipolo.com script.4dex.io
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	jscdn.greeter.me	kooora4lives.net
1	id5-sync.com	player.aplhb.adipolo.com
1	portal.o2online.de
1	rtb.openx.net	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
1	s.tribalfusion.com	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	match.adsrvr.org	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
1	cms.quantserve.com	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	r.turn.com
1	ad.turn.com	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	player.adtelligent.com	player.aplhb.adipolo.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	s4.histats.com	s10.histats.com
1	adipolo.com
1	s10.histats.com	kooora4lives.net
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	www.googletagmanager.com	kooora4lives.net
1	z.moatads.com	s7.addthis.com
1	www.kooora4lives.net	1 redirects
0	eb2.3lift.com Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
0	s.ad.smaato.net Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
0	ssum-sec.casalemedia.com Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
0	pr-bh.ybp.yahoo.com Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
0	pm.w55c.net Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
0	google2waycm.netmng.com Failed	c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
346	85

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.youtube.com
www.reyada-365.com
kooora4lives.com

Subject Issuer	Validity	Valid
*.kooora4lives.net E1	`2022-02-01` - `2022-05-02`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
greeter.me R3	`2022-01-20` - `2022-04-20`	3 months	crt.sh
histats.com R3	`2022-01-21` - `2022-04-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
player.aplhb.adipolo.com R3	`2022-01-17` - `2022-04-17`	3 months	crt.sh
ghb.aplhb.adipolo.com ZeroSSL ECC Domain Secure Site CA	`2022-02-10` - `2022-05-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
player.adtelligent.com R3	`2022-01-18` - `2022-04-18`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.a-mo.net R3	`2022-02-18` - `2022-05-19`	3 months	crt.sh
ssc.33across.com GTS CA 1D4	`2022-01-23` - `2022-04-23`	3 months	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.e-planning.net R3	`2021-12-30` - `2022-03-30`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-04`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2022-02-11` - `2023-03-08`	a year	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh

This page contains 35 frames:

Primary Page: https://kooora4lives.net/home/
Frame ID: 8BC6D83768BF27A755A0DB15065311A8
Requests: 140 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 59068606AB70A13370FE0FE1476DA7E6
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: C040AE1CCDC541F87E8BBBA4B97114D6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220216/r20190131/zrt_lookup.html
Frame ID: 78F14C1A3CE3F3D3FC5B48414AFF3CF7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&adk=1812271804&adf=3025194257&lmt=1645301341&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341157&bpp=2&bdt=2994&idt=199&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3367489163969&frm=20&pv=2&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214
Frame ID: BC51A889A83EEEF0BB0B83FB5E671BCD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=5249431448&adk=3989702682&adf=3501923860&pi=t.ma~as.5249431448&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341159&bpp=2&bdt=2996&idt=219&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=DqKBELWXME&p=https%3A//kooora4lives.net&dtd=223
Frame ID: E829F44F4F05035879FC8CC1374885F0
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=6371458341&adk=3595442130&adf=489705927&pi=t.ma~as.6371458341&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=225&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=453&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OyGx6InGxB&p=https%3A//kooora4lives.net&dtd=227
Frame ID: 9FDC9B140A5FDED2FC19315372D60BB9
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=4439429576&adk=1636138468&adf=583590995&pi=t.ma~as.4439429576&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=246&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=H47wo2U06N&p=https%3A//kooora4lives.net&dtd=248
Frame ID: 734117D52B73D6C4B4C9CB1D747752B4
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=3745295006&adk=326657552&adf=3852535245&pi=t.ma~as.3745295006&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341162&bpp=1&bdt=2999&idt=251&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4017&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=j8HNWVgVux&p=https%3A//kooora4lives.net&dtd=253
Frame ID: 604FF39A3979E9577E82268993664959
Requests: 17 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BB3F4D950DB979BA188ECCBAE3C28C5E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 272331D69E9478172550D00F9D55092F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0C329900C58EE0C3F1BCB34304C722F7
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YhFOXQAIJyAIu_6OAA63sUMp0yw_0Frtkht7oA&u=%7CVACyndVA8BFnPx7UbU%2FRGKCOeR%2BweiQa7n0%2Bm%2Bj3dKU%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDZJaMXBGgBECvy_dgmu_qpkAWw7ewvaaNipaamzD3R31gTPUiwHbkoGL5TDbV3afaVojlSDxZ_7Q-_nAvxCeFhyL7IsckMA2YXQlJIwnCIYGxxhVW4jFzxu8ZIbhT_u65ru95pWNmkZ-4Ifk8Q6NGJIXRt7ljOWAYiNZENwZ31LDyxcCD3sMvQozJb6xBWO-4KaEorFUN_Y-wTtrLX1eav77hKyrrZcwpddCv3pSmbNBa8_1WwRJppuMAgM_Wg4r8fuBLycnP1aNpuEiN6pc4UOuGkyVhzRoJcbU8AzH0wh0IArHg1GfOcNfIuVktxtOKAcoK7_eeL8nSG-aZnEyO5dLX0VEAKIbVk8oDAgb8QRmrjD0k90SEeF5mSCJiHYgs0H-yEpoDDvJViVaFIO-Vk1etQ1fHVQHF&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClIVUXU4RYqDOII797_UPse-6wAPJntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM2MTkxMzMwMzE1MDgyNjSgAdW20uoDyAEJqQKdKQweaf6yPqgDAaoExAFP0FNR094ByCT44HcqdPGbH04ml1gC0nAemCI3rPxl9YGIU3sxHfcY9oF470BTrPI8jzexLzj8P4awj8T6Voh_AADsG0R_Sv8X0qBuXDK8tlAR9UxaorcLEvec45nG8fUnJCsY6yiZUkClTNsGisXjDNrTub2boY71rps3SxKKYZagcIpFk6OBU-sboIL1TzgdUV1ltp9oEuoaRGqVZHNgEuuhQ_eU5OkrQRldCf5M4CFUm6vcspaXUKawhIAf1bFi3FQBgAaHjY3bzaDM3PQBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1U7egpxWE4rxDQwqQCCJu7S0p_7Q%26client%3Dca-pub-3619133031508264%26adurl%3D
Frame ID: 7B18DEBA3DC44B79DA2ED5D9ABD9174E
Requests: 21 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 17D442E48FBF8BEB7D87C3C03799C9C6
Requests: 5 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F5D22C960EEA02842D4D5F82673ABA2F
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js
Frame ID: B66CF3C14087ACE1820E3A0B5B3AA75E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js
Frame ID: 37E1C618EC5D99207E5C18D282CD80F9
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6E09509ACB2ABA14F7104A08FD43CA35
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js
Frame ID: C20803682316380653B314DCA5F783AA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 42B73E6C0841A42033DBB5BC9060A742
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 831C9716B9EAACB7477CCFA455614F3A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1BD17CD889B822AA23D2491F502B838B
Requests: 8 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EF9CEBA468255FE997A493A087B01047
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNUmC9Uo2u7huAGvzlVG8it5PwGZ6pPUlFPfv_uVQRHa1b9hfTNXYKtcJ2OqgZyx8oBu7l-ndK2-e27VfkikGaWKAYgFo3L0E0Ey3wOiVUcLwMM11UJDPlIfr-rHv905FrgXLyWKVoRkYS9X643tewfo9tWWYxShh37JcvzmzRyH2ftqt4A
Frame ID: 56F7B920C4D1F5EED58D4AD2A66E6719
Requests: 5 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kooora4lives.net
Frame ID: CE38042C15D08B4EFA128D3AEED6BE06
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EDEB8ABBC9DEDD6EB3560C24D29889A3
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 537271FC685C2B1E3A6396EB3B520A19
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
Frame ID: E6B901481BB7E2726913F13F8882A1CB
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js
Frame ID: 7582D6EDC424587361196A380EAD79AC
Requests: 1 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B6F5F6B87EDC932CD2A67FE943143800
Requests: 1 HTTP requests in this frame

Frame: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7D283778A10D73FD062C4DDA8D6CFF17
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0
Frame ID: 4109593019B2FC0FDDB00079044E5114
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 73DC4EBBD9F989B52FF4FE42B724E09B
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17969436453016436736/160x600.html?e=69&leftOffset=0&topOffset=0&c=dZvT4TBhVL&t=1&renderingType=2
Frame ID: 47789E0167DDC49149EE0E12ED0F7720
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F286468E31955589714ABA961938AF0A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

كورة 4 لايف | koora4live اهم مباريات اليوم ، اخبار و نتائج المبارياتTwitterWhatsAppFacebookMessengerTelegramAddThisTwitterWhatsAppFacebookMessengerTelegramAddThis

Page URL History Show full URLs

https://kooora4lives.net/ HTTP 301
https://kooora4lives.net/m2/ HTTP 301
https://kooora4lives.net/home/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Page Statistics

346
Requests

89 %
HTTPS

43 %
IPv6

56
Domains

85
Subdomains

62
IPs

11
Countries

4538 kB
Transfer

8588 kB
Size

57
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/kooora4live2/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCiW5olCzHvNKaPTPGhdsj7A

Search URL Search Domain Scan URL

URL: https://www.reyada-365.com/home/
Title: ساليرنيتانا 10:45 PM 0-0جارية الآن ميلان Serie A Youtube Channel خالد الغول الدوري الإيطالي

Search URL Search Domain Scan URL

URL: https://www.reyada-365.com/
Title: آرسنال 1-2إنتهت المباراة برينتفورد بي ان سبورت 3 غير معروف الدوري الإنجليزي الممتاز

Search URL Search Domain Scan URL

URL: https://kooora4lives.com/
Title: روما 2-2إنتهت المباراة هيلاس فيرونا Serie A Youtube Channel ميشيل سعد الدوري الإيطالي

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kooora4lives.net/ HTTP 301
https://kooora4lives.net/m2/ HTTP 301
https://kooora4lives.net/home/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png HTTP 301
https://kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png

Request Chain 119

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U HTTP 301
https://tpc.googlesyndication.com/simgad/7103612115487317334

Request Chain 131

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U HTTP 301
https://tpc.googlesyndication.com/simgad/7103612115487317334

Request Chain 163

https://ssl.hurra.com/pvs.gif?cid=4557&tid=24538 HTTP 302
https://ssl.hurra.com/pvs.gif?bd3p=1&cid=4557&tid=24538

Request Chain 220

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKSr-mFHGCgsq6Xe-UPVBug&google_cver=1&google_push=AYg5qPKGkvohWEKGWegrwkOrq5-6HCHrz86AYARDzOvvuka8uic0l7n9PA3ItPIO_HfraFJGR6w8Fz5MwcwiTd4Wf69_VeK2-u4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkyNTgzOTQ3NjYxOTMyNjQyNw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHVPzAVHUGHDiNP_p_BJcSk&google_cver=1

Request Chain 222

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEOL17Gvl3inNYIenLWvJ0Ao&google_cver=1&google_push=AYg5qPJ3JchVVdu1GsDapABdH3pQOtoDdJq8Dm1bWaZiDx3kfTlRjXtb1xgW0YRBN6v9P2I4IsHnrPvt4ymYz4AfxWcaLZXXh38 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOL17Gvl3inNYIenLWvJ0Ao&google_push=AYg5qPJ3JchVVdu1GsDapABdH3pQOtoDdJq8Dm1bWaZiDx3kfTlRjXtb1xgW0YRBN6v9P2I4IsHnrPvt4ymYz4AfxWcaLZXXh38

Request Chain 223

https://ads.travelaudience.com/google_pixel?google_gid=CAESEITt_ZvpBTLrOjtZdirIfog&google_cver=1&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjIfUCY-bkVSc0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjIfUCY-bkVSc0

Request Chain 224

https://d5p.de17a.com/cookies/google?google_gid=CAESEAlasnUQ4fZYEKITj0xmEGo&google_cver=1&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAlasnUQ4fZYEKITj0xmEGo&google_cver=1&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg

Request Chain 225

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDDs74LG4IHnJyFQK86s0Cc&google_cver=1&google_push=AYg5qPKVnVx2jH9DWfH6CVokjWy1jb3UJdIUtCe85QiGgPGPAbv5Fw0Q7jyAf8bydURjdgneRejiqbVKmnizIdimy7xyUz4ScE8 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDDs74LG4IHnJyFQK86s0Cc&google_cver=1&google_push=AYg5qPKVnVx2jH9DWfH6CVokjWy1jb3UJdIUtCe85QiGgPGPAbv5Fw0Q7jyAf8bydURjdgneRejiqbVKmnizIdimy7xyUz4ScE8&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lcpCJSUFQg2u-vUlIpxxqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnVx2jH9DWfH6CVokjWy1jb3UJdIUtCe85QiGgPGPAbv5Fw0Q7jyAf8bydURjdgneRejiqbVKmnizIdimy7xyUz4ScE8

Request Chain 229

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 232

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENSCT2wU9ZwLNvr1M_EHm88&google_cver=1&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZfrPW9HtfPrJXwKzEY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZfrPW9HtfPrJXwKzEY&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

Request Chain 233

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKeRxnXCk1OVDAgZ_Lm4SU8&google_cver=1&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL3o6Y-Cvwu2yCcL4uN1E HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKeRxnXCk1OVDAgZ_Lm4SU8&google_cver=1&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL3o6Y-Cvwu2yCcL4uN1E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODc1NjA2OTc1NTA2ODAxMA&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL3o6Y-Cvwu2yCcL4uN1E

Request Chain 234

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_cver=1&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1

Request Chain 235

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA&apid=UPc84dde3a-91bf-11ec-9152-02d562fc542e HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA&apid=UPc84dde3a-91bf-11ec-9152-02d562fc542e&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjODRkZGUzYS05MWJmLTExZWMtOTE1Mi0wMmQ1NjJmYzU0MmU%3D&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA

Request Chain 269

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1

Request Chain 270

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YhFOXut.i0xODyduFi1otgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1&google_hm=2

Request Chain 271

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGopaZZXGHOHNoK-axKqUIo&google_cver=1

Request Chain 272

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU1NDU5NjgzODA1OTAzODI4OA%3D%3D

Request Chain 276

https://gum.criteo.com/sid/json?origin=publishertag&domain=kooora4lives.net&sn=ChromeSyncframe&so=0&topUrl=kooora4lives.net&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=LtUnsHxEUW1XZFJnL1BYbDJ0dHF5MUZ6V1dLbmxwb2FVeVhOK3Bkc0xQMDJVbFZFYWhMUjhTQytheFdCMDNCQjJiVjVWZFcrYmttL3hJRldJZ0VGQlpQUHBrSUtNZktEU0hmVDRCTzlMb2JLMnJIMDhnYUFKSkQyalhndFJXN0RwYW9uNUJJandyenJkaCtBU3NUeVFKOWVXaHE5SGVlYkpBVDRhQkFxelJwdHBscnZGNzVLSXZmdW9VazhvWHN2M1pocU5qanlORDhrYlJGMHRDY1VrNFd3NDBVU0gyOEIzTnpqSml6blNsS3YydUtMTU5NZ1VqZlBOY2lGdVR6dHVGY1F1TEp3UDdEUHN0dWF2VWZYSVB0dlNZZz09fA&cppv=2

Request Chain 282

https://a.tribalfusion.com/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 283

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENSCT2wU9ZwLNvr1M_EHm88&google_cver=1&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcxMvlefeCHvhhRw-0D4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcxMvlefeCHvhhRw-0D4&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

Request Chain 285

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENjF3lX0IRfPJCT9cworl7o&google_cver=1&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENjF3lX0IRfPJCT9cworl7o&google_cver=1&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ&google_hm=5cfd4169fbb0d560109d6fd0

Request Chain 286

https://match.360yield.com/match/ebda?google_gid=CAESEHK-fxeIpAZWUlb16zfqYnk&google_cver=1&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHK-fxeIpAZWUlb16zfqYnk&google_cver=1&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw

Request Chain 287

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMcKtGs1QyblT3ANtnQZWjw&google_cver=1&google_push=AYg5qPJsXS9EzmgCmXY2fFeWkrMvDRZQnNggVXvjlDDLzyzCPftBetaz_PnJ4hSfu9nEAS5FCK4P9c0-17x9HCyg9GhuqD2ksValIQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJsXS9EzmgCmXY2fFeWkrMvDRZQnNggVXvjlDDLzyzCPftBetaz_PnJ4hSfu9nEAS5FCK4P9c0-17x9HCyg9GhuqD2ksValIQ HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 306

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkooora4lives.net%2F&domain=kooora4lives.net&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=6BlBlnw3bjFIZEM4VjdMQjl5Uyt1U3d2aWNManA2OUtzaEFwVWJXSUR6NG1rdVBvaWROaGd0MmV2ejI1VVplV1J2OVJkM2UrYzc4RklrMWFqUVlJc1NkTENhR081QkpBdXRpR1p3UGp0L0M0RE1tTWpkcnRseWMraWtDM0lwRHlPbEJLRHFYZ1FYc002amtDZjJybWYxMkdCYXRKZFFxSWJYMVFuSUVMV0pRSEUyYllKRFM2cDlmS2MrM1FaNHZkSUJrRHMrbEZSdXUyUzcvcituT3BhSGF2LzZDMDJ0d1BUeWZSSlFGUFJGOHFUNVRaZTNXaGxLalpzN1R4Ui9UVldxL01JYncwbWJnZktYcFRRUkx4aUhyc1RZdz09fA&cppv=2

Request Chain 338

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENOgN30nGrdfQYHQ1-gDYVM&google_cver=1

Request Chain 340

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGKA3THtpjUIh749mFrAMEA&google_cver=1

Request Chain 353

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHq1EZaUAXq4Bzuy9XUDxIU&google_cver=1&google_push=AYg5qPIqAK1IceAAdZ-ZNIaKIYwDfj_WyyG-bvZZANYg_6VS_q7z-0iVeL6Z4HrJWSlxJzPWl15iT6T8y6rA3ye51RNn3HvfHpzp HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIqAK1IceAAdZ-ZNIaKIYwDfj_WyyG-bvZZANYg_6VS_q7z-0iVeL6Z4HrJWSlxJzPWl15iT6T8y6rA3ye51RNn3HvfHpzp

346 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
kooora4lives.net/home/
Redirect Chain

https://kooora4lives.net/
https://kooora4lives.net/m2/
https://kooora4lives.net/home/

87 KB
17 KB

60ms
60ms

Document
text/html

2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kooora4lives.net/home/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 997663e6a373f85d2fd73078031d335d03e896b56638072e34bf9c30ce15ee4f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 19 Feb 2022 20:08:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Cookie
cache-control: max-age=3, must-revalidate
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlQjTWg0USVKjdy8MMua4qTQskN6ztI8DdmNvJ98YhzLWKJQRP%2F9oZxRr%2BTuOgplasiI%2FL3nhyhukjbNxQ9F4e0Wyx7FpjQ3f%2F3ZMRy9td%2Bks2WPECFu2j9IqtnTQ0WkOeC8O9eltpfr8K1OENQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e0221532fa69131-FRA
content-encoding: br

Redirect headers

date: Sat, 19 Feb 2022 20:08:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Cookie
expires: Sat, 19 Feb 2022 21:08:58 GMT
cache-control: max-age=3600
x-redirect-by: redirection
location: /home/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wkku2abq18CdKGGZ7%2BjIpZVayu89r1c0Pn07bm%2BYdfXrQ3w5RHa7DgeHfxGst1%2FD7WNxx2ImFWIyVCglnwir%2F18vHA2ipTgcbaAuz5Z5bMa71S5GeUnt1YF0jvh3cW0%2BySSx0i%2Br9SiEhlyGGlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e0221526d5d9131-FRA

GET
H2 200 addthis_wordpress_public.min.css
kooora4lives.net/wp-content/plugins/addthis/frontend/build/ 587 B
701 B 25ms
25ms Stylesheet
text/css 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kooora4lives.net/wp-content/plugins/addthis/frontend/build/addthis_wordpress_public.min.css?ver=5.9
Requested by: Host: kooora4lives.net
URL: https://kooora4lives.net/home/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1870c49e74adfa2d70351cc067c6a3320da45d18231c5a31eb39356151620cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/home/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:08:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 453854
pragma: public
last-modified: Wed, 24 Nov 2021 20:51:13 GMT
server: cloudflare
etag: W/"619ea5c1-24b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=El0eAizLrGCQtLKep9VUxe9DmOCnIeNRBJ2HfqrFF1%2BfGCMrOt88v%2FrQGL05D5HtuJQ%2B009HgImTthw5Vbj%2F6ccpAxVkV073rU5Nbdl01sf9iWrN5MtU%2BX54MbI2cLcbkoDw%2FCyQMUB%2B%2F%2FxDas0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 6e022153a94c9131-FRA
expires: Wed, 16 Mar 2022 14:04:44 GMT

GET
H2

200

logo.png
kooora4lives.net/wp-content/themes/AlbaKora4Live/img/
Redirect Chain

https://www.kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png
https://kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png

6 KB
7 KB

19ms
18ms

Image
image/webp

2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png
Requested by: Host: kooora4lives.net
URL: https://kooora4lives.net/home/
Protocol: H2
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ab9eb1b5e0926e9778eadcbb34fa2718370ac32ee5be934f4557ee77e2e8390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:08:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 178906
cf-polished: origFmt=png, origSize=12374
content-disposition: inline; filename="logo.webp"
content-length: 6460
pragma: public
last-modified: Mon, 21 Dec 2020 21:53:15 GMT
server: cloudflare
etag: "5fe1194b-3056"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCjZpwEfV1wXmkU2mmZ%2BaGi6BBciW9izOcyCAo9DUdnHarjzHNoB87FmHfMvbpfQ7lpmUBeCexVrLES60ZUTZ7bMAJxXDIyUbPfoPqejbIEYCdVVkZDg3UH8qLBmkpViFb%2BWRlapaj1uhDfi3Hk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sat, 19 Mar 2022 18:27:12 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 6e0221541acc9131-FRA
cf-bgj: imgq:100,h2pri

Redirect headers

date: Sat, 19 Feb 2022 20:08:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtjR62%2FeykI6HDQrGNtLOKn82WTF0NH7FRQSN7RhFnFSgBVqH%2Bt5oe%2FkLNcxMqpa8YGxxDayDLwUl6smTbn4AVnDVkCEXqpH%2B8%2BeAqFw%2B8xsogW2%2FO8E1ok3CVhVXfhgBIbYDCgAsda%2FkADnq6SzSZP7"}],"group":"cf-nel","max_age":604800}
location: https://kooora4lives.net/wp-content/themes/AlbaKora4Live/img/logo.png
cache-control: max-age=3600
cf-ray: 6e022153b99f9131-FRA
expires: Sat, 19 Feb 2022 21:08:58 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 1943ms
11ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Sat, 19 Feb 2022 20:09:00 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 rocket-loader.min.js Show response
kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 9ms
9ms Script
application/javascript 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/home/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:08:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Feb 2022 13:46:32 GMT
server: cloudflare
etag: W/"620d0038-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ77Q%2FNthDkdJo9y5pHR7zNcYL59qGHXb0XN2lm6b0sYbYcjhLMwCG9QyCziTVAkcabpVJk4Gte2%2F6mS5HLo1lj354mD8xHHE2N5t0RLcbvKaybWAlCrZOqHBG3EyW3jfSf6koWuXDtthb6%2FAI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e022153a9659131-FRA
vary: Accept-Encoding
expires: Mon, 21 Feb 2022 20:08:58 GMT

GET
DATA 200
OK truncated
/ 451 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de103d5f4ad393bb96697192045e2f571c47b491690081364d746755fbc9a3f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 944 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50b355d30ddbdcfbc57eb2a32734c6574995395b4c64f278ce270f8646b5f3b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 460 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 500 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 NeoSansArabic.woff
kooora4lives.net/wp-content/themes/AlbaKora4Live/fonts/ 56 KB
57 KB 22ms
22ms Font
font/woff 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kooora4lives.net/wp-content/themes/AlbaKora4Live/fonts/NeoSansArabic.woff
Requested by: Host: kooora4lives.net
URL: https://kooora4lives.net/home/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6

Request headers

Referer: https://kooora4lives.net/home/
Origin: https://kooora4lives.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:08:58 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Dec 2020 21:53:15 GMT
server: cloudflare
age: 2680
etag: "5fe1194b-e014"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QKsHAlUy67UX6VkSloZODiQMp6uwkmj860U91T2yzUvxE%2BTj3pbXnwPyCAmlJJUQhlPf5wVLA%2BvwB9UZgtlpnm1TGWI2zn3PUkRH%2BA7yp41Rkm5MtMd6%2BfVSTA9iQy%2Bo6%2FW8pUUI4R3JK08%2FPmk%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=7200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6e022153da039131-FRA
content-length: 57364

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 96ms
21ms Script
application/x-javascript 104.108.145.172
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.108.145.172 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-172.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:00 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 191C384BD08D2989
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=35849
accept-ranges: bytes
content-length: 948
x-amz-id-2: /Y8Yj/DqLNS2pI1SPlp4cWcg3IlspJAynuwPI5L3vSGxaNJQvodByoZJc97qcmeVSMm8xcdrWW0=

GET
H2 200 lazyload.js Show response
kooora4lives.net/wp-content/themes/AlbaKora4Live/js/ 7 KB
3 KB 20ms
20ms Script
application/javascript 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kooora4lives.net/wp-content/themes/AlbaKora4Live/js/lazyload.js
Requested by: Host: kooora4lives.net
URL: https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1b682cb1fee45d7f80c900aba4d8ddcb18ac1016dcf38ece495801ac65eb14f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/home/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 453855
cf-polished: origSize=7249
cf-bgj: minify
pragma: public
last-modified: Mon, 21 Dec 2020 21:53:15 GMT
server: cloudflare
etag: W/"5fe1194b-1c51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcYHfO74ORkhLh4qcd0lAvWD7hRjHoR761AzKsqFiVJ6in0RlNE7dF8bLAq%2FPksCZEkjs0xYjK0Y9tdJ6ddc7wZPmgqz6rS7ge0Tt6JABOtHcpCUfMPCJ%2B1NzZG5PZ9iQ%2B9NYn3Zb4fq2zhj1cw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 6e0221602f1e9131-FRA
expires: Wed, 16 Mar 2022 14:04:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 131ms
47ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-150096121-1

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a4eaa2e1e620e2f4395e44b8e3885a0648dda372afc684e319278b0cd320c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:00 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37300
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Feb 2022 20:09:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 151 KB
53 KB 137ms
56ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3619133031508264

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d025cb87b46b8acf22761f34d1e400cf1d89239cbefaf3c8001e1bac830c4e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooora4lives.net/
Origin: https://kooora4lives.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53553
x-xss-protection: 0
server: cafe
etag: 18379412481112376847
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 19 Feb 2022 20:09:00 GMT

GET
H/1.1 200
OK kooora4livesdynamic.js Show response
jscdn.greeter.me/ 8 KB
8 KB 108ms
26ms Script
text/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://jscdn.greeter.me/kooora4livesdynamic.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

d82cb29829450dd683e7fce8e7ab304007eb326b9a4d81c86734a3dd33011124

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Sat, 19 Feb 2022 20:09:00 GMT
Connection: Keep-Alive
Last-Modified: Mon, 14 Feb 2022 13:41:34 GMT
x-amz-request-id: tx000000000000168892343-0062114993-25d8085a-fra1b
etag: "4b53ace391f48f5d9669aa48b6c79618"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1645301340.dop109.am5.t,1645301340.cds015.am5.shn,1645301340.dop109.am5.t,1645301340.cds156.am5.c
Content-Type: text/javascript
Cache-Control: max-age=2375
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 7950

GET
H/1.1 200
OK kooora4liveshead.js Show response
jscdn.greeter.me/ 8 KB
9 KB 111ms
27ms Script
text/javascript 205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://jscdn.greeter.me/kooora4liveshead.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

5191512fdc0a424fc981e1660693d6b6d34458e165eb9eeda1e14eadd9f65dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Sat, 19 Feb 2022 20:09:00 GMT
Connection: Keep-Alive
Last-Modified: Mon, 14 Feb 2022 13:41:34 GMT
x-amz-request-id: tx00000000000016882a2db-006211444e-25d72b1f-fra1b
etag: "10223f07ebdc9bf9d40f25cc9ac4616f"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1645301340.dop018.am5.t,1645301340.cds220.am5.shn,1645301340.dop018.am5.t,1645301340.cds221.am5.c
Content-Type: text/javascript
Cache-Control: max-age=1026
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 8256

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5c646be341234125/ 2 KB
823 B 567ms
546ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5c646be341234125/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7897757471988b6dda805254de287e19033514ae748b13569acd29dd275c8d26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:00 GMT
content-encoding: gzip
etag: -377002541--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=15, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 647

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 92 B
252 B 949ms
915ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=62114e5c8c64e196&bkl=0&bl=1&pdt=250&sid=62114e5c8c64e196&pub=ra-5c646be341234125&rev=v8.28.8-wp&ln=ar&pc=wpp&cb=0&ab=-&dp=kooora4lives.net&fp=home%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1645301340189&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22AddThis%22%2C%22anonymous_profile_id%22%3A%22wp-f17c23e72e07ea7b036b43e61b0390e0%22%2C%22page_info%22%3A%7B%22template%22%3A%22pages%22%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=0&uvs=62114e5c7074eca9000&skipb=1&callback=addthis.cbs.jsonp__00302367484535315260
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: aaf72a44a5b3934367835f0f41b5c2f6fa0cb99911478a0a5d1ba85d8e58d67d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 92
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 5906 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame C040 71 KB
26 KB 420ms
420ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sat, 19 Feb 2022 20:09:00 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 client.ar.min.json Show response
s7.addthis.com/l10n/ 4 KB
2 KB 2094ms
50ms XHR
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/l10n/client.ar.min.json

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

72d2367dc35967c758f93deefb69e76a1cfed9be0dcab06fc8ae2bf8d37bc879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
server: nginx/1.15.8
etag: W/"5d77be05-11fd"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, s-maxage=604800
date: Sat, 19 Feb 2022 20:09:02 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 1925

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 282ms
282ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Sat, 19 Feb 2022 20:09:01 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
5 KB 68ms
9ms Script
application/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: kooora4lives.net
URL: https://kooora4lives.net/home/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:08:18 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip: 137.74.120.0/27
etag: "-375139978"
x-cacheable: Matched cache
content-type: application/javascript; charset=UTF-8
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 4364
x-request-id: 605784477

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090102/ 290 KB
104 KB 111ms
64ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090102/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3619133031508264&plah=kooora4lives.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3619133031508264

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cde8796cabb7b93bbcf7c8a4bd2d39b926a22d2dfbbe6a37fdafd10c5bd8f965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106772
x-xss-protection: 0
server: cafe
etag: 16804192996499609317
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220216/r20190131/ Frame 78F1 10 KB
5 KB 125ms
36ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220216/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3619133031508264

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sat, 19 Feb 2022 03:10:18 GMT
expires: Sat, 05 Mar 2022 03:10:18 GMT
cache-control: public, max-age=1209600
age: 61123
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 403 ChababBelouizdad2018_7_24_12_49.png
www.kooora4live.com/wp-content/uploads/2019/09/ 0
0 57ms
18ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/09/ChababBelouizdad2018_7_24_12_49.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 403 uuid_3s830ae09zdviu2cnqxixflq1.png
www.kooora4live.com/wp-content/uploads/2019/01/ 0
0 59ms
20ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/01/uuid_3s830ae09zdviu2cnqxixflq1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 download-1.png
kooora4lives.net/wp-content/uploads/2021/08/ 3 KB
4 KB 25ms
24ms Image
image/webp 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kooora4lives.net/wp-content/uploads/2021/08/download-1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ee402996856e81b9ddbe603ca5d65fdd788e4690924a4cfc644ba574ba1a5d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/home/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 136497
cf-polished: origFmt=png, origSize=5839
content-disposition: inline; filename="download-1.webp"
content-length: 3240
pragma: public
last-modified: Fri, 27 Aug 2021 22:05:05 GMT
server: cloudflare
etag: "61296191-16cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4qepneqzY211op9KGP1KX2resImwtTD1RTfePkl07luBGTmSfv165PIm4lGRNkIOyMZ9ScpkfsCe%2BZ0BQ85k%2BSWqrkCsQ0aEdb59knIHuVSvfR4GmWAREvgx84VmIYfvq42W0ZebOESFDsXzS5I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sun, 20 Mar 2022 06:14:04 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 6e022166698f9131-FRA
cf-bgj: imgq:100,h2pri

GET
H2 403 download-7-1.png
www.kooora4live.com/wp-content/uploads/2019/01/ 0
0 60ms
21ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/01/download-7-1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 403 spa_real_madrid.png
www.kooora4live.com/wp-content/uploads/2019/01/ 0
0 57ms
19ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/01/spa_real_madrid.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 403 1471635382.png
www.kooora4live.com/wp-content/uploads/2019/03/ 0
0 56ms
17ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/03/1471635382.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 403 fra_nantes.png
www.kooora4live.com/wp-content/uploads/2019/01/ 0
0 55ms
17ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/01/fra_nantes.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 403 fra_psg.png
www.kooora4live.com/wp-content/uploads/2019/01/ 0
0 40ms
17ms Image
text/html 2606:4700:20::681b:4071
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kooora4live.com/wp-content/uploads/2019/01/fra_psg.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681b:4071 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 hb_561849_14381.js Show response
player.aplhb.adipolo.com/prebidlink/457028/ 349 KB
109 KB 49ms
6ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Requested by: Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/kooora4liveshead.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: b8bc808d0fbed368037ca8b541271009eee2956752778faa1600980ccd9cf414

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 14:19:58 GMT
server: nginx
etag: W/"620fab0e-57401"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
expires: Sat, 19 Feb 2022 21:09:01 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
27 KB 151ms
51ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/kooora4liveshead.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bec41605f65590f408d8cf1c648de86b3d19f588dcd18e2568afccecbaf271cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27551
x-xss-protection: 0
server: sffe
etag: "1137 / 117 of 1000 / last-modified: 1645225613"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 wrapper_hb_561849_14381.js Show response
player.aplhb.adipolo.com/prebidlink/457028/ 789 B
733 B 66ms
23ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aplhb.adipolo.com/prebidlink/457028/wrapper_hb_561849_14381.js
Requested by: Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/kooora4liveshead.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7ad8673fe58d5f38e085656191d1693f4490e2e637f45087048faf0d42a62d09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 14:19:58 GMT
server: nginx
etag: W/"620fab0e-315"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
expires: Sat, 19 Feb 2022 21:09:01 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
27 KB 149ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/kooora4liveshead.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e61a12e2ffd38ad4f225cccb848320cc935061b431a2d7654e16cc0a846513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27505
x-xss-protection: 0
server: sffe
etag: "1137 / 61 of 1000 / last-modified: 1645225517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 adipolo_logo.png
adipolo.com/wp-content/uploads/2020/06/ 7 KB
7 KB 74ms
32ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adipolo.com/wp-content/uploads/2020/06/adipolo_logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b071563c8b59cdc2b12b2703f3b5d147f555b1c41d83e5c5ef4a02395aed89c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 446059
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7068
last-modified: Tue, 02 Jun 2020 09:04:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwKfQQe3mgWA6lkO8ClAPvBjhKiwnA7p8dDfwMu9kf5aFOzK8dkAGRDWe6SkHBcc22mkwIajOGjL6t3bz%2FuBxBWZVYfoavYB6m1%2Fgdz78elTLnY1lD6JlCyIj9vBxNJf95Dt5jtCTqxxeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6e0221671b069171-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 121ms
36ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150096121-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 249
date: Sat, 19 Feb 2022 20:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 19 Feb 2022 22:04:52 GMT

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 53 B
187 B 365ms
96ms Script
text/html 158.69.251.190
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4625840&@f16&@g1&@h1&@i1&@j1645301341215&@k0&@l1&@m%D9%83%D9%88%D8%B1%D8%A9%204%20%D9%84%D8%A7%D9%8A%D9%81%20%7C%20koora4live%20%D8%A7%D9%87%D9%85%20%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D9%8A%D9%88%D9%85%20%D8%8C%20%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1%20%D9%88%20%D9%86%D8%AA%D8%A7%D8%A6%D8%AC%20%D8%A7%D9%84%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-150023833&@b3:1645301341&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fkooora4lives.net%2Fhome%2F&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.251.190 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns546644.ip-158-69-251.net
Software: /
Resource Hash: 64eafbfed672f76eb4ea7bf1c50083ac34b4ddaff32684448b703943655e6d67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Sat, 19 Feb 2022 20:09:01 GMT
Connection: close
Content-Length: 53
Content-Type: text/html;charset=UTF-8

GET
H2 200 download-1.png
kooora4lives.net/wp-content/uploads/2021/08/ 3 KB
3 KB 23ms
21ms Image
image/webp 2606:4700:20::ac43:47ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kooora4lives.net/wp-content/uploads/2021/08/download-1.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ee402996856e81b9ddbe603ca5d65fdd788e4690924a4cfc644ba574ba1a5d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/home/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 136497
cf-polished: origFmt=png, origSize=5839
content-disposition: inline; filename="download-1.webp"
content-length: 3240
pragma: public
last-modified: Fri, 27 Aug 2021 22:05:05 GMT
server: cloudflare
etag: "61296191-16cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMAL65EQBB39fSoxqIOJxmqvUpbL1FAwOJKdddj3uZ1l%2FtIlCNeQcpAQsNiE0D6ZtIjR3ouL8Fo2yRIg%2F0U9n%2Fs0Fxsyy8RqkLN1cjZYxECD4gtTheGhA1mwEeg%2FWcBLH2AyOqVBa88zit%2BBBXA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
expires: Sun, 20 Mar 2022 06:14:04 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 6e022166aa639131-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 hbw_master_561849_14381.js Show response
player.aplhb.adipolo.com/prebidlink/457028/ 80 KB
26 KB 8ms
8ms Script
application/javascript 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aplhb.adipolo.com/prebidlink/457028/hbw_master_561849_14381.js
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/wrapper_hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 100e11ec9d5ee986cdfbd47402e848181e7f541685f55368c3c84cb266c0949a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
last-modified: Fri, 18 Feb 2022 14:19:58 GMT
server: nginx
etag: W/"620fab0e-14180"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
expires: Sat, 19 Feb 2022 21:09:01 GMT

GET
H/1.1 200
OK / Show response
ghb.aplhb.adipolo.com/geo/ 140 B
389 B 351ms
16ms XHR
application/json 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/geo/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hbw_master_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: fd64a75843c2a615fae6e2137b3dc93cb5d60d406a35f3b6d04af83a4c9ddde1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://kooora4lives.net
Date: Sat, 19 Feb 2022 20:09:01 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 140
Content-Type: application/json

GET
H/1.1 200
OK tracking Show response
ghb.aplhb.adipolo.com/adunit/ 43 B
412 B 358ms
21ms XHR
image/gif 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/adunit/tracking?event=11&type=0&client_id=561849&site_id=14381&full_page_url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&adid=u9xrvn.q6&features=32&vpbv=N051&tte=99&lifecycle_tte=3354
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hbw_master_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://kooora4lives.net
Date: Sat, 19 Feb 2022 20:09:01 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 220 B
418 B 49ms
48ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=kooora4lives.net&callback=_gfp_s_&client=ca-pub-3619133031508264

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090102/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3619133031508264&plah=kooora4lives.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

d4abb53f5b0fddfe3f7cce53e43a2dc7e78293f0d25e7d92e9fe3b749f13fa45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 198ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kooora4lives.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 197ms
48ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kooora4lives.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BC51 0
19 B 224ms
84ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&adk=1812271804&adf=3025194257&lmt=1645301341&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341157&bpp=2&bdt=2994&idt=199&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3367489163969&frm=20&pv=2&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=214

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 19 Feb 2022 20:09:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 95ms
51ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220216&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ddc63cbb22fabacdb6e51e53e71a408f18eecd3927f019ccc738d5c6a0ff911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9783
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E829 79 KB
29 KB 543ms
415ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=5249431448&adk=3989702682&adf=3501923860&pi=t.ma~as.5249431448&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341159&bpp=2&bdt=2996&idt=219&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=DqKBELWXME&p=https%3A//kooora4lives.net&dtd=223

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd49b40d94b753e7b0fa0add308fb9b127bdb605a44f4a09d874c744d7f0ffdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 19 Feb 2022 20:09:01 GMT
server: cafe
content-length: 30052
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9FDC 23 KB
9 KB 405ms
283ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=6371458341&adk=3595442130&adf=489705927&pi=t.ma~as.6371458341&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=225&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=453&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OyGx6InGxB&p=https%3A//kooora4lives.net&dtd=227

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c54b14e35c0fffc8df23c73c6f47a61b1c2c6c8974e8dc4dbf68bbded5d87a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 19 Feb 2022 20:09:01 GMT
server: cafe
content-length: 9594
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private

GET
H3 200 pubads_impl_2022021502.js Show response
securepubads.g.doubleclick.net/gpt/ 360 KB
121 KB 87ms
39ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

61daa5e10d1910c94db36832a3adb3e9bec2c60a0b584b37daea27f634f36fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3838
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123418
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 02:34:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 19 Feb 2023 19:05:03 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 144 B
126 B 95ms
48ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

1b72568a3f7a98d8db169c713523b796402451fceb5188a13c88762bdfeb0237

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Sat, 19 Feb 2022 20:09:01 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 93ms
46ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1235105401&t=pageview&_s=1&dl=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ul=en-us&de=UTF-8&dt=%D9%83%D9%88%D8%B1%D8%A9%204%20%D9%84%D8%A7%D9%8A%D9%81%20%7C%20koora4live%20%D8%A7%D9%87%D9%85%20%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D9%8A%D9%88%D9%85%20%D8%8C%20%D8%A7%D8%AE%D8%A8%D8%A7%D8%B1%20%D9%88%20%D9%86%D8%AA%D8%A7%D8%A6%D8%AC%20%D8%A7%D9%84%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=697080210&gjid=1623084798&cid=1217640050.1645301341&tid=UA-150096121-1&_gid=944434122.1645301341&_r=1&gtm=2ou2g0&z=400891475

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7341 99 KB
32 KB 346ms
345ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=4439429576&adk=1636138468&adf=583590995&pi=t.ma~as.4439429576&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=246&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=H47wo2U06N&p=https%3A//kooora4lives.net&dtd=248

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c35fd278f4eb6bcdcbdcd96bfb324fe3f67dd3d1f6bd0e43cb3bc344425048d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 19 Feb 2022 20:09:01 GMT
server: cafe
content-length: 32232
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 604F 101 KB
32 KB 329ms
328ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=3745295006&adk=326657552&adf=3852535245&pi=t.ma~as.3745295006&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341162&bpp=1&bdt=2999&idt=251&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4017&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=j8HNWVgVux&p=https%3A//kooora4lives.net&dtd=253

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

916e91af8a6c9d519add774dc21b48301529cb9ee14dba7ed2a0460b0bc6cc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 19 Feb 2022 20:09:01 GMT
server: cafe
content-length: 32496
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 162ms
61ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 config.json Show response
player.adtelligent.com/exchange_rates/313490/ 11 KB
5 KB 38ms
7ms XHR
application/json 45.133.44.4
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://player.adtelligent.com/exchange_rates/313490/config.json?cb=https%3A%2F%2Fkooora4lives.net%2Fhome%2F
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.4 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1ada909dba4a333cea85c9d378f2df43151183147ed0cd52c7f98ecb400f8bcb

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
last-modified: Sat, 19 Feb 2022 12:01:11 GMT
server: nginx
etag: W/"6210dc07-2a99"
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
expires: Sat, 19 Feb 2022 21:09:01 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 98ms
48ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 112ms
63ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 108 KB
36 KB 476ms
475ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=873873462402139&correlator=2233168857109426&output=ldjh&impl=fifs&eid=31064986%2C31064868%2C31063911&vrg=2022021502&ptt=17&sc=1&sfv=1-0-38&ecs=20220219&iu_parts=7047%3A202189885%2Capl%2Cnativefeedapl&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&prev_scp=excl_cat%3DPREPOST&eri=1&cookie=ID%3Da930ac425e81a615-22827f3948cd008b%3AT%3D1645301341%3ART%3D1645301341%3AS%3DALNI_Mbduh5MF0bSgvPV21gAwnTA1-uDRg&bc=31&abxe=1&dt=1645301341609&lmt=1645301341&dlt=1645301338163&idt=3416&frm=20&biw=1600&bih=1200&oid=2&adxs=250&adys=3075&adks=3038279168&ucis=1&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&vis=1&scr_x=0&scr_y=0&psz=1100x0&msz=1100x0&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=true&fws=4&ohw=1100&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8ca09c6adf6b7cefdbccc3871a5a4fff94a39e3f272894ad1b6a18f7d6eced60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36975
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 116 KB
32 KB 378ms
378ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=873873462402139&correlator=1084265670786257&output=ldjh&impl=fifs&eid=31064986%2C31064868%2C31063911&vrg=2022021502&ptt=17&sc=1&sfv=1-0-38&ecs=20220219&iu_parts=7047%3A202189885%2Capl%2Cinter&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ists=1&fas=8&eri=1&cookie=ID%3Da930ac425e81a615-22827f3948cd008b%3AT%3D1645301341%3ART%3D1645301341%3AS%3DALNI_Mbduh5MF0bSgvPV21gAwnTA1-uDRg&bc=31&abxe=1&dt=1645301341613&lmt=1645301341&dlt=1645301338163&idt=3416&frm=20&biw=1600&bih=1200&oid=2&adxs=-9&adys=-9&adks=2406971207&ucis=2&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=true&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

6c4c87e7a6f3bf47a6dba04f225c8de902eb46441faf5caf90f849d099bf91df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32731
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BB3F 6 KB
4 KB 191ms
49ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2022021502.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 40ms
39ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022021502.js?cb=31064986

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

9e56ed8691648f560cf884ac3576f80c0c70b1f4ddb08eea6703d7f716da6a6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 03:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13437
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 02:34:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Feb 2023 03:18:54 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
943 B 50ms
17ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 513639
x-amz-request-id: tx8a9eacc7b532418f8d353-00620977f5
x-amz-id-2: tx8a9eacc7b532418f8d353-00620977f5
last-modified: Sun, 13 Feb 2022 21:27:35 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jq2gFGXH%2FsPFhmwmbWLMYYW2cPUf0kv4yKucF0DPFr088xkxia5ghX6Ie9k93kevSjYsHVUzO05YD55hJlPf4u047vE1vBofXNkDdnesuSuVZwEMZXjB9SbNpIXlOe%2BRs7qniDmH%2F5tnW9%2Fc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1644787655409471
cf-ray: 6e02216989bb9078-FRA

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 42 KB
8 KB 246ms
210ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

47de3e0b41f9b017aa18bd88eab045f08a0de9ea26ca48b5c80fad4db5abca19

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 19 Feb 2022 20:09:01 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4c11cf92-522e-414c-ad07-5cebb6fb22d8
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://kooora4lives.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
576 B 291ms
257ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0f31d005ef59a76e769c39569dd29119890ea59abdac12d237185aa495fa6b6

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6e022169bceb913c-FRA
pragma: no-cache
date: Sat, 19 Feb 2022 20:09:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 32ms
8ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
347 B 415ms
205ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 102
vary: origin, Accept-Encoding

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 330ms
112ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
324 B 327ms
109ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
143 B 328ms
110ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
143 B 329ms
112ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 328ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 328ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 340ms
123ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
143 B 326ms
110ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 340ms
123ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
152 B 340ms
124ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 60 B
143 B 340ms
124ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
912 B 238ms
133ms XHR
application/json 188.42.29.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.29.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

GET
H2 200 ROS Show response
pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ 2 B
158 B 57ms
16ms XHR
text/plain 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ROS?rnd=0.13349960977352393&e=300x250_0%3A300x250%2C336x280%2B300x250_1%3A300x250%2C336x280%2B300x250_2%3A300x250%2C336x280%2B728x90_0%3A728x90%2C320x50%2C320x100%2B728x90_1%3A728x90%2C320x50%2C320x100%2B728x90_2%3A728x90%2C970x90%2B300x600_0%3A300x600%2C160x600%2C120x600%2B970x250_0%3A970x250%2B970x250_1%3A970x250%2B970x250_2%3A970x250%2B970x250_3%3A970x250&ur=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&pbv=6.7.0-pre&ncb=1&vs=FFFFFFFFFFF&crs=UTF-8&fr=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&e_pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Amersfoort, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:01 GMT
access-control-allow-credentials: true
server: openresty
content-type: text/plain
content-length: 2
x-sid: AMS-601

GET
H2 200 arj Show response
adipololtd-d.openx.net/w/1.0/ 73 B
379 B 82ms
25ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adipololtd-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=fa799cbd-2b3c-4933-8fa3-fc271472ac7d%2Cdf83df36-1924-434c-8221-5f8a6b982158%2C4390910b-e5a7-4130-bb21-1c3b43ea126c%2C6a8f2fb8-2fdb-4546-b3a5-d2080da4ecea%2C6b6ca547-b7f8-43a0-bda1-c8bf70de8abd%2Cb01c50c9-2c5d-42fc-b729-cd288281b0a2%2C17e755f7-db5c-4b98-9f44-b6136f2a84e5%2C652900d3-2d35-40ff-88ad-ce025c0ccd53%2Cc7cdc889-ca50-47f1-9c46-17fda6c503f1%2C8aa5621b-2cb5-4c6d-8a30-82918a128014%2C46f949a9-43b7-4594-b8a9-7fa2df8238c5&nocache=1645301341698&pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674&schain=1.0%2C1!adipolo.com%2C620a5acab6e80f22ac327b74%2C1%2C%2C%2C&aus=300x250%2C336x280%7C300x250%2C336x280%7C300x250%2C336x280%7C728x90%2C320x50%2C320x100%7C728x90%2C320x50%2C320x100%7C120x600%2C160x600%2C300x600%7C970x250%7C970x250%7C970x250%7C970x250%7C970x90%2C728x90&divids=div-gpt-ad-8176806-1%2Cdiv-gpt-ad-8176806-2%2Cdiv-gpt-ad-8176806-3%2Cdiv-gpt-ad-8176806-4%2Cdiv-gpt-ad-8176806-5%2Cdiv-gpt-ad-8176806-6%2Cdiv-gpt-ad-8176806-7%2Cdiv-gpt-ad-8176806-8%2Cdiv-gpt-ad-8176806-9%2Cdiv-gpt-ad-8176806-10%2Cstick&aucs=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C&auid=556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515%2C556544515
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 85dd140f4baab8e6605241f797355cd44662fad62533929b506690e40e9d4d6a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kooora4lives.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
217 B 72ms
30ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=93402531391

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 87ms
57ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8799049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 100ms
70ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d87d9049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 83ms
54ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d87e9049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 89ms
60ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8819049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 85ms
56ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8829049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
437 B 71ms
42ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8859049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
76 B 72ms
44ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8889049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 85ms
57ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169d8879049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 122ms
94ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169e89d9049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 92ms
64ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169e8989049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 84ms
56ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e022169e89e9049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
522 B 110ms
31ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.7.0-pre
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 79a0bfce16bca841a59d7a5d5a9ed95b22ff6dcadb97314cd96405a7a0241c53

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 19 Feb 2022 20:09:01 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kooora4lives.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
178 B 52ms
20ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:01 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 21ms
18ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2723 13 KB
5 KB 88ms
38ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:00:08 GMT
expires: Sun, 19 Feb 2023 20:00:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 533
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0C32 783 B
1 KB 134ms
49ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7358e901e1612a4feb4408bf49d642ab8ac978eadc59b2249c76335315fc8dc2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7AnvR80Rd+f7h5km4lg3fw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 19 Feb 2022 20:09:01 GMT
date: Sat, 19 Feb 2022 20:09:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7AnvR80Rd+f7h5km4lg3fw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 47ms
31ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 159286
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txa67bf61710fc42a8b1a1d-006209797b
x-amz-id-2: txa67bf61710fc42a8b1a1d-006209797b
last-modified: Sun, 13 Feb 2022 21:27:34 GMT
server: cloudflare
etag: W/"30fd6d2dd89cb7d26d6396caca2f6c6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAKEOte27MvsVBCp5gxPzRvftsYcLCaUz7LZ4uJOppy4Irzq7baYZFFYu8lkIabBfBFtmJcTKWV%2F8b70NxMr0RVi8Sa%2FYZnZIhr52oGSD9qcrK5GpswBoFWoBwiG1Tf5BjuPDeuCMV8lpn%2BJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1644787654356307
cf-ray: 6e022169d84491e1-FRA
access-control-allow-headers: Authorization

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 9FDC 2 KB
1 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=6371458341&adk=3595442130&adf=489705927&pi=t.ma~as.6371458341&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=225&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=453&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OyGx6InGxB&p=https%3A//kooora4lives.net&dtd=227

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FDC 124 KB
38 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 9FDC 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9FDC 0
0 115ms
115ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnrV0XU4RYqDOII797_UPse-6wAPJntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM2MTkxMzMwMzE1MDgyNjSgAdW20uoDyAEJqQKdKQweaf6yPqgDAaoEwQFP0FNR094ByCT44HcqdPGbH04ml1gC0nAemCI3rPxl9YGIU3sxHfcY9oF470BTrPI8jzexLzj8P4awj8T6Voh_AADsG0R_Sv8X0qBuXDK8tlAR9UxaorcLEvec45nG8fUnJCsY6yiZUkClTNsGisXjDNrTub2boY71rps3SxKKYZagcIpFk6OBU-sboIL1TzgdUV1ltp9oEuoaRCiXReHnnXey_GuARzkW5-FUHfT66g9MGR8UjzBl77icnAW1UaLdgAaHjY3bzaDM3PQBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMzYxOTEzMzAzMTUwODI2NBgA&sigh=hivmyY4Mwso&uach_m=[UACH]&cid=CAQSGwCNIrLM7vD9__Z3aGnMrrMEHmZgdhxWygCMhhgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=6371458341&adk=3595442130&adf=489705927&pi=t.ma~as.6371458341&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=225&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=453&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=OyGx6InGxB&p=https%3A//kooora4lives.net&dtd=227
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 19 Feb 2022 20:09:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 9FDC 0
0 58ms
17ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UOaXC8z6RMwImAKdg2ICAgAAAAxQiPt6zMqxEFxOEWLSWFj4ZACWfiwMIgAS&wp=YhFOXQAIJyAIu_6OAA63sUMp0yw_0Frtkht7oA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
server: Kestrel
server-processing-duration-in-ticks: 277560
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 7B18 143 KB
46 KB 270ms
120ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YhFOXQAIJyAIu_6OAA63sUMp0yw_0Frtkht7oA&u=%7CVACyndVA8BFnPx7UbU%2FRGKCOeR%2BweiQa7n0%2Bm%2Bj3dKU%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDZJaMXBGgBECvy_dgmu_qpkAWw7ewvaaNipaamzD3R31gTPUiwHbkoGL5TDbV3afaVojlSDxZ_7Q-_nAvxCeFhyL7IsckMA2YXQlJIwnCIYGxxhVW4jFzxu8ZIbhT_u65ru95pWNmkZ-4Ifk8Q6NGJIXRt7ljOWAYiNZENwZ31LDyxcCD3sMvQozJb6xBWO-4KaEorFUN_Y-wTtrLX1eav77hKyrrZcwpddCv3pSmbNBa8_1WwRJppuMAgM_Wg4r8fuBLycnP1aNpuEiN6pc4UOuGkyVhzRoJcbU8AzH0wh0IArHg1GfOcNfIuVktxtOKAcoK7_eeL8nSG-aZnEyO5dLX0VEAKIbVk8oDAgb8QRmrjD0k90SEeF5mSCJiHYgs0H-yEpoDDvJViVaFIO-Vk1etQ1fHVQHF&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClIVUXU4RYqDOII797_UPse-6wAPJntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM2MTkxMzMwMzE1MDgyNjSgAdW20uoDyAEJqQKdKQweaf6yPqgDAaoExAFP0FNR094ByCT44HcqdPGbH04ml1gC0nAemCI3rPxl9YGIU3sxHfcY9oF470BTrPI8jzexLzj8P4awj8T6Voh_AADsG0R_Sv8X0qBuXDK8tlAR9UxaorcLEvec45nG8fUnJCsY6yiZUkClTNsGisXjDNrTub2boY71rps3SxKKYZagcIpFk6OBU-sboIL1TzgdUV1ltp9oEuoaRGqVZHNgEuuhQ_eU5OkrQRldCf5M4CFUm6vcspaXUKawhIAf1bFi3FQBgAaHjY3bzaDM3PQBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1U7egpxWE4rxDQwqQCCJu7S0p_7Q%26client%3Dca-pub-3619133031508264%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

420cfa3da11ecc4d0dba0f14f66fe079ccb684646ef0c1193d9bfcc2a6874e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=RZFggy3z9h8Daic7BgvKYU7IWRZwSQtElP52e_s2YuY3kOGf9TYG-fNi75I46Hmt-DZsve5d2H3xejpbK5_0adwGC9ZG9jyJ8L44H4qkhCptRvUF1BuDC92i-ZacnV2WEPYhsN7HMYzVH52Z30IG3NzRbt7p4Bk7jhDf0CdNbzHI12jVLWYzT0vG-hzodt_NK6w1ekRgdslYyUkR0yojPEAFb5CBbK7eIa2vRbmNucxGglnFedhp582v9evWhtGNcc4bwg"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 102750082
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 2723 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 604F 2 KB
605 B 137ms
50ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=3745295006&adk=326657552&adf=3852535245&pi=t.ma~as.3745295006&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341162&bpp=1&bdt=2999&idt=251&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4017&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=j8HNWVgVux&p=https%3A//kooora4lives.net&dtd=253

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:31:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 604F 2 KB
904 B 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 397
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:02:24 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 604F 19 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:58:34 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 604F 0
0 121ms
120ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2UqeXU4RYuLcILHL7_UPoKeJ0AacmO6OYpXUgsKFDM_Dvt3LGBABIM7OhmhgleKQgqAHoAHjwKvHA8gBCakCnSkMHmn-sj6oAwHIA8sEqgTUAU_QLSyEu3Xadg41fbe4JpY8Ro2D6y-lC7Gm8rRaQR-VvjdKDf2FFwuFGHcAQILAwfw6yY9zEI2Nzy-UeYxWrF-NoQo0eJI_tZH_aC_ix1UeQ9o8em5_i-gUOC96x7yxN2DJ3mO2gvMavp0s1mCC0zTf34ndlPtJvzvy_vBCV8kAGelz846d3J7rYZGd7n-5r28koqkx_Oa8UJJ9JgTuEVyQ5D2mHdfjdyvNQWx7aIoIec9oblHQ4oOlq3DeoPUbS94Y4KlmpvWXrN4htq80wEl3TTaKwASylae9uwKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH0f-MJqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHAxCQNdIICQiA4YAQEAEYH4AKAcgLAdgTC4gUBNAVAYAXAbIXHAoaCAASFHB1Yi0zNjE5MTMzMDMxNTA4MjY0GAA&sigh=XOf9dwadUvs&uach_m=[UACH]&cid=CAQSGwCNIrLMLeL2De5Ybmby6-as34KA8lRo7w8IPhgB&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=3745295006&adk=326657552&adf=3852535245&pi=t.ma~as.3745295006&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341162&bpp=1&bdt=2999&idt=251&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=4017&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=j8HNWVgVux&p=https%3A//kooora4lives.net&dtd=253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 19 Feb 2022 20:09:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7341 2 KB
1 KB 116ms
47ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=4439429576&adk=1636138468&adf=583590995&pi=t.ma~as.4439429576&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=246&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=H47wo2U06N&p=https%3A//kooora4lives.net&dtd=248

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:26:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 604F 23 KB
23 KB 127ms
38ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTSVp9qbZrOVe86BNL2K5SFVEvqK528OA_4VcKsO-majkwdcU_K&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975870a576905cac3784587d8ac1ec7cdd44469e7a6c20240b7fb32b56543008

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 18:20:43 GMT
x-content-type-options: nosniff
age: 179298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23108
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 05:02:04 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 17 Feb 2023 18:20:43 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 604F 18 KB
19 KB 149ms
39ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRtqnP6dW7yZWsd8JME0q2hiaGBPEjRm5f4wqcPTG4bqnyD8Ag&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

496f0506f067b9d12292da403157663448e7d9a96da1b77d61c65e5c87ce9e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 16:08:33 GMT
x-content-type-options: nosniff
age: 14428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18492
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 13:17:58 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 16:08:33 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 604F 14 KB
14 KB 161ms
73ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcS27AbqMh3vbMjuoX3ColvJyQyUnGlGywUNz_T8HfmkWukwFse0&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aae2a9600f84efeb57ee4f6b81ecc3db0a920d145f1701d6313aeed9a8aa3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 11:17:47 GMT
x-content-type-options: nosniff
age: 31874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13892
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 11:05:02 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 11:17:47 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 604F 9 KB
9 KB 197ms
87ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSZVAj0tPO_p92w-idIVpGgmexmRlVO37ppg_ndRJe9-Ql6Z9s&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48782e40a118e879c461cda8345768ca277421d4a1c65c972e43c28d8e8f0965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 18:02:02 GMT
x-content-type-options: nosniff
age: 266819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8851
x-xss-protection: 0
last-modified: Wed, 11 Dec 2019 11:33:30 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 16 Feb 2023 18:02:02 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 604F 13 KB
14 KB 199ms
111ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRa_zpHoAjg8v6YH7ADWrjnD8FFQ2F-swYUTEag2JviXVp3GXrQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51204696e9c1f477b79b8ba0d78cbecf0f7245ca706a796ce4d6d9d6a73cd5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 14:31:00 GMT
x-content-type-options: nosniff
age: 20281
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13823
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 10:44:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 14:31:00 GMT

GET
H3

200

7103612115487317334
tpc.googlesyndication.com/simgad/ Frame 604F
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U
https://tpc.googlesyndication.com/simgad/7103612115487317334

5 KB
5 KB

41ms
41ms

Image
image/png

2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7103612115487317334

Requested by

Protocol

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24fe63307e2903b2a4b2d80c28383d91861dc9ade1b28feac920e9f5f7b7dddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 18:21:00 GMT
x-content-type-options: nosniff
age: 438481
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5156
x-xss-protection: 0
last-modified: Mon, 18 Nov 2019 11:07:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 Feb 2023 18:21:00 GMT

Redirect headers

date: Sat, 19 Feb 2022 09:55:58 GMT
x-content-type-options: nosniff
server: cafe
age: 36783
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/7103612115487317334
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Mar 2022 09:55:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0C32 0
0 89ms
88ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220216&jk=873873462402139&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 7341 2 KB
904 B 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 397
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:02:24 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 604F 2 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 604F 124 KB
38 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 604F 15 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H2 200 6db0573cb067ea4557d3af56fc7062b8.js Show response
www.gstatic.com/mysidia/ Frame 604F 28 KB
12 KB 126ms
39ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6db0573cb067ea4557d3af56fc7062b8.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 10:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Tue, 15 Feb 2022 08:01:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 10:18:59 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7341 23 KB
23 KB 151ms
84ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTSVp9qbZrOVe86BNL2K5SFVEvqK528OA_4VcKsO-majkwdcU_K&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975870a576905cac3784587d8ac1ec7cdd44469e7a6c20240b7fb32b56543008

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 18:20:43 GMT
x-content-type-options: nosniff
age: 179298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23108
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 05:02:04 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 17 Feb 2023 18:20:43 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 7341 18 KB
18 KB 141ms
52ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRtqnP6dW7yZWsd8JME0q2hiaGBPEjRm5f4wqcPTG4bqnyD8Ag&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

496f0506f067b9d12292da403157663448e7d9a96da1b77d61c65e5c87ce9e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 16:08:33 GMT
x-content-type-options: nosniff
age: 14428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18492
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 13:17:58 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 16:08:33 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7341 14 KB
14 KB 167ms
100ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcS27AbqMh3vbMjuoX3ColvJyQyUnGlGywUNz_T8HfmkWukwFse0&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aae2a9600f84efeb57ee4f6b81ecc3db0a920d145f1701d6313aeed9a8aa3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 11:17:47 GMT
x-content-type-options: nosniff
age: 31874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13892
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 11:05:02 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 11:17:47 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 7341 9 KB
9 KB 180ms
93ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSZVAj0tPO_p92w-idIVpGgmexmRlVO37ppg_ndRJe9-Ql6Z9s&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48782e40a118e879c461cda8345768ca277421d4a1c65c972e43c28d8e8f0965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 18:02:02 GMT
x-content-type-options: nosniff
age: 266819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8851
x-xss-protection: 0
last-modified: Wed, 11 Dec 2019 11:33:30 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 16 Feb 2023 18:02:02 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 7341 13 KB
14 KB 185ms
119ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRa_zpHoAjg8v6YH7ADWrjnD8FFQ2F-swYUTEag2JviXVp3GXrQ&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51204696e9c1f477b79b8ba0d78cbecf0f7245ca706a796ce4d6d9d6a73cd5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 14:31:00 GMT
x-content-type-options: nosniff
age: 20281
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13823
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 10:44:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 19 Feb 2023 14:31:00 GMT

GET
H3

200

7103612115487317334
tpc.googlesyndication.com/simgad/ Frame 7341
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCL57XsHBCABBiAATIIgoSA_Oqki0U
https://tpc.googlesyndication.com/simgad/7103612115487317334

5 KB
5 KB

38ms
38ms

Image
image/png

2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7103612115487317334

Requested by

Protocol

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24fe63307e2903b2a4b2d80c28383d91861dc9ade1b28feac920e9f5f7b7dddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 14 Feb 2022 18:21:00 GMT
x-content-type-options: nosniff
age: 438481
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5156
x-xss-protection: 0
last-modified: Mon, 18 Nov 2019 11:07:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 Feb 2023 18:21:00 GMT

Redirect headers

date: Sat, 19 Feb 2022 09:55:58 GMT
x-content-type-options: nosniff
server: cafe
age: 36783
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/7103612115487317334
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Mar 2022 09:55:58 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7341 0
0 120ms
120ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGoWKXU4RYrzhIL777_UPgqq-8AicmO6OYpXUgsKFDM_Dvt3LGBABIM7OhmhgleKQgqAHoAHjwKvHA8gBCakCnSkMHmn-sj6oAwHIA8sEqgTOAU_QhLyo2M8TesZUYwND39FeUKOaCJ_jDbKuuS-E9JxdJFFd8Cglbfdvk6Ujcai1_gnNqQVynSn7OjobBW-YXp1kZO0MYsz7R_eheCx3tR3tiOPSPJ_6caLtR_MjOFgCZwXIT8dGhzoMzw3ebw0SCgSBKmD2fYeyByoKAFIUb2SRPwi0ZgI6ss6Iq2dgx4dNPJGQgmSjhpCKXg1wf-hnaQGSrwCt6afYmqG9aG4q4M_XM550-theCWgFn-1E_kQD_xeIuCrHI9vd05x8d_AMwASylae9uwKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH0f-MJqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBDXpgTSCAkIgOGAEBABGB-ACgHICwHYEwuIFATQFQGAFwGyFxwKGggAEhRwdWItMzYxOTEzMzAzMTUwODI2NBgA&sigh=qVEHoHiREsc&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=4439429576&adk=1636138468&adf=583590995&pi=t.ma~as.4439429576&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341161&bpp=1&bdt=2998&idt=246&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1100x280%2C1100x280&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=H47wo2U06N&p=https%3A//kooora4lives.net&dtd=248
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 19 Feb 2022 20:09:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 7341 19 KB
8 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:58:34 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 7341 2 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7341 124 KB
38 KB 84ms
83ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 7341 15 KB
6 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H2 200 6db0573cb067ea4557d3af56fc7062b8.js Show response
www.gstatic.com/mysidia/ Frame 7341 28 KB
11 KB 103ms
45ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6db0573cb067ea4557d3af56fc7062b8.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 10:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Tue, 15 Feb 2022 08:01:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 10:18:59 GMT

GET
DATA 200
OK truncated
/ Frame 9FDC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f7a5c2a5b6e679fb4aec8a4be6c7b3f6ed9346ac76fc69a6de91e27eae684aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 604F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c71ea109cef72aaf3121a2adeef6275f77331cf43117eb9b04c72ac78ef4e851

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame E829 2 KB
537 B 95ms
48ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=5249431448&adk=3989702682&adf=3501923860&pi=t.ma~as.5249431448&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341159&bpp=2&bdt=2996&idt=219&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=DqKBELWXME&p=https%3A//kooora4lives.net&dtd=223

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:17:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame E829 2 KB
904 B 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:02:24 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v20/ Frame 604F 20 KB
21 KB 124ms
40ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v20/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 19:31:22 GMT
x-content-type-options: nosniff
age: 261460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:58:54 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 19:31:22 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame E829 19 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:58:34 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame E829 2 KB
1 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E829 124 KB
38 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame E829 15 KB
6 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 200 6db0573cb067ea4557d3af56fc7062b8.js Show response
www.gstatic.com/mysidia/ Frame E829 28 KB
11 KB 88ms
40ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6db0573cb067ea4557d3af56fc7062b8.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 10:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Tue, 15 Feb 2022 08:01:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 10:18:59 GMT

GET
H3 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 17D4 6 KB
3 KB 88ms
40ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 3114497524627790778
tpc.googlesyndication.com/simgad/7433325461663005307/ Frame E829 22 KB
22 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7433325461663005307/3114497524627790778?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

327df148fcc553459bda0b4d7f4ce2e14e59816e2a47360d20ceea7f114e849c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 20:12:55 GMT
x-content-type-options: nosniff
age: 172567
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22091
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 10:42:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 17 Feb 2023 20:12:55 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1362569788390309576/ Frame E829 1 KB
1 KB 54ms
54ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1362569788390309576/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae57327425f6c8bf113115125d8b96902294e7552bb08dc989abdcce89b7e1d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 16:02:21 GMT
x-content-type-options: nosniff
age: 274001
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1472
x-xss-protection: 0
last-modified: Mon, 16 Nov 2020 04:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 16 Feb 2023 16:02:21 GMT

GET
DATA 200
OK truncated
/ Frame 7341 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fef766f3df5eefc3a866123e0ee8474d5e0e41cb8f8e9781b856cf355a174ea4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E829 0
0 116ms
116ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHjPhXU4RYszqIPeB9u8Ptc2byASx18O-aJeyx9i-D9K8iMiQDhABIM7OhmhgleKQgqAHoAH-nJOcAsgBCagDAcgDywSqBNQBT9AXRp9tYzFZbcxXacKrCzXPbYJF05CnxiLTfLieumBeky2LyibnDE6qEHKRTOs0-CeRdUjB3AvYAIxhOv8lnvcU96MsuDqdT-mF3xjzoCDUrunOFxkzfmzJg5OjUmGM0lxs_ej6nHgZpGozHH4XLvEYeXfXGnkdFdFCeJ4mmZDhFFF_L0xDwtqMHXclcqCWuMGCvNdRMZiFEJ0piHAoTn6ywBsbfZnjT-RBemo7sz4SOgZn_llEYyO9T7FApc_44Q54wNy8IPXh2dEXcia32-opkZPABJWe88rvA6AGLoAHjpn1bKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEIP0EdIICQiA4YAQEAEYH4AKAcgLAdgTA9AVAZgWAYAXAbIXHAoaCAASFHB1Yi0zNjE5MTMzMDMxNTA4MjY0GAA&sigh=Utpe1Jrn_4s&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=5249431448&adk=3989702682&adf=3501923860&pi=t.ma~as.5249431448&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341159&bpp=2&bdt=2996&idt=219&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=DqKBELWXME&p=https%3A//kooora4lives.net&dtd=223
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 19 Feb 2022 20:09:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v20/ Frame 7341 20 KB
20 KB 76ms
75ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v20/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 19:31:22 GMT
x-content-type-options: nosniff
age: 261460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:58:54 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 19:31:22 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 227 KB
45 KB 506ms
506ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=873873462402139&correlator=924241011167443&output=ldjh&impl=fifs&eid=31064986%2C31064868%2C31063911&vrg=2022021502&ptt=17&sc=1&sfv=1-0-38&ecs=20220219&iu_parts=7047%3A202189885%2Capl%2Caplmcm7047%2Ccube%2Ccube2%2Ccube3%2Crich%2Crich2%2Csky%2Cresponsive%2Cresponsive3%2Cresponsive4%2Cresponsive5%2Csticky&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F4%2C%2F0%2F1%2F2%2F5%2C%2F0%2F1%2F2%2F6%2C%2F0%2F1%2F2%2F7%2C%2F0%2F1%2F2%2F8%2C%2F0%2F1%2F2%2F9%2C%2F0%2F1%2F2%2F10%2C%2F0%2F1%2F2%2F11%2C%2F0%2F1%2F2%2F12%2C%2F0%2F1%2F2%2F13&prev_iu_szs=300x250%7C336x280%2C300x250%7C336x280%2C300x250%7C336x280%2C728x90%7C320x50%7C320x100%2C728x90%7C320x50%7C320x100%2C120x600%7C160x600%7C300x600%2C970x250%2C970x250%2C970x250%2C970x250%2C970x90%7C728x90&prev_scp=hb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Ctest%3Drefresh%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Da930ac425e81a615%3AT%3D1645301341%3AS%3DALNI_MYCle3qGP99icq8_BLxkPwG1KJybA&bc=31&abxe=1&dt=1645301342128&lmt=1645301342&dlt=1645301338163&idt=3416&frm=20&biw=1600&bih=1200&oid=2&adxs=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=1799877694%2C2558241145%2C2570381884%2C2291805764%2C3653538567%2C289759596%2C1157298799%2C3118294158%2C4275292512%2C2753769577%2C3317283087&ucis=3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&vis=1&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=true&fws=2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

d9aa195ab3b1ecdc60aa513adee801ae6d45bb8254f4c7e3e135b553226fee8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45811
x-xss-protection: 0
google-lineitem-id: -1,-1,5818019657,-2,-2,5850403633,-2,-2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,138374037645,-2,-2,138374456572,-2,-2,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F5D2 6 KB
3 KB 39ms
38ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E829 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebd6473658a5665ed104b4e2ac49203e198d091b8ecd601489cb33d57ae32abb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 7B18 2 KB
1 KB 50ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YhFOXQAIJyAIu_6OAA63sUMp0yw_0Frtkht7oA&u=%7CVACyndVA8BFnPx7UbU%2FRGKCOeR%2BweiQa7n0%2Bm%2Bj3dKU%3D%7C&c1=glLBMxGOcDk-vbOOpZWuiwL9OpXS6gVV0_Ig_J1IpPwRDCJxJvxJzDfeVglSmwvDZJaMXBGgBECvy_dgmu_qpkAWw7ewvaaNipaamzD3R31gTPUiwHbkoGL5TDbV3afaVojlSDxZ_7Q-_nAvxCeFhyL7IsckMA2YXQlJIwnCIYGxxhVW4jFzxu8ZIbhT_u65ru95pWNmkZ-4Ifk8Q6NGJIXRt7ljOWAYiNZENwZ31LDyxcCD3sMvQozJb6xBWO-4KaEorFUN_Y-wTtrLX1eav77hKyrrZcwpddCv3pSmbNBa8_1WwRJppuMAgM_Wg4r8fuBLycnP1aNpuEiN6pc4UOuGkyVhzRoJcbU8AzH0wh0IArHg1GfOcNfIuVktxtOKAcoK7_eeL8nSG-aZnEyO5dLX0VEAKIbVk8oDAgb8QRmrjD0k90SEeF5mSCJiHYgs0H-yEpoDDvJViVaFIO-Vk1etQ1fHVQHF&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClIVUXU4RYqDOII797_UPse-6wAPJntKxXMWymPdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM2MTkxMzMwMzE1MDgyNjSgAdW20uoDyAEJqQKdKQweaf6yPqgDAaoExAFP0FNR094ByCT44HcqdPGbH04ml1gC0nAemCI3rPxl9YGIU3sxHfcY9oF470BTrPI8jzexLzj8P4awj8T6Voh_AADsG0R_Sv8X0qBuXDK8tlAR9UxaorcLEvec45nG8fUnJCsY6yiZUkClTNsGisXjDNrTub2boY71rps3SxKKYZagcIpFk6OBU-sboIL1TzgdUV1ltp9oEuoaRGqVZHNgEuuhQ_eU5OkrQRldCf5M4CFUm6vcspaXUKawhIAf1bFi3FQBgAaHjY3bzaDM3PQBoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1U7egpxWE4rxDQwqQCCJu7S0p_7Q%26client%3Dca-pub-3619133031508264%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 7B18 2 KB
1 KB 52ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 7B18 308 B
636 B 34ms
31ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 7B18 507 B
835 B 19ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H2

200

pvs.gif
ssl.hurra.com/ Frame 7B18
Redirect Chain

https://ssl.hurra.com/pvs.gif?cid=4557&tid=24538
https://ssl.hurra.com/pvs.gif?bd3p=1&cid=4557&tid=24538

43 B
165 B

12ms
8ms

Image
image/gif

62.144.160.15
ECOTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.hurra.com/pvs.gif?bd3p=1&cid=4557&tid=24538

Requested by

Protocol

Server

62.144.160.15 , Germany, ASN12312 (ECOTEL, DE),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: nginx
strict-transport-security: max-age=31536000
p3p: CP="NOI CUR OUR STP", policyref="/w3c/p3p.xml"
cache-control: private, no-cache, no-store, must-revalidate
content-type: image/gif
expires: Fri, 10 Apr 1973 05:00:00 GMT

Redirect headers

location: https://ssl.hurra.com/pvs.gif?bd3p=1&cid=4557&tid=24538
date: Sat, 19 Feb 2022 20:09:02 GMT
server: nginx
content-type: image/gif
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP="NOI CUR OUR STP", policyref="/w3c/p3p.xml"

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame 7B18 43 B
347 B 186ms
19ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=k_299TOliaIZm4VHUnRgwBa5mtW8TPj2xqkwx_zPCUBstY7HOeg_u7s0GO0HAfGdWIY-pTfeGCNq8i78ig4-VZ9xiJLE59vf57CHbC61CMVlKr9t1tvcqbuFlX8ZeOjfYKPNhFNAja6PUG72X7Wb_vKYAKtY0ZhfEOyt2qt7cRZjJLme_WP40wez-MwVUUvNv79n8VtVgWQE1E5vqF7PjMgSbv_BXxPtl4DJIxPlnHqA5wV79aXYzifH5MHahxDMQvgdyDNEjSBXtHKpH3A7GL_KH1WrqCdYlDIv0u-RZ8gEKh1FjIErkg4RO1GvBQdXnLyM1l_EI2hodsHA7wmOE7gAeSoiA0YUMx1cT03TPmYwGATQUEaQg_JIQC4UeGPVl5MYgjQkgAuwtyJyip70_FMm31oL1fvJl4km2jGNm-LcjPOgPDIFLndAGxVNiAv_9brYLw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:01 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2991032
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E829 15 KB
15 KB 89ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 349753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 18:59:49 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2723 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vb_DNA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame B66C 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 37E1 35 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 7B18 12 KB
5 KB 57ms
36ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 170848
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=csu754gnOV9vlY3y1MVWMd8UEdA5Pc4AgNvAWR%2BEaYN4a4RQN4MsUt1IlNF3vmKxZzt7cg20vRbrLsAdUD%2BkjAQN%2FpLJTl3XxVmGZeS39ISbVRVWSKWjzrLYTdu%2FSFIZODMsW2%2BFAKf5ifwOCVoGi6%2B4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e02216d1925697f-FRA
expires: Thu, 09 Feb 2023 20:09:02 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 7B18 12 KB
6 KB 19ms
18ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 17D4 4 KB
634 B 49ms
49ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:16:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6E09 8 KB
892 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3ad8c90cec1318c90852dc018d75e7afadcb71c36508344fc1c133021007bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:27:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E09 2 KB
904 B 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:02:24 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 6E09 19 KB
8 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:58:34 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E09 2 KB
1 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E09 124 KB
38 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 6E09 15 KB
6 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 200 6db0573cb067ea4557d3af56fc7062b8.js Show response
www.gstatic.com/mysidia/ Frame 6E09 28 KB
11 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6db0573cb067ea4557d3af56fc7062b8.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 10:18:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Tue, 15 Feb 2022 08:01:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 10:18:59 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame 17D4 19 KB
8 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19d68d8c9b0afec111ca934d319c454fe9d57234d8915b2d837e36d54410ddf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 794
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8146
x-xss-protection: 0
server: cafe
etag: 10717154116364420598
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:55:48 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 17D4 205 B
229 B 42ms
41ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:28:15 GMT
x-content-type-options: nosniff
age: 9647
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 19 Feb 2023 17:28:15 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 17D4 604 B
628 B 42ms
42ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 12:36:53 GMT
x-content-type-options: nosniff
age: 27129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 19 Feb 2023 12:36:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 2 KB
2 KB 221ms
65ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=55963&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F55963%2F210714%2F216e5dfbbd934c2e9d414417ae749913_coeur_de_lion.png&v=3&w=496&s=_IKSgsKXP3UYjMK-Gl-jkhGE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2d2f1fa5f826c9709600c5c5df00962a23b9086873eff45e0e4b72996259c457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30790829
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2155
expires: Sat, 11 Feb 2023 05:09:31 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 88 KB
88 KB 181ms
25ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=55963&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0342%2F5982%2F8869%2Fproducts%2F5074300235-1.png%3Fv%3D1629872975&v=3&w=800&s=ik2JulmcU6aBtpIiaWJLP3QF&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7cee0a6fb3fdc11cccc6eccc2161a9cc8ca10b4cc331338e41a6464cb2103828

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30917336
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 89740
expires: Sun, 12 Feb 2023 16:17:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 105 KB
106 KB 211ms
55ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=55963&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0342%2F5982%2F8869%2Fproducts%2F6024501919-3.png%3Fv%3D1642510351&v=3&w=800&s=CSLJaEM-Qgm6et2LFiYhenqW&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b6a73c0fe653467d00b943fa1add3ccd0fe0bc96691ae47d2d30e5a18c990cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28874378
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 107850
expires: Fri, 20 Jan 2023 00:48:41 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 48 KB
49 KB 205ms
49ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=55963&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0342%2F5982%2F8869%2Fproducts%2F5033100624-1_be56390f-85d2-4405-a144-4127f0d1af40.png%3Fv%3D1596742111&v=3&w=800&s=R3IF14b3zhcpexw8QcSFNPrd&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4c0e8eb5f9a5e0fdacb5a07df9135c9cf978aeaeb88f03aa5049b48184bc94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=28917753
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 49638
expires: Fri, 20 Jan 2023 12:51:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 88 KB
89 KB 213ms
57ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=55963&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0342%2F5982%2F8869%2Fproducts%2F5033300624-1_31ec3e77-7e1c-4b5e-8194-6dc5de177611.png%3Fv%3D1596737638&v=3&w=800&s=UCmfwXCfhBmURH5Mp-b7z3Ni&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

04b2b7a53ae50067242578612bf04ecc7f3e3541d2f0abacbdaed4c43174bda7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29039076
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 90558
expires: Sat, 21 Jan 2023 22:33:39 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 7B18 0
127 B 68ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=RZFggy3z9h8Daic7BgvKYU7IWRZwSQtElP52e_s2YuY3kOGf9TYG-fNi75I46Hmt-DZsve5d2H3xejpbK5_0adwGC9ZG9jyJ8L44H4qkhCptRvUF1BuDC92i-ZacnV2WEPYhsN7HMYzVH52Z30IG3NzRbt7p4Bk7jhDf0CdNbzHI12jVLWYzT0vG-hzodt_NK6w1ekRgdslYyUkR0yojPEAFb5CBbK7eIa2vRbmNucxGglnFedhp582v9evWhtGNcc4bwg&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 19 Feb 2022 20:09:01 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 7B18 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 7B18 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:09:02 GMT

GET
H3 200 d236ac784afdc66bd75f55f83c8bc285.js Show response
www.gstatic.com/mysidia/ Frame F5D2 8 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/d236ac784afdc66bd75f55f83c8bc285.js?tag=client_fast_engine_2019

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0280b5ec07025974d745833d91f3f71aff053cdb5aebbe37ab368b0284a56f81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 07:53:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3664
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 07:40:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 07:53:58 GMT

GET
H3 200 183e81cf418ae9e3163ef6dfa78a321c.js Show response
www.gstatic.com/mysidia/ Frame F5D2 9 KB
4 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/183e81cf418ae9e3163ef6dfa78a321c.js?tag=core/maui_delegate_info_icon_v1

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef6fa9b042e6a16b8557219c0358e7d684206224fd10762e52db97effabfdb4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 08:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3803
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 07:40:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 08:13:52 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F5D2 4 KB
618 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 18:26:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame F5D2 2 KB
904 B 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:02:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:02:24 GMT

GET
H3 200 ac1480f076ca061f154672ec07ee45ea.js Show response
www.gstatic.com/mysidia/ Frame F5D2 19 KB
8 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1480f076ca061f154672ec07ee45ea.js?tag=exit_2019

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d32dc522b5e62d7525e3701ac1c8e8c6e7559ab329814177aa7bfad4ad9353f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 07:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8107
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 07:40:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 18 May 2022 07:54:42 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame F5D2 19 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 19:58:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 1930320615972901081
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 19:58:34 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame F5D2 2 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame F5D2 15 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F5D2 0
0 98ms
48ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTCVKbXKMabnXbBgK9lzav_Hu8BIuJpMe86goCrsg2ZmQcXk_wtGsZpzi_xSwHtso7KPBhZntVHlKkAd-fv4ZSB-zuWgQ
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame C208 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 42B7 143 B
163 B 40ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:04:56 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 246
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 831C 1 KB
749 B 37ms
36ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 19 Feb 2022 05:53:44 GMT
expires: Sun, 20 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 51318
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame 7B18 1 KB
450 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Josefin+Sans:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

487f4e277ea60147de9d3f5825d789c48517cb2c37715ad0fa2cec96808e6bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Feb 2022 19:58:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 19 Feb 2022 20:09:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Feb 2022 20:09:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220216&jk=873873462402139&bg=!TU6lTgrNAAbf-5Dq3_s7ACkAdvg8WocusDkG7hDhTKFEiw0kTOiRN6uGtZw4LkaiIaocNeN_A1HYSAIAAAFxUgAAAAJoAQcKACOUxsW4EArfKF-UANvUgmkYLUQWwZPouIH-fpiqiJ5MVaDXoJkCpAH8WPn0QkjcCKXgA0M6Exx2h3xnjrUka-GzOpVpS5rXUcmB2JIs_d07EUrmI8i1iAk_IRQ4uyznKUhOYtYloteyzSJSwAVLmQ2DBTks4EhEl-vlMRUpnXNlNZKGn_A-WGlkm2VAyv-Il2iFMLkkspXnxvkWaLC5V8_cPhSei3nXn83Ht7CW8BUO5pdbFIYMS3B1RkkxRcW4tXwCNnaH8t9Q319YreV-ufo0fiSv0pZ6siLVCuw0MND6_6Erqp8E4emK9ZUZm4gVTPvg_v5DfUcP__BHp9Aos-x8xjEJAkGJ3ntVf1LjnGtLQd8se5hthh7rx7jMEGaq-IV8tck4Q8jLqp3zpRa-Z5TmlQ3PIOS8A5myEp9866zRrJrCcyMIm2hyW6fS6Ei7Ar1Gf42wGPgddld_FRKnkQriXehl-blnFlPA98y8CYecWjnUAq61sshKgYi6azmESYGYTPzu0PGIBK6423HCI1LLloxGWibtjm0jsnl-kdBJTVoSQt6r7G8QTL1LYqHDGbwgpSMziaw7o8QGelGEzFEwSLs6qyxrxgVFRUe5LIYdtRYUwgTWyMTqaVn70D1Bd37vaGpQvy9zyrkyEW2tDJfsUSTI5dtSAzaAWou0MiFpAwnCV1oqenERe9SX0bcN5y2oDSREP4sKCem4gRmsmljLJQvFBCh0_-APKFaV5scaRAyze9mVSk5vvGSEDxpGgpgcE3Rok6wwOdonuQ681FED6wKyegE6pqoPfqBYZWjsUe4loShuMTE-mQZr2SZddcwRqEMYWOyY6VjkhUrDt79mm0T2X2jePQ_JTsskjghuymogxJACGQ4dGPZVhS22UCku6ojvQySSrJnwt_BS5ynrP1kqUwOBEEvnoEILaHeaVo25WQlfj2QIMXI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 195.461912c47007775093ae.js Show response
s7.addthis.com/static/ 384 B
538 B 105ms
104ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/195.461912c47007775093ae.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-180"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Sat, 19 Feb 2022 20:09:02 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 298

GET
H2 200 159.1c3fceccbc80f2a3615f.js Show response
s7.addthis.com/static/ 564 B
634 B 181ms
180ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/159.1c3fceccbc80f2a3615f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-234"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Sat, 19 Feb 2022 20:09:02 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 394

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
259 B 233ms
146ms XHR
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
surrogate-key: sFbt=https://kooora4lives.net/home/
last-modified: Sat, 19 Feb 2022 19:00:00 GMT
server: nginx/1.15.8
date: Sat, 19 Feb 2022 20:09:02 GMT
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 35 B
288 B 657ms
570ms Script
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&callback=_ate.cbs.rcb_2o6o0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

97654894d2633abe25bbd287bc1e82cc5adce08c3db329bb8c618444f75c67a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: kooora4lives.net/home/
last-modified: Sat, 19 Feb 2022 20:09:02 GMT
server: nginx/1.15.8
date: Sat, 19 Feb 2022 20:09:03 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 55

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 35 B
288 B 531ms
445ms Script
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fkooora4lives.net%2Fhome%2F&callback=_ate.cbs.rcb_djjl0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

1f5379be9ef8a74cb98ba69644d1f057db485aaeff192bf08a92ab4712a7b6bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: kooora4lives.net/home/
last-modified: Sat, 19 Feb 2022 20:09:02 GMT
server: nginx/1.15.8
date: Sat, 19 Feb 2022 20:09:02 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 55

GET
H3 200 Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2
fonts.gstatic.com/s/josefinsans/v23/ Frame 7B18 11 KB
11 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v23/Qw3PZQNVED7rKGKxtqIqX5E-AVSJrOCfjY46_DjQbMZhLw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:400&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45deb68232bb5d9ce23bb076bcc71c1f248f8177b00a86aaf13040427050038f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 18:53:04 GMT
x-content-type-options: nosniff
age: 350158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10808
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:37:12 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 18:53:04 GMT

GET
H2 200 13588257655538524337
s0.2mdn.net/simgad/ Frame F5D2 933 KB
934 KB 195ms
78ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13588257655538524337

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

894fed31670f2df43b7fdb18514db3246dd7936fc5ce2ea525620cd33e9b468c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 14:16:46 GMT
x-content-type-options: nosniff
age: 366736
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 955590
x-xss-protection: 0
last-modified: Mon, 03 Jan 2022 10:59:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Feb 2023 14:16:46 GMT

GET
H3 200 container.html
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F5D2 6 KB
6 KB 39ms
39ms Image
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3108
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/html
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 19 Feb 2023 20:09:01 GMT

GET
DATA 200
OK truncated
/ Frame F5D2 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 1691707503110899632
s0.2mdn.net/simgad/ Frame F5D2 506 KB
507 KB 154ms
38ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1691707503110899632

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f8d022015ffa2ea08110580dc3649e5afb4e10b1f28feb02bd82ab5db5d687e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 06:02:29 GMT
x-content-type-options: nosniff
age: 396393
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 518262
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 17:16:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Feb 2023 06:02:29 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F5D2 0
0 64ms
63ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8n1dXU4RYtbCKJKMlQeig7rgBN6_jrVo1MKj39EPvf6sn8cuEAEgudvzJmCV4pCCoAegAdHQ0MkCyAEGqQKdKQweaf6yPqgDAaoE7AFP0L7Ickyy5VXjAE493UX8q9IIkUXxZ076gxO11kQPW0V9whNHX0Mi34vwp0qyOD18nREn3khDv9cLWEDcUHmHSM5bx_gKQIPhwyRub_7iVbxpQ_qKh7VxM_HP68GR1W9z9tntnh62RIdmuZ6CodYdBWW9YGbXt4FwkatIdNNuIlfswcCzT97fcy07mPlI50FBGevlnIM-wMrH6py_MtbiwAzC5ThPBlqYERLvHzlvqyzzOfmnppQu9OBVIdh5t3-XL8u8dnlWCTBtzF_PWtP-y4JCREwlxQe9gAQmZsTEhaHxPuvU9iXR0ZfR2sAEoauo_5cD4AQDiAXc9NmHKZIFBggDEAUYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHl6-vtgGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHChD0nAQYhoTJvgHSCAkIgOGAEBABGB2ACgPICwGwE6uXjg7IE6fuugjQEwDYEw2IFAPYFAHQFQGAFwGyFx4KHAgAEhRwdWItNDkwMzQ1Mzk3NDc0NTUzMBjkww4&sigh=A1epyaYp5nE&uach_m=[UACH]&cid=CAQSPACNIrLMqETDOBBhHH5TH2rSzVwk1N9Y25RUbXe6niy31LEIJi1Q8ulh-1-yUjrGgm_y4mUvsxKF2zdRYA&template_id=509&vt=10
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F5D2 0
0 64ms
63ms Fetch
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CYwrFXU4RYt3CKJKMlQeig7rgBMLG3Kpo9ojZ-6gPgL3lyPowEAEgudvzJmCV4pCCoAegAbn1xJQByAEGqQKdKQweaf6yPqgDAaoE7QFP0I6lOnptJNv_gfVkMqamTO6aBGIgynZjuOKDECehebPnDh2bCv4s1pcmiiz7uQQgtkG3sAEDXqhIN4jKl5IwUXsP2zbrm9rYMqrjTaW8SvjBgC_KWTO2gBx2KcFYXyPl00SMaFEmqgEKgMJaikbk-9sM518RBDW_JnPBVK8mSGLcMudQh3VlfhqfycpcXVjuKJskwKtVZc71ZSI7fS-QTDIEYUIOd3KnMrE-MwIFbMjvhLU_vceggpV1a-k4Zd9oAL8QD44hTv92QAFW05keFWoe86Y5zm9dtZuMDyULqbBxnZbQ3gTKD-MS0ILABJj5_rOJBOAEA4gFt_DUmjySBQYIAxABGAGSBQsIIhADGAFIr96nAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHr4q76wKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHChDBxwEY5azhwQHSCAkIgOGAEBABGB2ACgPICwGwE4ajlg7IE7ztkd8D0BMA2BMKiBQB2BQB0BUBgBcBshceChwIABIUcHViLTQ5MDM0NTM5NzQ3NDU1MzAY5MMO&sigh=ujssgbHz2tw&uach_m=[UACH]&cid=CAQSPACNIrLMqETDOBBhHH5TH2rSzVwk1N9Y25RUbXe6niy31LEIJi1Q8ulh-1-yUjrGgm_y4mUvsxKF2zdRYA&template_id=509&vt=10
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F5D2 42 B
63 B 61ms
60ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFklh66DVjlTxluh_v-SRkJtdcQbSoHjCIObANDj7pulp-xS-M35xSvTlCwdko3tFmufERM45nEkuDz6n7QgTnY8hkCxH1Aj0nxVSZ6sjjIjmzAyZRlYZySJsZ5FY8yxLIemlkAwxMMX6kG5MBavXNmrv6AQ&dbm_d=AKAmf-Bhf7T5t_OhTrtdHKV_shnX4Cr-wT7nxHr79TlTToWN2dOSDkq-zseipTYvWIl1n27EOsnwP2Jy_ahqBUP_4cHOyhOkAOk7ZDTjQBWSoxKjm2Y1ERt1W3seo7QBasYuF_T-Y8SlppOojCMM5jPO5E55LQtqXXEK2Doil_QT2017Mp1s-6-7wZivyVt8L0RMPffB0lL9VvsoYHL-5JdeFsQIB7YQ6jWHA5P5waqZ2Z23SfXAAb02RfIDGrNH0snn-vQZt7Y324dvtzURscbeH6UA2HMIcIXY1TJ0a16DZ_MqWPkHXzg6xdn1Q9DBcw2Xy5EBcvbbVToIxVj_jHdv34gGnl92IZcBMRbVMjIjScBiHws6mk4Vn0pu1x6gnRZAqgId5JzrL2duQnih2ZD9TlYRqZxDTASbrAs8PaFB7tBzZ4wxV_OKWCP66jYCRCNtlkudelFroKMEHDOOQW0I-qHeNp4sfLRjWmlnaGlOfouKeWScyGlCBjo_7TXdqNnEAAPb7ehIJNO39NtGM0YewpuR831CjmpkZtqbayuSOI4zQgLXpQ_55vsBPQ1gurOw3S9GLlOB9WMt9YDIlbzf38bqDDq6B-i_YY1BlGx9mmaq5lsR-IUl3tKVw_9LrVYmlG3nIpJogpNG7GllaA3-wfHHirfeeD8G_XC_ipMKzC3ZE_NMLGApCR4dQvaZAtx5zFL9CmRWUYbr22wfp64HMat7mSQRtCn3qJ7rYQMvht7wRiTn4E21G7nnnr-4HGx469zKuvJNjFkMo7hOWVvUp8_bM5wMMLfnRLvANcM6l91j39JFYxty4_2o8FOwq8eHxzXkDc0MyugcvxAMbE9KPdWtTR4wF5TpWFjoeP9WLOXFosvMRJ_UFlR47iuq19Byo9W0a04ys7TCdFa_yn0IoVTpofJXaigtfJBD6XCtY1Ig4kCgcQ2VCkF6uXe00KTWFHbfayzVaxvpf-_Pz1KpRdOLAUc-42QQM0D0zTz_83p3qySBye8pnoG0eZY9Tnln3P8-7HMbELuz0-9BFeTDF22R2QFY2wuQKqI17n0shIVK9FAgVN61hNWvL-FYQdv0fan2T4-75lezzwvXD4IpIQVzQR5eG-pQ-ase-rRcxdAXEwz_aj8l7SmPep2F6dFcopWSmBmap2eoLZgX0cW9vx_Q4XSk2Mc7dRrGvkATDHxwBh1u8y-qFwykh84d5DGY7Bfq9JqRxjbbMyZFEWwQXXvAtVifMCVzBlVQD1U16yh7bxlCDYsnfVqLVhHSwVFjJufGL86H4fJ1I-jRAUPr95LxQNoghtD82p1gkMFsvhqidceh9Uihuma0CDGCy_eXC9UTDUrajDfcGNDG2SFEm5dlewo4oJGS6oTF-ASB6cuAwD3MUlT6x-Gzd9OcBc3dqzNNboIz2MdfJ4BjRznjsmPqN_z3iOjfEfsqQbUIpopFvmbTPE3itE4SRHgzxNZN5GUH7K_Z0ZKnwr-AaSdjFnfe--plMcxpz4Oh9cvWE7gJwBnTEokn1X5DKy8ctS9es479eW9psriPEnuANFwy4Yk4hjVsBzFOkPqPuK5_DfTCiqGfygoBwxxWVAnweYCgn1kRl4Jr-z11pJZ0b-MFYsEaf-y-lyYH75-qvucNYxGBPkSLW126snu7fDcO-InJnHw5qbibabiLpaNzs3LJVN3bFiVdIRzCHFTNTTBgD-hvrmVyxHkcUPsetqnLVVFFkgfaZ499J99NglPrIIMw3IU3QHowH84Y5ojukobLgkCh_j8yjks7uA7uqmip_ATywbVwAp30lOnrz6swYQQ8noxlUI5AQrEkDP0TodeqTRyqwaPNxXPvhc0VFj8PNnIygGKInb-SXAmFsaTpXSuEAALot7vM5oMNjC0emgG-hRLalWpY9nvP9ka--qthsn8udP_HfYTgnVkyoT4cwgFgLGDmYdc_msx0Ip3ujqpds_WZ6CmoJlx0r2iWq4VR5Rq9mHfkn2ySO4TF4ya-4XdCJWd--Z2bZPrdVdgL-bPh67YKViyURmyZlb-cTF2cWJdeW2EPHqD_t4dXFNLvCH3R8U9fPIsCbIHK0PeDJYMJeSdByrXtyaaCiK-jF-hXX1uCBLacPNFTBmoBf1W2HInbtcWNmSXTYXJ4mK8UZZc0kcfj-sNx0wJjYG5ogVzeU1FfhL5QpdPloRb8ULYYxJBoKGJejcJB9GOphvzZMAkVJyJYc4ICqFHXjwB6_ZmU5d4NiGe3EhfKnayKro7WtgYWp9Qy4vdH1W9erEmg4bGpZ2Qi91inx7uH3cUggtgvwDrw4_69H4KkZ1bDRd-u7FkYH-qpswYHTlCbwiVpxr4rvk0_RDn2qpAaWZa8jYmZ18y1mfW1oO4KjWqDn-T7aPROUjXe7HOFz__ZkHBOEcW6T1xvgnV8995AmfdtdpTwkWRJCbECQw-xb4dXyg7gdL-a_xz-A9LClR22-ubaFB-EE_QizPWrzV0Xx_T_oxsdWzFVT1CmE6Pdgnp7j0dikh7QcrXLDlcN5eaVQZZEatZ8zPPvPGm6aOTJDNTR2WmYkTROZssgAx1cRcnsDmJXK7TJdNDcIeNbkZ4UBu1AgyKEW8GlwgXfpsoe7wEskaQ1dAJkyjDEDB5qQGWY0BJjMeZtJOny97AU20vv3By8Fr0UNUuzYiSj7dhq37WAI-D0txpFmaOzCqqapu-x9_dRgujbULjkg4G-mjW5bg6PgSrXLkYvDZazQIVSgPMNqGHlXZLt8a4Kbb6A2-3SbUc8ctZQSxn9gCND2rk3D2sJex6XhFQc8Nq2Bi51_FVZ7N4m5F2SKB7r0E5NWNbZq6E8HUWquz2-xFnke1CdJH-YaQRLhO8zJBj0-hwmzNeXy0dj0uDOtQHPm85BlgpfQTWYmRLWgZGUru1e5-dn5kUMgz8KO5uS0FQ0fyMcUyP9cJFd23i3hzZrnFd1ZKlm186GRYAXZZ76DZJWsdEU0Mq-lsncGxqDMXBFM80&cid=CAASEuRoNPK8DTRqqcpL33c-kX_VZA

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F5D2 42 B
63 B 63ms
63ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BEe1RGHp9--00zt4IhIMZ5oqhD8PRDMbp_adHpqaZTENQuJ0ABR4TZDuY6Zzpw1UNg5ZWlpBCxMJ_De8C25iqXkUElWBi8k1AyHOICINpf76PtDEKwGxgNVn1p2HG9TQUfkF9T05tUgwKAQvhBtBoR4DUx_A&dbm_d=AKAmf-Byite9Zbd1nsF3bna-0YQllH8Wm8Yro1Zg-NsKQFpLfXsAX6RurADElqSuCmEh7sZ-A-lUbaqXSU4nNSp3wLX5qLx53KNeVTAqCXTd6TRPtpsTswmkCWLzx9OEdr0jwTenkz28TudiBb3D8v3xKd1rEKqTLMgYP5ov6j2tQ_gmNc_wOyOZSSW5NbXT4GsKZdw3Qy19ch8VZIvXKW1VTe8zQEiIpt45KEwpVwGuFe04PajMUTrMZxf3oJPbkQtfP4PFP-1pE3uT0maFAs3Y1LMqSAG0cEMsjZ6Yk0wI_DAXXs2grvAoxv9zpVHiVE7BX5nclBHRdLzvZdzbk8jjhjN_KasRl6BU1w1VaXzb7bx2b2UV_adj1A0YSdz1uySmldZU6VtPLxTCM9eAMOtFDbeEJ9uOHvq2ZtWaiEs1Pl9rtZYbKYoiu29uQmHL1ysxBw7MDTUy-LDn3nQqXCe2KalXit6_P5s2u8jAhfoJJKl-vW3RbST6X9000bme23Nsyy7_z6-5lWTue6l0RKSdggRLdGKMf3zdFrxoTRJSPf2XT9ktvUxCP7KMvT9OZAHj5itz30r9Zp4grrTvNLk4hdHXemDDs3JotE1LUXinZbnBiExXhKRrRvrfr-3VDF9jmJ97eBUEQWwRUU1ijbexQ8Pp-s33KRYN-vQXCrhqd2uWPYx7rm8-a3mHzmb_MRbUy62gtuzZ7qv1qdSBTYnUJK5NFoWm9w9o3xDICkyP-mcHn9A13tZfrpleuxJViyeeNCJuZLMYCNx72yno_6AI5NddfSy8Wr4JJ8XJs3FmhZNCt4uzDipKQd_r9aIF1Om6nDfpq9FPvLD1thrAF6T2OkflidGqSyDavciw7fSqMg9SBnZLJaEsplMhzU0vcLQ7bUHOV5cZ0NFf5zvdpEf-Li4_rFeVw31UmVDlV_kph1WYsfhFkEQld6Alp2PfYEQgLOVwH_C4IoaxkKCGjTJXgRIWAB6mbAqaCEV0QSz4KRaE1_NxVm6RhBv2wg4L-DpXUYLN0U4Vw5JEEnI1P2QpwvOieTk8oxht4ksXQCBaYYkc5aVwzgFWebrUydRI6cHyO9XaXGfziFFYVBtyefkxobhz5wOub5GK-xgylfogZzB4HCiuKqOF0XUjvn_n-CNYiRLm96j37xVH13xEhEluD_rb25vgzZccQjUWKAEmadd7Nrd2kWdflVgbGikom5Gh6FjUea7bnHuJxM6brlY6-VpJ5m-CQ2xImJdNzykr5ExzXP_TIedWxsSxvxzLe9RmMuHRKBnh-BbdQmGwPgCMUMfYG77Z9MjSSW5k8x97ytzGMzg4lmqrp__jR0IVRXZiaGMLySixyYLZjeoIncN_Piu7CWG-4Huj3zsABk0F02UysICFRrdvGTk2tchPQW3Zs1YYa1d7bvRUZbPIOZ9Cxmw-BPxoAHRhyULRmd8YIhioe2Rm4m1r4mP0GgNJk70spc8OEKiGWwA-GyyhNff5ci3BcgK5pjMO0LluUgu7-cKd7jG3Up_QSPQNhT7hOL2fSeVIojwkbe-2kOQSWeaChLFE4ELH8UIEssFQARbjaF3evKyPTVayU0GjOFi0M7oPBv83PhylRKJIj2eSppfNY8-Ou_MK39KAoiOjCfbV2YRkctFmFC0uItG9UprWXG1vrTeKalfivkTVIEUmGkwkqmFPFKkxh1h7TbQMHjfRi-FAIDuaopzVcZL6g1D9BR89iQyRbAeoLEdHlt3AmHh2B5kG3GWwRma7OCvm22o9hNGhIYkKZc4Xkys0H6_MUfvq1LCV83IkCg_rzwWxfyCHiDOB29yLJthPp43Cbh0oEpG-R-D-PweMoBWUGZAv9zUodzNsZVr2FNv8iQ2Pf63AQYblW_z4ON5cMhe7X2aH6zXkzqjPBXl72Hw7sRfvIu6QaGemckIgQWBLGZYByUDNH9gzDTydokk1ckxB_Fwc2f5RjshNbXYZHL1Qi14vN1jVcm0OH4XrGaQs78CXfN2aP_IzIIBpEsL7XnZlRVN3X4aCoQI7LqXJ4T8UZLM-JJeKPSJNtArkfmwwYeqiN0Kyn3sfygpunPkktIFC928M2OuweRN9mxzryOK8GFjqTVOe8dkwly121gHChrn0jk2BbKgBw7gZpmsnjUl-1aM717luZhr0GDEqNe06oNrosD4cPQkg5UUVawakFMiKNJyJo8xoE7ARoTKMpaUkwlv2ZTaBvhVVWalymaKoNeKX2gfpLo6ghv8qbd5Yin3ABILXTuXkpdMAjAnyoQIxBy5V88Zn3eO6hxkhf4_QCggnB-yeUuFU1e-WD2L_y0Vfu_1K24RO24jPoUU1A4Z_5-7r-KIXkvxvTRoKS4vkgSLKB2jnqCq56_BA8XURZ0WcR_zt5TXqUpI81dRHlgnHaENqrrKSz7CelXTV6d6SCo1TZBMf_wIohcjJ1I_eqqQiLIzUzjJ_dw00r5w2Bsjhiuj_rlzt5qdnpEyIFFwONQowe5kf5PQqF9qpCGjOnDhMuUcrSdUlO_4F_MVDKu9-xNDivCPZnLEQu6ln5we6E7ztkESzpZ6Y40iGPwEUhViZEWoEYKofH5XSIJA1ZkwPNW7NhVmqQgcB6J7Do4dERAb9e1fBpiJIQQKdr8K0XIyTZXAkpSR5iUBj_iSGVDAMrwU2hIfX0vDuYDEl-m1LEVu5Qz7SIYnW2cDaNjy-j18XLATsblM_MGQAh26img-SenB-40pXV3qE2Fa_YCYeNphffBY56JjzfLWfHItSz6TWfDPzVmgxcHGK9ANwKSMYGYw6dN4kK8-nn1cKfc3Y6SGkwwX_Pm89_ayaR9rdQU1CYCzNWYTUbWabbw9TGKbHK63jqOxIObqW_yXGgsoKQdasy65Xo---G87VsLKGgPIS8ORfhuIepIxcBvdmFBmNUic6kBX3ZJIgOgQ-XY-12lLif7o2lQZaeaSsldutqAZNiG0N47k3Ojb_k37zc6C3R94h56YWceWu_qz5KPSseT-FHsWCuKTHb8F4RyzuasCGqaUxf7VkxDd_4HHsKgYeC6LUnEiCZoaVS-JoIchPDRrMFiiL9uSoHinGte2UXv1quITqRh0CefdA0AaaIR6K_LtfAf5ZWd3IyEAwwKlxEaslFwn_8r6lOPi57Y5ad87Z-6Rm-4NabxTyew&cid=CAASEuRohXIFv-cqhuA304MidwbIWw

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1BD1 1 KB
749 B 36ms
36ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 19 Feb 2022 05:53:44 GMT
expires: Sun, 20 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 51318
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F5D2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c040fba9f46fc28d49e48163aa2b5234d34bd9faf1c8ec3aa482eb526c30e546

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 831C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKSr-mFHGCgsq6Xe-UPVBug&google_cver=1&google_push=AYg5qPKGkvohWEKGWegrwkOrq5-6HCHrz86AYARDzOvvuka8uic0l7n9PA3ItPIO_HfraFJGR6w8Fz5MwcwiTd4Wf69_VeK2-u4
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzkyNTgzOTQ3NjYxOTMyNjQyNw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHVPzAVHUGHDiNP_p_BJcSk&google_cver=1

43 B
398 B

55ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHVPzAVHUGHDiNP_p_BJcSk&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHVPzAVHUGHDiNP_p_BJcSk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 831C 0
104 B 74ms
26ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOBYCbqDRDdeNbE5lMZvpzA&google_cver=1&google_push=AYg5qPJejR5x8TDEMr9OfOeKk6QaPGOcqspgwrxFBvsRTkIjDOIFg_FZx-7xCJMwbcjwN4UlGjEc5Yrwzdy39UE5RM2OZra_CJc
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 831C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOL17Gvl3inNYIenLWvJ0Ao&google_push=AYg5qPJ3JchVVdu1GsDapABdH3pQOtoDdJq8Dm1bWaZiDx3kfTlRjXtb1x...

170 B
232 B

52ms
52ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOL17Gvl3inNYIenLWvJ0Ao&google_push=AYg5qPJ3JchVVdu1GsDapABdH3pQOtoDdJq8Dm1bWaZiDx3kfTlRjXtb1xgW0YRBN6v9P2I4IsHnrPvt4ymYz4AfxWcaLZXXh38

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1645301343.641272,VS0,VE89
x-served-by: cache-hhn4057-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOL17Gvl3inNYIenLWvJ0Ao&google_push=AYg5qPJ3JchVVdu1GsDapABdH3pQOtoDdJq8Dm1bWaZiDx3kfTlRjXtb1xgW0YRBN6v9P2I4IsHnrPvt4ymYz4AfxWcaLZXXh38
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 831C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEITt_ZvpBTLrOjtZdirIfog&google_cver=1&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjI...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjIfUCY-bkVSc0

170 B
243 B

83ms
65ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjIfUCY-bkVSc0

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 19 Feb 2022 20:09:02 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIjL_d7glF0AWt7Fc5EHZpD538LMdgWcuVbRxaiRlWueoOi2qOGrmqrHTemiTOaaXGDCL-KHdXmtC3UlYjIfUCY-bkVSc0
x-host: tde-deliveryengine-production-5f896b4797-zx6sj
alt-svc: clear
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 831C
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEAlasnUQ4fZYEKITj0xmEGo&google_cver=1&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaP...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAlasnUQ4fZYEKITj0xmEGo&google_cver=1&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRc...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg

170 B
232 B

49ms
49ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLO4ejpSKH6GCIprJmJyDp4d5L8HGm1LMTehijJqsAyIAFoou9MgJdX3VweB0mwuD2cwhyvYKd58NL3XWYY9EHRcaPEZpg
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 831C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lcpCJSUFQg2u-vUlIpxxqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

112ms
82ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lcpCJSUFQg2u-vUlIpxxqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnVx2jH9DWfH6CVokjWy1jb3UJdIUtCe85QiGgPGPAbv5Fw0Q7jyAf8bydURjdgneRejiqbVKmnizIdimy7xyUz4ScE8

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lcpCJSUFQg2u-vUlIpxxqg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnVx2jH9DWfH6CVokjWy1jb3UJdIUtCe85QiGgPGPAbv5Fw0Q7jyAf8bydURjdgneRejiqbVKmnizIdimy7xyUz4ScE8
date: Sat, 19 Feb 2022 20:09:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 831C 43 B
175 B 367ms
292ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEBafTUfTZoAbEbgsGCznlB4&google_cver=1&google_push=AYg5qPLTi0JOfEDRXI5nO0_lpkDeIU_rsnLSE14GaJMVQ932_iksi-ccr8cfcFAQq1uIX4kqMyeZ90W1amC0By8pcbmOSs0CAr_r

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 20:09:02 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 831C 0
223 B 141ms
48ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Koli13NLwevzR-y7blUCbLw7faMFQL4JAXptv2V4MBVxq_CvanlKc5fcCVhDxmfJ63_vG40w

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame F5D2 16 KB
16 KB 39ms
38ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 05:33:18 GMT
x-content-type-options: nosniff
age: 311744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 05:33:18 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 42B7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

114ms
113ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 19 Feb 2022 20:09:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Feb 2022 20:09:02 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 19 Feb 2022 20:09:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1BD1 35 B
463 B 37ms
10ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELcNBysZaXuSJgBEzqDkxEw&google_cver=1&google_push=AYg5qPLZ0DjgWFf0qVLig6Wt88tkyPtPHelv2k80cnHzm1OBk7sWz7G4Z6gVpjm-RmEvhOoQDpIBsCotWlLfQtE7sIpl4lKv4qj9

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 1BD1 70 B
265 B 107ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEHAoOM8umT57kk6iL08VJFA&google_cver=1&google_push=AYg5qPJyk3awyn3yZ9iEA-uU3pZdc17I83i_HN3EbPBp9Fkt9O4cpyLpFlLgxYHlSs25QLLeI35WeTrTyxyOB_CqO1Qx3gW2N1ab
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1BD1
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENSCT2wU9ZwLNvr1M_EHm88&google_cver=1&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZf...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZfrPW9HtfPrJXwKzEY&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

170 B
232 B

49ms
49ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZfrPW9HtfPrJXwKzEY&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPINI8DCrcV81rXfihNSRcphfGxm9jfRZCIQ8tQe-9lI0KBfl_l6NMfq7WdqgKIq8Livrb5aX_4qkZfrPW9HtfPrJXwKzEY&google_hm=Q09BEqkqS1Wj8MNhDPAR86k
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BD1
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKeRxnXCk1OVDAgZ_Lm4SU8&google_cver=1&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKeRxnXCk1OVDAgZ_Lm4SU8&google_cver=1&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODc1NjA2OTc1NTA2ODAxMA&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JL...

170 B
188 B

102ms
81ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODc1NjA2OTc1NTA2ODAxMA&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL3o6Y-Cvwu2yCcL4uN1E

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg5ODc1NjA2OTc1NTA2ODAxMA&google_push=AYg5qPJS2zam8XJK8gNqYkQBVzoY0UXvr9eqNZEPxMeRNiigFjOttQDbeXQIYU2diI95ZWnvD3n5JLhL3o6Y-Cvwu2yCcL4uN1E
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET

pixel
cm.g.doubleclick.net/ Frame 1BD1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0Hx...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BD1
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8Eu...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8Eu...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE44CH2PeZtB8QRYhy-BFts&google_cver=1&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjODRkZGUzYS05MWJmLTExZWMtOTE1Mi0wMmQ1NjJmYzU0MmU%3D&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nY...

170 B
188 B

51ms
51ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjODRkZGUzYS05MWJmLTExZWMtOTE1Mi0wMmQ1NjJmYzU0MmU%3D&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjODRkZGUzYS05MWJmLTExZWMtOTE1Mi0wMmQ1NjJmYzU0MmU%3D&google_push=AYg5qPJkuMSMMAxG9T1TG8x-Ke8HLbvu5ToBu7YDFi9sOsKRijdeW8EuT_u1zPl3nYnJUMs75lx9y28ngXKX0ogHVnmNouSwsAYWOA
date: Sat, 19 Feb 2022 20:09:02 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1BD1 0
40 B 93ms
48ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IPxBDZ8aJv35tTfsA1beBXo5NhprThlYnBAcM4RFCo7bu-d_OcipRW-6--Ki_uf6I

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9FDC 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss4SGnmeklQEty6_YkXWzznpJbsrZkO-zGwMMNbLf_GD-ND-VAjRPm_j1WMIutrGxRbkiaokOOyZyNyFCXIOFCL&sig=Cg0ArKJSzFizjuniy3p3EAE&id=lidar2&mcvt=1012&p=0,0,280,1100&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20220216&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3595442130&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1645301341389&rpt=567&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content multitracking Show response
ghb.aplhb.adipolo.com/adunit/ 0
204 B 55ms
55ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/adunit/multitracking
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hbw_master_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://kooora4lives.net
Date: Sat, 19 Feb 2022 20:09:02 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 7ms
7ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H3 200 hb Show response
ssc.33across.com/api/v1/ 60 B
99 B 117ms
99ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: c1d4f1cb4d7af73b5f4e8af1c564e4eee052b08780ce97750617849c8fc0e38e

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
228 B 102ms
102ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:02 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
217 B 15ms
15ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.7.0-pre&cb=54798328836

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
178 B 17ms
17ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:03 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
306 B 55ms
55ms XHR
application/json 188.42.29.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.29.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 7ms
7ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H3 200 arj Show response
adipololtd-d.openx.net/w/1.0/ 73 B
101 B 40ms
24ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adipololtd-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e48d26f5-c591-42ca-8609-66c30903a612&nocache=1645301343244&pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674&schain=1.0%2C1!adipolo.com%2C620a5acab6e80f22ac327b74%2C1%2C%2C%2C&aus=160x600&divids=div-gpt-ad-1645301343203-0&aucs=&auid=556544515
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 84081fd74a7d991ee0d9f0f7a46ec0e1da117b875ae918cb6a749b5a81f89aa7

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kooora4lives.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
979 B 61ms
61ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4bbd05de6bc0b11c8e0f89415f2a03355a7518a9e6331e09cf6990fcc01be061

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:03 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 7dc7414e-1326-4a18-89f6-e9f33173bf23
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kooora4lives.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
201 B 62ms
62ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5624e4db6aa9885754a015d03016416a61b5fb820db6edf07f358dfbc02c3e3a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6e02217348e0913c-FRA
pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
522 B 27ms
27ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.7.0-pre
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: cc5f4b1ec545dd9c5ace2f3090b097dc24170f14811c6af909785d1780fa6701

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 19 Feb 2022 20:09:03 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kooora4lives.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
100 B 79ms
78ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e0221735f8a9049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 ROS Show response
pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ 2 B
157 B 15ms
15ms XHR
text/plain 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ROS?rnd=0.13349960977352393&e=160x600_0%3A160x600&ur=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&pbv=6.7.0-pre&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&e_pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Amersfoort, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:03 GMT
access-control-allow-credentials: true
server: openresty
content-type: text/plain
content-length: 2
x-sid: AMS-601

POST
H2 200 all
csm.eu.criteo.net/ Frame 7B18 0
127 B 17ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 19 Feb 2022 20:09:02 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E829 0
0 82ms
81ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7SrSXU4RYszqIPeB9u8Ptc2byASx18O-aJeyx9i-D9K8iMiQDhABIM7OhmhgleKQgqAHoAH-nJOcAsgBCagDAaoE1AFP0BdGn21jMVltzFdpwqsLNc9tgkXTkKfGItN8uJ66YF6TLYvKJucMTqoQcpFM6zT4J5F1SMHcC9gAjGE6_yWe9xT3oyy4Op1P6YXfGPOgINSu6c4XGTN-bMmDk6NSYYzSXGz96PqceBmkajMcfhcu8Rh5d9caeR0V0UJ4niaZkOEUUX8vTEPC2owddyVyoJa4wYK811ExmIUQnSmIcChOfrLAGxt9meNP5EF6ajuzPhI6Bmf-WURjI71PsUClz_jhDnjA3Lwg9eHZ0RdyJrfb6imRk8AElZ7zyu8DoAYugAeOmfVsqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQg_QR0ggJCIDhgBAQARgfgAoByAsB2BMD0BUBmBYBgBcBshccChoIABIUcHViLTM2MTkxMzMwMzE1MDgyNjQYAA&sigh=xD8wBQgHX6o&vt=1&template_id=484&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3619133031508264&output=html&h=280&slotname=5249431448&adk=3989702682&adf=3501923860&pi=t.ma~as.5249431448&w=1100&fwrn=4&fwrnh=100&lmt=1645301341&rafmt=1&psa=0&format=1100x280&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1645301341159&bpp=2&bdt=2996&idt=219&shv=r20220216&mjsv=m202202090102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3367489163969&frm=20&pv=1&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750773%2C44753656%2C31064036%2C31063221%2C31063911&oid=2&pvsid=873873462402139&pem=729&tmod=105310775&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=DqKBELWXME&p=https%3A//kooora4lives.net&dtd=223
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 19 Feb 2022 20:09:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E829 42 B
64 B 79ms
79ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvnHgwRJiom_Yx_vbUA5ls3Y9K6WXuYJwHVSAVFQEpAA27Ldjl_Df4O7dcZinidU7wztw_qYlAi5Dly9M-aQyyuE0lvUGz3O_KW0dU1JnnkKj-RqMQS-A&sai=AMfl-YQzbXYvS6M-fWriVHU6PgNcahx5sPYf9t2V1kayDzD_eb8aW1A94q-vxWJ-yHLNWXlDAZ3D0nb3Ah44&sig=Cg0ArKJSzFOcSvIpE7rEEAE&id=lidar2&mcvt=1000&p=0,0,280,1100&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220216&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3989702682&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&pay=1&rst=1645301341383&rpt=922&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 308ms
308ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=873873462402139&correlator=2625233312907235&output=ldjh&impl=fifs&eid=31064986%2C31064868%2C31063911&vrg=2022021502&ptt=17&sc=1&sfv=1-0-38&ecs=20220219&iu_parts=7047%3A202189885%2Capl%2Caplmcm7047%2Cdynamic&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=160x600&prev_scp=refresh%3Dtrue%26test%3Devent%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Da930ac425e81a615%3AT%3D1645301341%3AS%3DALNI_MYCle3qGP99icq8_BLxkPwG1KJybA&bc=31&abxe=1&dt=1645301343365&lmt=1645301343&dlt=1645301338163&idt=3416&frm=20&biw=1600&bih=1200&oid=2&adxs=-160&adys=310&adks=2154825476&ucis=e&ifi=19&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&vis=1&scr_x=0&scr_y=0&psz=160x-1&msz=160x-1&psts=AGkb-H8K3LKrjfHaA5ke69oM4GHrcxZ4hTEKPFirJFWV3ATeY3iF9oHPXAnypqqjXPD4Axz_5bCmI7jNdyrLE0lcDRg_wgY%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_V0DP1NESyOnDmEDfOUPjgH94J6nfXi-sKX88RXGOsv7rJzAykPGhY8MtzYbMEgr8hOzqzoq1rrNZoGx5K1W4lBNU%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=true&fws=516&ohw=160&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

a15ea0a91601623e6edaa9cca76e0eacec8b53fe3edfbf814b30127921bdccdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9341
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF9C 6 KB
3 KB 39ms
39ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 16ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 20 Feb 2022 20:09:03 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 56F7 624 B
297 B 50ms
50ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNUmC9Uo2u7huAGvzlVG8it5PwGZ6pPUlFPfv_uVQRHa1b9hfTNXYKtcJ2OqgZyx8oBu7l-ndK2-e27VfkikGaWKAYgFo3L0E0Ey3wOiVUcLwMM11UJDPlIfr-rHv905FrgXLyWKVoRkYS9X643tewfo9tWWYxShh37JcvzmzRyH2ftqt4A

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Feb 2022 20:09:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EF9C 78 KB
32 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AmAEXXCI_wzbQPnjGc3RQHb6G_NP1b0qdkDA6TXt24CUfM_0sLwu78Hd3ZZut01gSfTUP8UxZuxu_RPtfty5tFsmhPfG-SPCafZByZqludVAEQMmhB1wLDmuCTy2dBjx-S_0zkGRwOdqDAU2d-VXJI6KRSTA&dbm_d=AKAmf-D-j6t90OpJ2MCVy-nKzJwMIA4uUczAuziGY1sW60aU02DvB_YHAYnmm-DCXmv9t_L8OAtLC5cgBd0ywoC31xjcyIM7XNlTpfbXVbdgvN4_LmlhA2gvAIzx5ryR_F4CvA7hTudntj8kpuZntd5iw1UGxAIkKFj2AWoLMUOL7pj4Lz5UzNKGFkjaYonmjy43jQVtILDbPiw4pMBH3ovTYDqmsv3SMTBdmUN1dE2xpNQ2P739gdA8L2gMuhL0SNo9GJQ7QWAhyXpFetFoj3kySAbxY2wyvKgGdcFpXpv79LqRX-CAULF8Y2qdRmHD00R7cZ_1RAAbjNcrbmBRf-UyQyAk2gXysVQ9XAZ4dFe98_fVsGx1d-scK5a_Sbo8Z_iriymzURV-fY03AvxB_nwZtKm19fc6Q4busAWWmGd5XpuJxT7gcC19qV6bj7HuA4DZPwDkjv7BkKcI1G4uWfAcFbOphBCzH92ta8Me4vsE-hHVBpvncYv8QJCwTknJ7m-mAx-4-2OJs81awVPwaRLMMZ5HW2aMxJZZvXrTU_51DhMy6124jadCE8TGg3Kp9VrFsSWPU6OHI0FkcNsQR-pvWg5Hpef7AqgULDIhaqoxFXPg8rbGyAfgBHrUwcEdCVlf7mM-JIuvGmmcy0L-gBYNxUk_Za0VTOP_8OvrKNfWnksZOM26XyT9ME499aMN4hMIJfVxsjIRi8T3dAmdxbVmtkdsDsluEMK-Wu1YY_dnNVkPcqFRiPX4lJo9u6LkphOUyBZTeIAXjRsfd789nRcLUH7S-4V7S3hBzRZZExNvRcIGkN7MPS8gkbT83aNIBaVFvKBZxh2wcHglewOumLtTXhrgOHPX1NKxq_MAPyYR3GdAsyEhJLd02U3a5PfXIddKAMSIpZdw0XlwlR9FVekXJoyTtDJnv9CJJhm4xUDBXnBOZe5Z2mI2MUgqDMyXO343BOW2VpwFEzoYtuV0EauVW3-6NCR0vnjeExFQBYjfl3fHQRM4JSc9b8YDGpePM-aECaSIGUti5ucF8czz1R0LZRKP7O1IK_LHQxSeDobLOBHbRnaKiBfnfCY9nGIists6ZuTyNkjKQ4DWR-DZrT-UxFqZOah3uy2tTwmpib1QHKPAUtA03uPBfXVyLRccBnGjKsu2epRPINkENar1XT3prQ-sQnZz26y18Rsz9rlZnSfjc45yfB8ILYQMbsFJcQXlqMEApqxJjzTeDqZf25FMxKX_8L3kYTg7XRzIwn0m1M4QIjWmdD7zBF3-Tm1SFqGOO5h8PJIqLFoLtUGYQNfgoQNmj8T3GREGJMOI3yyxbUHjWOHdcZi1_-OG8bxHXvZCuXr7YDGHxXPoSUE26wqzQNAj16znog4ImbXDcjLWCd7yp6z_cvTNyVJop8cb7HOLkAcqYE84_KoDbXP1X2b8wirCETItaJiSUugYmT7g0uf8jiPAFA7i0RCJCLW5NObQRh1mPyDEMhED_KFI17-1W5vmwsPE9OcmGBOQhiftQ0hQr6cWP_apkIxOrortF2OyLQfkuUAw_2EUgiA58SYzA0GAYiIjniQVdedRbWTKzezK448py-gNjHNdH-GaLmT1qixh3Fchu3i6W8MrpuJJFt1AjTAHxvi9ezd3AaEB2LbIQqmZAftMcBd6NnSzQrnfpi6G_lgzAh-8l5wCEJa6j4tJ7Rv0gpkh7UWDyvUQalOzL00kcjQ67u3HdhqzuMIUyyDAa_aNX3Dg7-kPpfVsBQU3JYkMsrP1Y8zCIwXYzEtwJcgr-KTL3Q5XUCR2J5z-ovZYbNV2eCN76OCs6ic0uB2a4yRGv65CLfg5ctDtC4Vy6NXr3-Ftj5pGibbRjnRHDBqCg3URE5GrIwFOmEvt4ktsAgQSSEsoLDWC_8gPklDwG7wneq_nTn9P72ySpqBeR5IesiRSNGq8bh1Z9duO9-sEsZ1p6bzOYGwwQv4sRmKqs1fKu-KFuACIWndB38TIR7hpanV_-KzcsJmEy2zS4C0zZYeWptKRCz30fZzkII-tUlq8RbG59p2G552fBq2F2How5hC7L6GP369q7ChQSDRbRQdYQ6L-u9Rnexwdi7Rp_Ofi-LV8wdz3h9irIpFHH1iujJtqOYKPu1Fp_kAMM26zEHMa9IUl6zXrfdsKMiPQ6Z2z1lsZHoXU9WCSziDlGJ1XIcj2EjRnlBvrgpn-iDoXjJ4tTuiCg33KOpyLTeVShJs-yCuIULDPNLsMpceNKrN9XzG1a9hPz3ftnOR0KOze20SkJNJyeO1ODu6v2xUzFAhmSnDKYaMZ8tQQ4b32V4pXT-QhvpetQTBHFA1UADATvdJhZ6STwN6ymq6fuNnVROXxGQQ24hHP0JjwSlx1MLX0Oypw_JzhXKFeBwrwUlu-m_-hb8SqI2BAXE2MfXlwv9dWqXBn8gkbsTC32qcLgxq5QefboqOhPuBSMkdAmUh8uF9KdvcQs0tyAsEdz8kRsEzdh9w0ZOO70hTuWsGo0UYdxbVyWJOD72cmBSvx54rnXM-JPsJilI8vn52DHBcBxNrdfHwS-0-T2Hb66i_l76bkV0-01Eg8QRadZqACJW9I8r08PdRoPLjN1Nfh002G3t0cVRo7CV0nnQg_cdJTJ-oR-1rTa-GNPZ-X9CO9YpXngK5Dx2HRLDPSNUbgCJzKB2KYVyuOmJlxHrdJ8vHB-Jjmm3JStbi63HSEEv_aSc55oOeBX_9VzDzbiVuEVR0Cp9cjt1VRCCky8_z9BzxYZ7JsiyyyIu-q_FEMxF7ifZ27rWAt4FTIfdLpLDG03cudQVBh2fFxHhc8pVuHGME5ZQaDXE8ISNLuVMW2DFuXxHvYwxakEywP89DrxXSZQ7MiKSMPII2tyLBaGKZQRA1rnuZJVboaRbtjkpFPe7SI84QF7tJaBrmCSN-NUojjSo42GXinNh7XjpG_rtUWJkqRybu5y48BvgF4_-BcfnakO9geXMsDTm-joy6o0i4QiqwgOYCAKAAbgkj6bkTV5OMozsCAB1NCaJuSc0xcwxQV2JIJ_iCn85geY-1Sb8KBNvXocFGtEoY&cid=CAASEuRoWUozigUz9O4JcBzeHcJRLw&rfl=1%2Chttps%253A%252F%252Fkooora4lives.net%252F%240

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

569b333ec4213d5394f80ca05bb2b395f9ed9a22c4e305a7d787ce40f3dc3e64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32514
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF9C 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BnoJebwPPawlmRan5xnGAD8LRvG5SSA2eCEo16ponRqFzCvtylyJx2QvQPZ8ir-lxcMu5ReBzLHY3WT0cqjnQ1YF_KxqVz-jQ4aSfF1Sv0aaidcYc

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame EF9C 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 494
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF9C 124 KB
38 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame EF9C 15 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EF9C 0
0 47ms
47ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQx5Y0X7cARMeR4LBIVAg28vofO6As497kZt5niixef_yYKjULPtpNO-VrO_bAIytkmG9N4f-8dZakte0W-4b_BoavVsA
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame CE38 13 KB
5 KB 94ms
62ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=kooora4lives.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 21141
date: Sat, 19 Feb 2022 20:09:03 GMT
content-length: 5145
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 90 KB
28 KB 44ms
16ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:35 GMT
server: nginx
etag: W/"61f7a623-16685"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 20 Feb 2022 20:09:03 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 56F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1

43 B
1014 B

89ms
34ms

Image
image/gif

104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNUmC9Uo2u7huAGvzlVG8it5PwGZ6pPUlFPfv_uVQRHa1b9hfTNXYKtcJ2OqgZyx8oBu7l-ndK2-e27VfkikGaWKAYgFo3L0E0Ey3wOiVUcLwMM11UJDPlIfr-rHv905FrgXLyWKVoRkYS9X643tewfo9tWWYxShh37JcvzmzRyH2ftqt4A
Protocol: HTTP/1.1
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 19 Feb 2022 20:09:03 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 56F7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YhFOXut.i0xODyduFi1otgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1&google_hm=2

43 B
1014 B

40ms
39ms

Image
image/gif

104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNUmC9Uo2u7huAGvzlVG8it5PwGZ6pPUlFPfv_uVQRHa1b9hfTNXYKtcJ2OqgZyx8oBu7l-ndK2-e27VfkikGaWKAYgFo3L0E0Ey3wOiVUcLwMM11UJDPlIfr-rHv905FrgXLyWKVoRkYS9X643tewfo9tWWYxShh37JcvzmzRyH2ftqt4A
Protocol: HTTP/1.1
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 19 Feb 2022 20:09:04 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDhZpetrX9tpp3VeXA6dSHA&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 56F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGopaZZXGHOHNoK-axKqUIo&google_cver=1

43 B
1008 B

25ms
25ms

Image
image/gif

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGopaZZXGHOHNoK-axKqUIo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNUmC9Uo2u7huAGvzlVG8it5PwGZ6pPUlFPfv_uVQRHa1b9hfTNXYKtcJ2OqgZyx8oBu7l-ndK2-e27VfkikGaWKAYgFo3L0E0Ey3wOiVUcLwMM11UJDPlIfr-rHv905FrgXLyWKVoRkYS9X643tewfo9tWWYxShh37JcvzmzRyH2ftqt4A

Protocol

HTTP/1.1

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:03 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a1b0b567-c234-4599-af31-4b29f16f3954
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGopaZZXGHOHNoK-axKqUIo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 56F7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU1NDU5NjgzODA1OTAzODI4OA%3D%3D

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU1NDU5NjgzODA1OTAzODI4OA%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:03 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 81e53138-ad7f-4c34-bc59-02f7bb998fc1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU1NDU5NjgzODA1OTAzODI4OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame EF9C 169 KB
59 KB 87ms
39ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
Origin: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 15:15:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 15:15:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame EF9C 8 KB
3 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AmAEXXCI_wzbQPnjGc3RQHb6G_NP1b0qdkDA6TXt24CUfM_0sLwu78Hd3ZZut01gSfTUP8UxZuxu_RPtfty5tFsmhPfG-SPCafZByZqludVAEQMmhB1wLDmuCTy2dBjx-S_0zkGRwOdqDAU2d-VXJI6KRSTA&dbm_d=AKAmf-D-j6t90OpJ2MCVy-nKzJwMIA4uUczAuziGY1sW60aU02DvB_YHAYnmm-DCXmv9t_L8OAtLC5cgBd0ywoC31xjcyIM7XNlTpfbXVbdgvN4_LmlhA2gvAIzx5ryR_F4CvA7hTudntj8kpuZntd5iw1UGxAIkKFj2AWoLMUOL7pj4Lz5UzNKGFkjaYonmjy43jQVtILDbPiw4pMBH3ovTYDqmsv3SMTBdmUN1dE2xpNQ2P739gdA8L2gMuhL0SNo9GJQ7QWAhyXpFetFoj3kySAbxY2wyvKgGdcFpXpv79LqRX-CAULF8Y2qdRmHD00R7cZ_1RAAbjNcrbmBRf-UyQyAk2gXysVQ9XAZ4dFe98_fVsGx1d-scK5a_Sbo8Z_iriymzURV-fY03AvxB_nwZtKm19fc6Q4busAWWmGd5XpuJxT7gcC19qV6bj7HuA4DZPwDkjv7BkKcI1G4uWfAcFbOphBCzH92ta8Me4vsE-hHVBpvncYv8QJCwTknJ7m-mAx-4-2OJs81awVPwaRLMMZ5HW2aMxJZZvXrTU_51DhMy6124jadCE8TGg3Kp9VrFsSWPU6OHI0FkcNsQR-pvWg5Hpef7AqgULDIhaqoxFXPg8rbGyAfgBHrUwcEdCVlf7mM-JIuvGmmcy0L-gBYNxUk_Za0VTOP_8OvrKNfWnksZOM26XyT9ME499aMN4hMIJfVxsjIRi8T3dAmdxbVmtkdsDsluEMK-Wu1YY_dnNVkPcqFRiPX4lJo9u6LkphOUyBZTeIAXjRsfd789nRcLUH7S-4V7S3hBzRZZExNvRcIGkN7MPS8gkbT83aNIBaVFvKBZxh2wcHglewOumLtTXhrgOHPX1NKxq_MAPyYR3GdAsyEhJLd02U3a5PfXIddKAMSIpZdw0XlwlR9FVekXJoyTtDJnv9CJJhm4xUDBXnBOZe5Z2mI2MUgqDMyXO343BOW2VpwFEzoYtuV0EauVW3-6NCR0vnjeExFQBYjfl3fHQRM4JSc9b8YDGpePM-aECaSIGUti5ucF8czz1R0LZRKP7O1IK_LHQxSeDobLOBHbRnaKiBfnfCY9nGIists6ZuTyNkjKQ4DWR-DZrT-UxFqZOah3uy2tTwmpib1QHKPAUtA03uPBfXVyLRccBnGjKsu2epRPINkENar1XT3prQ-sQnZz26y18Rsz9rlZnSfjc45yfB8ILYQMbsFJcQXlqMEApqxJjzTeDqZf25FMxKX_8L3kYTg7XRzIwn0m1M4QIjWmdD7zBF3-Tm1SFqGOO5h8PJIqLFoLtUGYQNfgoQNmj8T3GREGJMOI3yyxbUHjWOHdcZi1_-OG8bxHXvZCuXr7YDGHxXPoSUE26wqzQNAj16znog4ImbXDcjLWCd7yp6z_cvTNyVJop8cb7HOLkAcqYE84_KoDbXP1X2b8wirCETItaJiSUugYmT7g0uf8jiPAFA7i0RCJCLW5NObQRh1mPyDEMhED_KFI17-1W5vmwsPE9OcmGBOQhiftQ0hQr6cWP_apkIxOrortF2OyLQfkuUAw_2EUgiA58SYzA0GAYiIjniQVdedRbWTKzezK448py-gNjHNdH-GaLmT1qixh3Fchu3i6W8MrpuJJFt1AjTAHxvi9ezd3AaEB2LbIQqmZAftMcBd6NnSzQrnfpi6G_lgzAh-8l5wCEJa6j4tJ7Rv0gpkh7UWDyvUQalOzL00kcjQ67u3HdhqzuMIUyyDAa_aNX3Dg7-kPpfVsBQU3JYkMsrP1Y8zCIwXYzEtwJcgr-KTL3Q5XUCR2J5z-ovZYbNV2eCN76OCs6ic0uB2a4yRGv65CLfg5ctDtC4Vy6NXr3-Ftj5pGibbRjnRHDBqCg3URE5GrIwFOmEvt4ktsAgQSSEsoLDWC_8gPklDwG7wneq_nTn9P72ySpqBeR5IesiRSNGq8bh1Z9duO9-sEsZ1p6bzOYGwwQv4sRmKqs1fKu-KFuACIWndB38TIR7hpanV_-KzcsJmEy2zS4C0zZYeWptKRCz30fZzkII-tUlq8RbG59p2G552fBq2F2How5hC7L6GP369q7ChQSDRbRQdYQ6L-u9Rnexwdi7Rp_Ofi-LV8wdz3h9irIpFHH1iujJtqOYKPu1Fp_kAMM26zEHMa9IUl6zXrfdsKMiPQ6Z2z1lsZHoXU9WCSziDlGJ1XIcj2EjRnlBvrgpn-iDoXjJ4tTuiCg33KOpyLTeVShJs-yCuIULDPNLsMpceNKrN9XzG1a9hPz3ftnOR0KOze20SkJNJyeO1ODu6v2xUzFAhmSnDKYaMZ8tQQ4b32V4pXT-QhvpetQTBHFA1UADATvdJhZ6STwN6ymq6fuNnVROXxGQQ24hHP0JjwSlx1MLX0Oypw_JzhXKFeBwrwUlu-m_-hb8SqI2BAXE2MfXlwv9dWqXBn8gkbsTC32qcLgxq5QefboqOhPuBSMkdAmUh8uF9KdvcQs0tyAsEdz8kRsEzdh9w0ZOO70hTuWsGo0UYdxbVyWJOD72cmBSvx54rnXM-JPsJilI8vn52DHBcBxNrdfHwS-0-T2Hb66i_l76bkV0-01Eg8QRadZqACJW9I8r08PdRoPLjN1Nfh002G3t0cVRo7CV0nnQg_cdJTJ-oR-1rTa-GNPZ-X9CO9YpXngK5Dx2HRLDPSNUbgCJzKB2KYVyuOmJlxHrdJ8vHB-Jjmm3JStbi63HSEEv_aSc55oOeBX_9VzDzbiVuEVR0Cp9cjt1VRCCky8_z9BzxYZ7JsiyyyIu-q_FEMxF7ifZ27rWAt4FTIfdLpLDG03cudQVBh2fFxHhc8pVuHGME5ZQaDXE8ISNLuVMW2DFuXxHvYwxakEywP89DrxXSZQ7MiKSMPII2tyLBaGKZQRA1rnuZJVboaRbtjkpFPe7SI84QF7tJaBrmCSN-NUojjSo42GXinNh7XjpG_rtUWJkqRybu5y48BvgF4_-BcfnakO9geXMsDTm-joy6o0i4QiqwgOYCAKAAbgkj6bkTV5OMozsCAB1NCaJuSc0xcwxQV2JIJ_iCn85geY-1Sb8KBNvXocFGtEoY&cid=CAASEuRoWUozigUz9O4JcBzeHcJRLw&rfl=1%2Chttps%253A%252F%252Fkooora4lives.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:07:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:07:54 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame EF9C 25 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d44b84e0471d9d1ac53ce061c9becfa720931b7364c7b55a6325d03859781782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9648
x-xss-protection: 0
server: cafe
etag: 2224892065184813991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:07:21 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame CE38
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=kooora4lives.net&sn=ChromeSyncframe&so=0&topUrl=kooora4lives.net&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=LtUnsHxEUW1XZFJnL1BYbDJ0dHF5MUZ6V1dLbmxwb2FVeVhOK3Bkc0xQMDJVbFZFYWhMUjhTQytheFdCMDNCQjJiVjVWZFcrYmttL3hJRldJZ0VGQlpQUHBrSUtNZktEU0hmVDRCTzlMb2JLMnJIMDhnYUFKSkQyalhndF...

427 B
625 B

390ms
19ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=LtUnsHxEUW1XZFJnL1BYbDJ0dHF5MUZ6V1dLbmxwb2FVeVhOK3Bkc0xQMDJVbFZFYWhMUjhTQytheFdCMDNCQjJiVjVWZFcrYmttL3hJRldJZ0VGQlpQUHBrSUtNZktEU0hmVDRCTzlMb2JLMnJIMDhnYUFKSkQyalhndFJXN0RwYW9uNUJJandyenJkaCtBU3NUeVFKOWVXaHE5SGVlYkpBVDRhQkFxelJwdHBscnZGNzVLSXZmdW9VazhvWHN2M1pocU5qanlORDhrYlJGMHRDY1VrNFd3NDBVU0gyOEIzTnpqSml6blNsS3YydUtMTU5NZ1VqZlBOY2lGdVR6dHVGY1F1TEp3UDdEUHN0dWF2VWZYSVB0dlNZZz09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

cd504f1bb1914654f21691bdcf4b88f5108e20d984b6d14e3894c8c1700d6c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4212
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=LtUnsHxEUW1XZFJnL1BYbDJ0dHF5MUZ6V1dLbmxwb2FVeVhOK3Bkc0xQMDJVbFZFYWhMUjhTQytheFdCMDNCQjJiVjVWZFcrYmttL3hJRldJZ0VGQlpQUHBrSUtNZktEU0hmVDRCTzlMb2JLMnJIMDhnYUFKSkQyalhndFJXN0RwYW9uNUJJandyenJkaCtBU3NUeVFKOWVXaHE5SGVlYkpBVDRhQkFxelJwdHBscnZGNzVLSXZmdW9VazhvWHN2M1pocU5qanlORDhrYlJGMHRDY1VrNFd3NDBVU0gyOEIzTnpqSml6blNsS3YydUtMTU5NZ1VqZlBOY2lGdVR6dHVGY1F1TEp3UDdEUHN0dWF2VWZYSVB0dlNZZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1669
content-length: 541
expires: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EF9C 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Feb 2023 17:22:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EDEB 1 KB
749 B 38ms
38ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 19 Feb 2022 05:53:44 GMT
expires: Sun, 20 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 51319
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EF9C 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0afc15a3765accee14866c3d6104cf5d9554ff90207cce78173bf07a30a2827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5372 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Feb 2022 19:08:42 GMT
expires: Wed, 15 Feb 2023 19:08:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 349221
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame EDEB 0
0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame EDEB
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3R...

43 B
419 B

189ms
176ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e0221793c119156-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 173
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6e02217818949156-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEC83jTQ7GdHgpVhqMK47NP8&google_cver=1&google_push=AYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ4oq5TDbfXI_YQmYTcj1uMajMPdEA0hdTYNGUcFIt45iRpgDI1X7i-wW6Df8ZjNxtU8lxbi_EmCgTbMN2PnC4Aqld6x3Ro%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDEB
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENSCT2wU9ZwLNvr1M_EHm88&google_cver=1&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcx...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcxMvlefeCHvhhRw-0D4&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcxMvlefeCHvhhRw-0D4&google_hm=Q09BEqkqS1Wj8MNhDPAR86k

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:03 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ8CK5vpufEywOdG7mACHFDmp-ektMJVcPYhaY4jviBnjvyCaESkv9OT7P185b9G2cOeC2X4bIaZcxMvlefeCHvhhRw-0D4&google_hm=Q09BEqkqS1Wj8MNhDPAR86k
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame EDEB 43 B
352 B 65ms
21ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEN89TYN2kodTbB9VFZ_nffk&google_cver=1&google_push=AYg5qPKPNylXfR8ZLDKfDupSDWGVp1G7IvmBSjgSWrsQtuisMf5lNBtOgzpzPKPbbmEu_TQrBfXNn1VHH64_czADZZWZypn0bllP4w
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: lek3gdivrvvsftq7usk0jev7bkkeo756

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDEB
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENjF3lX0IRfPJCT9cworl7o&google_cver=1&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVK...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENjF3lX0IRfPJCT9cworl7o&google_cver=1&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVK...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ&google_hm=5cfd4169fbb0d560109d...

170 B
188 B

54ms
54ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ&google_hm=5cfd4169fbb0d560109d6fd0

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 19 Feb 2022 20:09:04 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJE0ILFZd7tA61lB0RdyYBuRMyaczWpf4vr-0qfz9UPCbWDS4RD_maFY5oQqN9a2vEl5Zrb3MgqvLLZeIBVKZwOzEwnURf_XQ&google_hm=5cfd4169fbb0d560109d6fd0
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET

pixel
cm.g.doubleclick.net/ Frame EDEB
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEHK-fxeIpAZWUlb16zfqYnk&google_cver=1&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HM...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHK-fxeIpAZWUlb16zfqYnk&google_cver=1&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geVi...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geV...

0
0

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame EDEB
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMcKtGs1QyblT3ANtnQZWjw&google_cver=1&google_push=AYg5qPJsXS9EzmgCmXY2fFeWkrMvDRZQnNggVXvjlDDLzyzCPftBetaz_PnJ4hSfu9nEAS5FCK4P9c0-17x...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJsXS9EzmgCmXY2fFeWkrMvDRZQnNggVXvjlDDLzyzCPftBetaz_PnJ4hSfu9nEAS5FCK4P9c0-17x9HCyg9GhuqD2ksValIQ
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

8ms
7ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EDEB 0
12 B 48ms
47ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L0qOikLAxK1MbWC0kpt5PvSv7qDencr_fdcRUta_oLzSCbkQHXK6WKW9P5rJLHkgzKRJrWMw

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5309466056757084160/ Frame E6B9 42 KB
10 KB 96ms
49ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c3f31f09260f95e338bd2c30144726d48b7370ae15e2ef003f2f67e5ba5eb0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:04 GMT
expires: Sun, 19 Feb 2023 20:09:04 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 11 Jun 2021 18:35:10 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EF9C 0
571 B 211ms
115ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscHOtN0s0fEGMEDnBZZ5hwRwKePy29zjWy_-kgKUR3cP3llGiMiXFAHPzprDRCNzTfFKRpiFIpDw1cOEVSuNYFdUYeMwp8nqxqtK2ZtAAJMVPnQBXpeMZ2pP0A5rolMu8V2K7BdQwGwqjboh4tAJVty1VMZzgancXMeOsDyYeu_1NritQlBeAExm6UFYfHnE3TDsijM6uc7ZOpeuROzPbPfoYUXY_HiXIFXpfjEtCLi_6QVsQcDC987tKWZyY0odWNL2zRGBr5-MPwFk0Lq9mXyDLBLAd66FBQ85e__unE8sRt-VA95gW3O2DU9IZO9N9nFcKuI17susZmQzyfyqGa8lOzNXpzAZCdDrAIN0QeA-0HjgrDFmNrwAjOUhOIQ7jV7q3p9Q1nUkGl4GqzNZG4LmZLu1_c3zMm3BpPdvD_ZzKANsWw-Klr9fbQfmfjP6yGZs4ogUDF4LQyh363-_o9d2bLBiZjp3b3NC013NEuPty7KRhWoCfTdTvnwceXRTyUYkaVDyJTP9Bhnrt4u7wViV7fdbiT1tM81WuFZpOiXyWEp6oKfSfKPJA9wEC-wz2zNDOGmYKPPdH-NN9sf-rjOa5ObrAIt9clRqbO_3tIYbchENbL0lfRI5moGbgGSMxO5kox9M41GyE-UrmMeq4sy0W25oEvE4EkFAdj28QbwwTV7NMtFLit81PVa4bvwp-3CU2_eVbHcwusK32gUL7x0b0hkcg_kcv6fsdUXsaBOEbFJ3bTxG_NK7riLG9x89jXIB1iox6Xki1bO1oQ2XQxPzvB1f4sLQYFJaIbnBjlM8BsD3xtRbaJUZNK06t8t7gU34gOjoV9f6yQp155tdPNITQUkEH5fDgJ2NH2TkrAeVHbxEXmUk2Yin_7urTh03Byv0dp0isxqRIwhoSGZzcUBVcOoXSe3uWADgkc4-In7y-eHdBfIP14lv5enCnhlPM9UhqSonTTJYcxC2VFnMjcbRm32ZFp7g5CkUIHNDYYuqcQpul0KLmVX8gD7mJlwnThsi08RhxmxuvNC0ayC-dgd2ax9jDPcdW0z8SC2ot2nhlpQuiagmd_oUbdqBBHw4GaYMN04OFBkKkrJL8uhN8bmEl2or4K1cFv-mL8y20SpnDDWwHjvtrZPkL0lNYX-10Nct7OlYMeOo8l0hH4SN2SBKJBiw-J4kVI3OkvZZRSf4g05LzKLY7KDzfmq92v3ZljlT32BC0&sai=AMfl-YSCMulEWMDdmN6UaaE44x1pE37iDMItw_OU5GHuMNZpXHYg9VH7kyN-49pCPwhzD3Jlo7iaFs27G-OQvzNkme2f7-m4Afe9BVcR6ZHuGvLAXWN1yKYHr_VI_qbzD97274-WfEqxDXlOSb_ibMWbI7Gxt7TwuQ&sig=Cg0ArKJSzAcaD41_EBQsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=151&cbvp=1&cstd=145&cisv=r20220216.72604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 19 Feb 2022 20:09:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 5372 35 KB
13 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9728
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame E6B9 110 KB
38 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 15:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17612
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 15:15:32 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E6B9 60 KB
24 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Feb 2022 20:09:04 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5372 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_diZX04RYtbqL9GS3gOC6YngBgAAAAA4AeAEAg&bg=!cXKlcjbNAAbf-5Dq3_s7ACkAdvg8WkxSsv0UK65ZGAxkKICQZoym2ora_2idZ9KsfxPozc8Ry7fhHwIAAABSUgAAAAJoAQcKAD5JZhHZcl-Ion8UXkEiJltDtQUMn5G3icw1JDI9Lp74EhALEJfbNMkHqBduQKnSiEOwETEcI_48MEobSKEEQZkDDMvpWE-smxkLf9FCSk6Wjw-He7MhE-pfn572SWoB7RD6tOeOaDGiWW2wicDMozyXBWGZyzy1p909cuBit3kKHPe4uJtYpWKgUNJvamgRxuQPnlmgZvpgu25S4_U4PgN_rUnc5knSfLvMMmnWyQfqTtb8U_NSFCXgJ0BioddGYpZ8hy5p5CEKfNQ0DCtgYiUqQmDYXvSU7JnUXbko2vwgltk9NM6OwqO-vfPJfz2ewmCCLEmp59S8OQEuaGbPFWzzbtFAsI0PkuS9C6Wdop8sfPLutjYqcXBYJuL-y7QjPBiIhQP_c0iDBiHE-l5otfV-R37yw6jSYd7f4U14r6Meag9btE2KbuGZw1p6z-LvG4YiL1H6vQw4qXJ-8YP3t4cL9U5XYEIp5B2Oil0XY11-jrhSaYaGrgWWgvK_VnGlslU_kPOL8zkKBGOZeICedAOE-mJKu59X4FXnPuAXpyc-HDBRphCso6C-Bo_2fdS805Fe-3vPn3wZ7KmdzK6N1cizNu0uKd_kgKwN0KAV1ZA6npjN320dI7VFIYa2f8Ts7AbAX6SrhoYbEP9zggVP2TjQZKSjpO6ANE0yJkATDO433-cOI7nCyMHkGlySBVNbI0-1G_I2CInCs6HMptfrCRu86tlAet94g0yTXgXEQAw1mOwStdd-cd0ZJjFBPRIJgM3QYEVw5ixySyTLr8S3n0Ujyn9npbj3XHXjh1_nlv5Rz91wTFzhEwMgmUtQ9nQ1DX9Ws9UFjTdAqUk9fvEk8aJoXOu3cE-0N8ZwpPDHFWhAsCsSrBPXl2VadiEerlxPgnr-eDKVtE-SNPl4_LHv872c0-BYCK2WjUB29QvgQTGzSXW3cGkFaRqr0_VlRXgMMTX6w60fArmmET2bhlYevqLwnW6Ymmj08pIFkFEIKZ294r9uCPaKjyV9ldBnHSoIh46MEcuenY78WJK4ZLfKc0MroVFkwSPya-sZnC4MvzflLGX-qv9TrPk10IESNGIMIFt9AseKIQRFqtmsBK0ld-J891iSRRTBWOuFqprBLQ

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EF9C 0
60 B 81ms
81ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscHOtN0s0fEGMEDnBZZ5hwRwKePy29zjWy_-kgKUR3cP3llGiMiXFAHPzprDRCNzTfFKRpiFIpDw1cOEVSuNYFdUYeMwp8nqxqtK2ZtAAJMVPnQBXpeMZ2pP0A5rolMu8V2K7BdQwGwqjboh4tAJVty1VMZzgancXMeOsDyYeu_1NritQlBeAExm6UFYfHnE3TDsijM6uc7ZOpeuROzPbPfoYUXY_HiXIFXpfjEtCLi_6QVsQcDC987tKWZyY0odWNL2zRGBr5-MPwFk0Lq9mXyDLBLAd66FBQ85e__unE8sRt-VA95gW3O2DU9IZO9N9nFcKuI17susZmQzyfyqGa8lOzNXpzAZCdDrAIN0QeA-0HjgrDFmNrwAjOUhOIQ7jV7q3p9Q1nUkGl4GqzNZG4LmZLu1_c3zMm3BpPdvD_ZzKANsWw-Klr9fbQfmfjP6yGZs4ogUDF4LQyh363-_o9d2bLBiZjp3b3NC013NEuPty7KRhWoCfTdTvnwceXRTyUYkaVDyJTP9Bhnrt4u7wViV7fdbiT1tM81WuFZpOiXyWEp6oKfSfKPJA9wEC-wz2zNDOGmYKPPdH-NN9sf-rjOa5ObrAIt9clRqbO_3tIYbchENbL0lfRI5moGbgGSMxO5kox9M41GyE-UrmMeq4sy0W25oEvE4EkFAdj28QbwwTV7NMtFLit81PVa4bvwp-3CU2_eVbHcwusK32gUL7x0b0hkcg_kcv6fsdUXsaBOEbFJ3bTxG_NK7riLG9x89jXIB1iox6Xki1bO1oQ2XQxPzvB1f4sLQYFJaIbnBjlM8BsD3xtRbaJUZNK06t8t7gU34gOjoV9f6yQp155tdPNITQUkEH5fDgJ2NH2TkrAeVHbxEXmUk2Yin_7urTh03Byv0dp0isxqRIwhoSGZzcUBVcOoXSe3uWADgkc4-In7y-eHdBfIP14lv5enCnhlPM9UhqSonTTJYcxC2VFnMjcbRm32ZFp7g5CkUIHNDYYuqcQpul0KLmVX8gD7mJlwnThsi08RhxmxuvNC0ayC-dgd2ax9jDPcdW0z8SC2ot2nhlpQuiagmd_oUbdqBBHw4GaYMN04OFBkKkrJL8uhN8bmEl2or4K1cFv-mL8y20SpnDDWwHjvtrZPkL0lNYX-10Nct7OlYMeOo8l0hH4SN2SBKJBiw-J4kVI3OkvZZRSf4g05LzKLY7KDzfmq92v3ZljlT32BC0&sai=AMfl-YSCMulEWMDdmN6UaaE44x1pE37iDMItw_OU5GHuMNZpXHYg9VH7kyN-49pCPwhzD3Jlo7iaFs27G-OQvzNkme2f7-m4Afe9BVcR6ZHuGvLAXWN1yKYHr_VI_qbzD97274-WfEqxDXlOSb_ibMWbI7Gxt7TwuQ&sig=Cg0ArKJSzAcaD41_EBQsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=361&vt=11&dtpt=210&dett=3&cstd=145&cisv=r20220216.72604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H/1.1 204
No Content multitracking Show response
ghb.aplhb.adipolo.com/adunit/ 0
204 B 17ms
17ms XHR
text/plain 2a0c:5c81:5142::2
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://ghb.aplhb.adipolo.com/adunit/multitracking
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hbw_master_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://kooora4lives.net
Date: Sat, 19 Feb 2022 20:09:03 GMT
Access-Control-Allow-Credentials: true
Server: Adtelligent
Connection: Keep-Alive

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame E6B9 47 KB
47 KB 43ms
43ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:06 GMT
x-content-type-options: nosniff
age: 538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Feb 2022 20:15:06 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame E6B9 47 KB
47 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:04:11 GMT
x-content-type-options: nosniff
age: 293
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Feb 2022 20:19:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E6B9 7 KB
5 KB 50ms
50ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ece75ce990e47cc04e5ae7881961750fd684c74a4e2122aff6be636e3a5a4eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5514
x-xss-protection: 0

GET
H3 200 60005582_20220110062020760_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame E6B9 29 KB
29 KB 66ms
66ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220110062020760_160x600_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69113e7e849e0fb870d2ff2a5d3a65a48df84c31e20e4df20009ffad06ccfd08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 15:30:13 GMT
x-content-type-options: nosniff
age: 16731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29394
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 14:20:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 15:30:13 GMT

GET
H3 200 60005582_20220110061737726_S20FE_Tab_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame E6B9 65 KB
65 KB 73ms
73ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220110061737726_S20FE_Tab_ASSET.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9ab67d9a55a7ccb9efc03a9f952d84218103c558c873ae08577e8f0ea834457

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5309466056757084160/160x600.html?e=69&leftOffset=0&topOffset=0&c=GHWUhfl6oR&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 15:29:52 GMT
x-content-type-options: nosniff
age: 16752
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67002
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 14:17:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 15:29:52 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame E6B9 43 B
609 B 59ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324251502_145982138_-0&ref=27008872_4307561_324251502_145982138_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Kassel, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Sat, 19 Feb 2022 20:09:04 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E6B9 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:04 GMT

GET
H3 200 IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 7582 35 KB
13 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IfvWsR8c8QoIXMZVBAT6kqVdCzRxsMqQy0C-AEZrj6Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:26:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9728
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13530
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Feb 2023 17:26:56 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 48ms
20ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkooora4lives.net%2F&domain=kooora4lives.net&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://kooora4lives.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://kooora4lives.net
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1568
date: Sat, 19 Feb 2022 20:09:05 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkooora4lives.net%2F&domain=kooora4lives.net&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=6BlBlnw3bjFIZEM4VjdMQjl5Uyt1U3d2aWNManA2OUtzaEFwVWJXSUR6NG1rdVBvaWROaGd0MmV2ejI1VVplV1J2OVJkM2UrYzc4RklrMWFqUVlJc1NkTENhR081QkpBdXRpR1p3UGp0L0M0RE1tTWpkcnRseWMraWtDM0...

440 B
682 B

19ms
18ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=6BlBlnw3bjFIZEM4VjdMQjl5Uyt1U3d2aWNManA2OUtzaEFwVWJXSUR6NG1rdVBvaWROaGd0MmV2ejI1VVplV1J2OVJkM2UrYzc4RklrMWFqUVlJc1NkTENhR081QkpBdXRpR1p3UGp0L0M0RE1tTWpkcnRseWMraWtDM0lwRHlPbEJLRHFYZ1FYc002amtDZjJybWYxMkdCYXRKZFFxSWJYMVFuSUVMV0pRSEUyYllKRFM2cDlmS2MrM1FaNHZkSUJrRHMrbEZSdXUyUzcvcituT3BhSGF2LzZDMDJ0d1BUeWZSSlFGUFJGOHFUNVRaZTNXaGxLalpzN1R4Ui9UVldxL01JYncwbWJnZktYcFRRUkx4aUhyc1RZdz09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

60a7eb65405bf15708fee714a46b4dfd08b437eb071bcbc23753d4129b5dce83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3419
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:04 GMT
location: https://mug.criteo.com/sid?cpp=6BlBlnw3bjFIZEM4VjdMQjl5Uyt1U3d2aWNManA2OUtzaEFwVWJXSUR6NG1rdVBvaWROaGd0MmV2ejI1VVplV1J2OVJkM2UrYzc4RklrMWFqUVlJc1NkTENhR081QkpBdXRpR1p3UGp0L0M0RE1tTWpkcnRseWMraWtDM0lwRHlPbEJLRHFYZ1FYc002amtDZjJybWYxMkdCYXRKZFFxSWJYMVFuSUVMV0pRSEUyYllKRFM2cDlmS2MrM1FaNHZkSUJrRHMrbEZSdXUyUzcvcituT3BhSGF2LzZDMDJ0d1BUeWZSSlFGUFJGOHFUNVRaZTNXaGxLalpzN1R4Ui9UVldxL01JYncwbWJnZktYcFRRUkx4aUhyc1RZdz09fA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1814
content-length: 541
expires: 0

POST
H/1.1 200 692.json Show response
id5-sync.com/g/v2/ 213 B
534 B 43ms
7ms XHR
application/json 51.89.21.5
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/692.json

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.5 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p38.id5-sync.com

Software

Resource Hash

bef26ed5c20d51463038d461b21ae787170945e2daac0ff482a331bae8c7ee0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://kooora4lives.net
Date: Sat, 19 Feb 2022 20:09:05 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 46ms
15ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1016
date: Sat, 19 Feb 2022 20:09:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EF9C 42 B
64 B 87ms
87ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGsGKeNqJGj5f3GFw6oKz_v5N-hzel_6uo6z6EcTnxmKfhUfzRz1v1UHPQIptgPWuzTYSVdsoBhdnSnUo6a5q99I2q5LPkZ0cTXNIFo7CDjYxdjfHFLA&sai=AMfl-YSh4r-_oYpWEKJBOeywWEHBTznonrZq0JTpwdtcPSANYjczngQ0TL6I6CPYbalYKIJ2OGL0yiEsK2zXQsROjxXORw6T5GjTimUX-zNgQk8idgn_kgQovJSwmXuk&sig=Cg0ArKJSzF-u0MVdPH8XEAE&cid=CAASEuRoWUozigUz9O4JcBzeHcJRLw&id=lidar2&mcvt=1000&p=310,-41,350,0&mtos=0,967,1000,1033,1090&tos=0,967,33,33,57&v=20220216&bin=7&avms=nio&bs=0,0&mc=0.9&if=1&app=0&itpl=20&adk=2154825476&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1645301343681&rpt=250&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 7B18 88 KB
88 KB 17ms
16ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7cee0a6fb3fdc11cccc6eccc2161a9cc8ca10b4cc331338e41a6464cb2103828

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:04 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30917333
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 89740
expires: Sun, 12 Feb 2023 16:17:59 GMT

GET activeview
pagead2.googlesyndication.com/pcs/ Frame EF9C 0
0

GET
H3 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B6F5 6 KB
3 KB 52ms
52ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: jscdn.greeter.me
URL: https://jscdn.greeter.me/kooora4livesdynamic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 6
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
203 B 50ms
49ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02c12d901f4b0b3668eec30ee82d7c248ef3fc0a10f3bef93658f74fb5f17962

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6e02218c68c4913c-FRA
pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 219ms
219ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

7f584ca8ce0f7b72a76b78921f4fbf8707240962068e9c9a2af45e4dd79f97b5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 19 Feb 2022 20:09:07 GMT
X-Proxy-Origin: 185.213.155.169; 185.213.155.169; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e11418a4-9fc7-415c-bac4-d25850fd7dd6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kooora4lives.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 adjson Show response
ads.betweendigital.com/ 2 B
306 B 60ms
59ms XHR
application/json 188.42.29.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.29.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 21ms
21ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
225 B 107ms
106ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:06 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 1
vary: origin, Accept-Encoding

GET
H3 200 arj Show response
adipololtd-d.openx.net/w/1.0/ 73 B
101 B 38ms
38ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adipololtd-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e13a780d-c16d-40d7-ba12-8fe3b97b4d77&nocache=1645301347265&criteoid=IuOYml9weXZkOG1zT1ZoaU5nWDhHN0xjUzZFUldUY0wlMkJqRVVQUyUyRkFMZFZCMXhsRXZWakxudUZpYWZrS0pBNkZkWSUyQkxXJTJGYkN5NHl4QnpuVDRuOXBhaiUyRkhYaVJIYWRWZjQ0V2RoJTJGNTN6MmFoZm5sZWtKQk1NaGJGd0draiUyQjJqYmV0emdE&id5id=0&pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674&schain=1.0%2C1!adipolo.com%2C620a5acab6e80f22ac327b74%2C1%2C%2C%2C&aus=160x600&divids=div-gpt-ad-1645301347223-0&aucs=&auid=556544515
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: c32c1f1aeb37aa15f1a29d8685d0c47b9ec1a3d910eeae55b378a14c7d47e226

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://kooora4lives.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
217 B 21ms
20ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=117&profileId=185&av=34&wv=6.7.0-pre&cb=16686254732

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:06 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
178 B 32ms
31ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:07 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
100 B 56ms
56ms XHR
application/json 172.67.10.198
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.10.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cf-ray: 6e02218c7be79049-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H3 200 hb Show response
ssc.33across.com/api/v1/ 60 B
101 B 128ms
128ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=bX9srg4dmr64KsaKjGFx_2
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: d7ce0c9f1013a5a77245e85b1648376519bc7fa5f8a1ca8328d87a9d57d9cdc9

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 14ms
13ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://kooora4lives.net
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 200 ROS Show response
pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ 2 B
157 B 31ms
30ms XHR
text/plain 5.178.65.246
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pbjs.e-planning.net/pbjs/1/2e43c/1/kooora4lives.net/ROS?rnd=0.13349960977352393&e=160x600_0%3A160x600&ur=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&pbv=6.7.0-pre&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&e_criteoId=IuOYml9weXZkOG1zT1ZoaU5nWDhHN0xjUzZFUldUY0wlMkJqRVVQUyUyRkFMZFZCMXhsRXZWakxudUZpYWZrS0pBNkZkWSUyQkxXJTJGYkN5NHl4QnpuVDRuOXBhaiUyRkhYaVJIYWRWZjQ0V2RoJTJGNTN6MmFoZm5sZWtKQk1NaGJGd0draiUyQjJqYmV0emdE&e_id5id=%257B%2522uid%2522%253A%25220%2522%252C%2522ext%2522%253A%257B%2522linkType%2522%253A0%257D%257D&e_pubcid=8596117e-1025-4b1c-bc2c-529f0fef0674
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.246 Amersfoort, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kooora4lives.net
date: Sat, 19 Feb 2022 20:09:07 GMT
access-control-allow-credentials: true
server: openresty
content-type: text/plain
content-length: 2
x-sid: AMS-601

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
521 B 131ms
47ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.7.0-pre
Requested by: Host: player.aplhb.adipolo.com
URL: https://player.aplhb.adipolo.com/prebidlink/457028/hb_561849_14381.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: f1f1657c032b60b67455147db30f0a67e800916bc8556b5303fa93593c42531f

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 19 Feb 2022 20:09:07 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://kooora4lives.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 events
bidder.criteo.com/csm/ 0
217 B 15ms
15ms Ping
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kooora4lives.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 19 Feb 2022 20:09:06 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://kooora4lives.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 50ms
49ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=kooora4lives.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 210ms
210ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=873873462402139&correlator=2438686772859513&output=ldjh&impl=fifs&eid=31064986%2C31064868%2C31063911&vrg=2022021502&ptt=17&sc=1&sfv=1-0-38&ecs=20220219&iu_parts=7047%3A202189885%2Capl%2Caplmcm7047%2Cdynamic&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=160x600&prev_scp=refresh%3Dtrue%26test%3Devent%26hb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Da930ac425e81a615%3AT%3D1645301341%3AS%3DALNI_MYCle3qGP99icq8_BLxkPwG1KJybA&bc=31&abxe=1&dt=1645301347492&lmt=1645301347&dlt=1645301338163&idt=3416&frm=20&biw=1600&bih=1200&oid=2&adxs=1600&adys=910&adks=1974401405&ucis=f&ifi=20&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fkooora4lives.net%2Fhome%2F&vis=1&scr_x=0&scr_y=0&psz=160x-1&msz=160x-1&psts=AGkb-H8K3LKrjfHaA5ke69oM4GHrcxZ4hTEKPFirJFWV3ATeY3iF9oHPXAnypqqjXPD4Axz_5bCmI7jNdyrLE0lcDRg_wgY%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H_V0DP1NESyOnDmEDfOUPjgH94J6nfXi-sKX88RXGOsv7rJzAykPGhY8MtzYbMEgr8hOzqzoq1rrNZoGx5K1W4lBNU%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1217640050.1645301341&ga_sid=1645301341&ga_hid=1235105401&ga_fc=true&fws=516&ohw=160&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAYqNDonPEvRQAAAAA%3D&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c7779c789f5f18e949052ce81ab23fbe066cb84c8bb36d2fd4fe3f7346fb9e6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9304
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://kooora4lives.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7D28 6 KB
3 KB 42ms
42ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021502.js?31064986

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://kooora4lives.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Feb 2022 20:09:01 GMT
expires: Sun, 19 Feb 2023 20:09:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 6
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4109 640 B
316 B 52ms
51ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 19 Feb 2022 20:09:07 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7D28 81 KB
32 KB 103ms
102ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrN9-fWieEyVtLGj2JZx_jdW36BMc7_G8Yrhu-H7fv8uhqOVbaHTBpPoPr-q2nxntgvBYrgY1JglBdoXR10mzc05XfNEH_YvsN1OZVoOYRj5uE8bVeH_UYwRUa4rVsi7DYM1GSQvyYFnt3XvHnuH773RGVow&dbm_d=AKAmf-DEHPRP_Uwzo8-zcLvSbD1E3oO96gnhqu-Gy1J6dYErPjotIo4wBAPXzVV97Udy9xGQquo_aUtfu9I4OEXPXIEATVE4uFVUhNbFuRnf_ho4It8xPWL6ZPo5wVlK8a_NWLxcnG8JW6af_qumN3rcoI669gEyzqLaubD4_JvSgYE8d1CViHGsT9-xhBNfBMaPuUH29WAykWCNPFSAuU7KZsDYdZLazcMFtQ2EUfPejG8JER5mUecCssdoXKBKGWz-VMW_SoEXQ4qeqnid04bHomgu8ItRrOSIMelyTwST_-SdsLwWyTVmKKyfX70MyQIhlPMAu4xW6BJ8DoV2FzrR6UM1IADRUW-6bQnRmutNlUEERnXtkvFG9t4fczFnN500gGbzb7KjEftC5xxKx6nR6zwlgtf88YgwXqUjgScBpPm5Wd9qDqMTcKIkiUCjcmOoX9lNsR9GQW94zmwTVxcX_I4iTS6zJSkuAyjexKoksD6BZNNgBh9K8pjHh_UnE05pnvTQZrABXXLV6J_L1dCRP-0eAOfyeZtonqnJFwrrHcd29oHtSSe_PDHkx52K79wUZ6wRsAIoS0BX2boMjn7aTaTYS6gOJ4IGzFVBNcfoBu1RZ2yf1-5HUGbTkEXgAmEfnqV6A74kOT6nNLXEydAEgkzPJe168hnslHsNS4O_Iyoq-TwmaW3td7HBfOAx4x0yvdxmRlsRd8bDIHyzsLthWCti1Fztda-iwM2wrdSU2HCkFvK5FwjCoHgDH7ZL-0H_ItvwOHdhcNG-RTbMqDGuiD4JPGJ6wl-zE1VZuHgsPWspSNpbgcJDNvknsa1LZDUmwD4pXQdIpff2G1lLZ_Z4xaMdtxCjyxkSd6q1DKCWc-HOj1bAxvd3PQL6y3iM3ymma4WNBHzJZLh-sBT3_a3YfjcXGFrvSCQkhpiXjm7tH5pOQ1nETjwxBwBJQ_cLReuw_QZ7MzWnn0P6e4VLi4Y2E6jywz4v3h5ApzkAnuoKuXHQBhryox1ANULaNbQh1f_Je14nnBry4eEOb5VO8T6oQA8d_UhTIUYWrpT6WjA5Ba7d5laTCYi6lr6ZEKLOZ0zNudJrluO3zA7rprW8cXoiwHaI2xedH0_jhbBJVlnXuasrx0H8HKn4mGlwCl-64SUVhWc1UamYfMIoSYWWMvU0mcSsh7MDrpXnF5kpCGoMngKp5YBM4ABgaq05yMlqVo9AGBDtzOK-fK0td5Zditq5mHM5VwsQRax78XXVUewvKsqJxNQ-mUM4gFJ0fhm-0N989lX10sz3HQanSqr-s8OFYJnrJJuOZT_u8i3nYuapudiri037lXEefhrBPHm-I8qXT8-nN9NgTc3VQ7ccKqnTsR3RboGnGrcn9ibpc41JIgD1PdEdeAOJi4FIV3zmsSSAWHxfyULlEeHkF3FuFY_yhVjxjXqlDfnvQ0u34QofHrRORrqhXPzRN1zisZoxpFnfU_tY1hNK0H7qDornM-rUdusOV47kM1d8431KLMFv2S4hxdmGTaXhoiKJA1r5ZYr4g3_MPPsd6Be579T_xu2Sku4SqihamKusjAaeJmnL7yXVYuMHpUL1uuGod-sH0dnm0CxVQKILljpVPW3u4FjMWXY0QZqpA1y7svuIRI56PGOzZBntN_AUu3Rk6aagtK114BO38jHH1_xo3PtQTNW3BQnQUTgUve6812A79kF4gMS5eQJ_jcCMvsOy4mkjinPFZlX1Qow0HFsgmlZnEJ4gwXGboyQvyY1AwPutWrgNre_PjeuNlhHYZeJra734GWFdseLxObz2w9kcj7sgM254V6RxecGe3nNWwemkurbRstI1BUr4mOLqX8vOM0nf0enBlP1ufgwqfw7nZkPP-30Pffkumx1uVqwtOBVBgxln6AsyksT7pJLnAOrrq2OUxt-HdtvC2MQ7cpdLzR9NoE5FUZjcy_GK0aSyxdlhH7koDrw9ZriynlKvSiQzdPuIkmzekb9GxKf6_mdHbFFZsp7Om19MBVjGISfQoJtNarmKlIqhEJns6156aN44OG-l4KVJPMouRq1cJKOdMzmbToERinxCX0Z42OrbpEgrKaAD05Izz5mSKft4E5G0M87zs9pcWReVpnVex1IIws66MQmmYM98mPtoS_ErMaCnWEzL9Wx2qxFqADbhJWRk_l0uQe5CfWcHVrxpIc-rSa4XuA-fm_IfNoF2uvxw3z0sZlkEqPwOWMkAvR5BpHIP9Su1WP2bpXDWEjjBi7hRTbl2cOy2cEhIbHSjblEnDQLfIT5kwBD4bE01_2NeewIDtkHSikF_NSyYTLMMkbMvyCEC-vr4BRvx8EOBwvLQzVHsyOPmKjOJt3ode4mHA0oN0iVKRlbAO9qzrIuewYos_VVYTGXZnk18afdqsGmECKqN6lam-aNdUKcmjnoXsbRejo2XuK96DN8MkLivDbuPyuA6sxMVAP6OirDxf3-BojPcfjVE2CPWIkLTI8S02K58_55VDGBUr2d9t5MJ22KTynf7aBkvTHr2XjNqg0i7MkTLhitRXl14ORVpC_Zj1BHoTSb096pFLJhBIboB11zOLq5tF-FI2VaWc0zCsPVxruIptPnqErkePgqCEN4Si_3LJNfI6Qr_I1hJNRyG0NXJsbpSoBoa1r05pqhz6169LDFlSwiabm_mNxwYCt5jTNO6mXendt9h9DueFHySasuTRQVzV0EDiQzxTGF1wwzlZetsbcmJUkVZAjJbld0nkgKwVpS4BwmfmvmKeR1vn3lmdkW2U2uueYQmDIAatuGXKPESjG-uTtNVkqciO73MXDFTASP1PZPaCJVEcppJTVjZDvXO4lhI-1R68aNvuJuEg88iJdjkwSSJYw9NHCpUhLskaIARd2qy2sfh8N5UnmPjdwa0ArxyB7L1RaYhP-Djo-QBkn1WqMtDWZDAzs8mSmzpFrw_ahgnRvDsoqM8RfoRdy1kFrY3GnImwdLrEBGC3aejLVX9E8h-fqAfSNPChph6KWr8n46wLPa8KyGVHTaFaIfl6L5AU1Ou2GKegXAbVa3b-VHZUAh1Jl-yJS0&cid=CAASEuRowNQ5seTS0tZ43guLeEXOVA&rfl=1%2Chttps%253A%252F%252Fkooora4lives.net%252F%240

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f5fa988f851f490e6647b38d05972ddb66b5bb932841e1bcf0023e7256c77ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32676
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7D28 42 B
63 B 72ms
71ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B34sesQtloreiFNz0nCm1qmx6m9weV5WWzP7e72rY4h9OaeZrKPlpMzBIS1Kp_94kImLKpY3Ah0wu6jzyx_EMjupVznhf08MEnrf2ukOp848Wv878

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 7D28 2 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/window_focus_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D28 124 KB
38 KB 100ms
99ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38723
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1645015031201889"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Feb 2022 20:09:07 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/ Frame 7D28 15 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220216/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0
server: cafe
etag: 12093742715590823996
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:00:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7D28 0
0 47ms
46ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlbdVH4EPKnjqVVKvNbfOBHzWTM3kCgauspBBDV0hGjh64q8Z-2FuDkOpAGHj7L10kviSaGF3QsjQ9ScVgFmANpIOeyA
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 4109
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENOgN30nGrdfQYHQ1-gDYVM&google_cver=1

43 B
61 B

23ms
23ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENOgN30nGrdfQYHQ1-gDYVM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENOgN30nGrdfQYHQ1-gDYVM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 4109 43 B
131 B 31ms
22ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 4109
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGKA3THtpjUIh749mFrAMEA&google_cver=1

23 B
172 B

40ms
38ms

Image
image/gif

104.111.242.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGKA3THtpjUIh749mFrAMEA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0
Protocol: H2
Server: 104.111.242.245 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 19 Feb 2022 20:09:07 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEGKA3THtpjUIh749mFrAMEA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 4109 23 B
172 B 98ms
37ms Image
image/gif 104.111.242.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARic76O-ATAB&v=APEucNWBGjzyBCqCbHNg6uA4cJacD257P6qcx6bjCgOjqEAT6tUkS5YaakgxvD9hpOUViTi0fr9rAvkry2-p8gr1mP2WeB-ZsUBo6Nx8QNYfQE_ecrD27No46vvZMJ6Rc6gZHcPsSpOaJuXUJ-ccn-boeKaJL5K7wGpjjVdgJe0E4k5TOJsfUM0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 19 Feb 2022 20:09:07 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 7D28 169 KB
59 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: kooora4lives.net
URL: https://kooora4lives.net/home/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
Origin: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 15:15:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 20 Feb 2022 15:15:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/ Frame 7D28 8 KB
3 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrN9-fWieEyVtLGj2JZx_jdW36BMc7_G8Yrhu-H7fv8uhqOVbaHTBpPoPr-q2nxntgvBYrgY1JglBdoXR10mzc05XfNEH_YvsN1OZVoOYRj5uE8bVeH_UYwRUa4rVsi7DYM1GSQvyYFnt3XvHnuH773RGVow&dbm_d=AKAmf-DEHPRP_Uwzo8-zcLvSbD1E3oO96gnhqu-Gy1J6dYErPjotIo4wBAPXzVV97Udy9xGQquo_aUtfu9I4OEXPXIEATVE4uFVUhNbFuRnf_ho4It8xPWL6ZPo5wVlK8a_NWLxcnG8JW6af_qumN3rcoI669gEyzqLaubD4_JvSgYE8d1CViHGsT9-xhBNfBMaPuUH29WAykWCNPFSAuU7KZsDYdZLazcMFtQ2EUfPejG8JER5mUecCssdoXKBKGWz-VMW_SoEXQ4qeqnid04bHomgu8ItRrOSIMelyTwST_-SdsLwWyTVmKKyfX70MyQIhlPMAu4xW6BJ8DoV2FzrR6UM1IADRUW-6bQnRmutNlUEERnXtkvFG9t4fczFnN500gGbzb7KjEftC5xxKx6nR6zwlgtf88YgwXqUjgScBpPm5Wd9qDqMTcKIkiUCjcmOoX9lNsR9GQW94zmwTVxcX_I4iTS6zJSkuAyjexKoksD6BZNNgBh9K8pjHh_UnE05pnvTQZrABXXLV6J_L1dCRP-0eAOfyeZtonqnJFwrrHcd29oHtSSe_PDHkx52K79wUZ6wRsAIoS0BX2boMjn7aTaTYS6gOJ4IGzFVBNcfoBu1RZ2yf1-5HUGbTkEXgAmEfnqV6A74kOT6nNLXEydAEgkzPJe168hnslHsNS4O_Iyoq-TwmaW3td7HBfOAx4x0yvdxmRlsRd8bDIHyzsLthWCti1Fztda-iwM2wrdSU2HCkFvK5FwjCoHgDH7ZL-0H_ItvwOHdhcNG-RTbMqDGuiD4JPGJ6wl-zE1VZuHgsPWspSNpbgcJDNvknsa1LZDUmwD4pXQdIpff2G1lLZ_Z4xaMdtxCjyxkSd6q1DKCWc-HOj1bAxvd3PQL6y3iM3ymma4WNBHzJZLh-sBT3_a3YfjcXGFrvSCQkhpiXjm7tH5pOQ1nETjwxBwBJQ_cLReuw_QZ7MzWnn0P6e4VLi4Y2E6jywz4v3h5ApzkAnuoKuXHQBhryox1ANULaNbQh1f_Je14nnBry4eEOb5VO8T6oQA8d_UhTIUYWrpT6WjA5Ba7d5laTCYi6lr6ZEKLOZ0zNudJrluO3zA7rprW8cXoiwHaI2xedH0_jhbBJVlnXuasrx0H8HKn4mGlwCl-64SUVhWc1UamYfMIoSYWWMvU0mcSsh7MDrpXnF5kpCGoMngKp5YBM4ABgaq05yMlqVo9AGBDtzOK-fK0td5Zditq5mHM5VwsQRax78XXVUewvKsqJxNQ-mUM4gFJ0fhm-0N989lX10sz3HQanSqr-s8OFYJnrJJuOZT_u8i3nYuapudiri037lXEefhrBPHm-I8qXT8-nN9NgTc3VQ7ccKqnTsR3RboGnGrcn9ibpc41JIgD1PdEdeAOJi4FIV3zmsSSAWHxfyULlEeHkF3FuFY_yhVjxjXqlDfnvQ0u34QofHrRORrqhXPzRN1zisZoxpFnfU_tY1hNK0H7qDornM-rUdusOV47kM1d8431KLMFv2S4hxdmGTaXhoiKJA1r5ZYr4g3_MPPsd6Be579T_xu2Sku4SqihamKusjAaeJmnL7yXVYuMHpUL1uuGod-sH0dnm0CxVQKILljpVPW3u4FjMWXY0QZqpA1y7svuIRI56PGOzZBntN_AUu3Rk6aagtK114BO38jHH1_xo3PtQTNW3BQnQUTgUve6812A79kF4gMS5eQJ_jcCMvsOy4mkjinPFZlX1Qow0HFsgmlZnEJ4gwXGboyQvyY1AwPutWrgNre_PjeuNlhHYZeJra734GWFdseLxObz2w9kcj7sgM254V6RxecGe3nNWwemkurbRstI1BUr4mOLqX8vOM0nf0enBlP1ufgwqfw7nZkPP-30Pffkumx1uVqwtOBVBgxln6AsyksT7pJLnAOrrq2OUxt-HdtvC2MQ7cpdLzR9NoE5FUZjcy_GK0aSyxdlhH7koDrw9ZriynlKvSiQzdPuIkmzekb9GxKf6_mdHbFFZsp7Om19MBVjGISfQoJtNarmKlIqhEJns6156aN44OG-l4KVJPMouRq1cJKOdMzmbToERinxCX0Z42OrbpEgrKaAD05Izz5mSKft4E5G0M87zs9pcWReVpnVex1IIws66MQmmYM98mPtoS_ErMaCnWEzL9Wx2qxFqADbhJWRk_l0uQe5CfWcHVrxpIc-rSa4XuA-fm_IfNoF2uvxw3z0sZlkEqPwOWMkAvR5BpHIP9Su1WP2bpXDWEjjBi7hRTbl2cOy2cEhIbHSjblEnDQLfIT5kwBD4bE01_2NeewIDtkHSikF_NSyYTLMMkbMvyCEC-vr4BRvx8EOBwvLQzVHsyOPmKjOJt3ode4mHA0oN0iVKRlbAO9qzrIuewYos_VVYTGXZnk18afdqsGmECKqN6lam-aNdUKcmjnoXsbRejo2XuK96DN8MkLivDbuPyuA6sxMVAP6OirDxf3-BojPcfjVE2CPWIkLTI8S02K58_55VDGBUr2d9t5MJ22KTynf7aBkvTHr2XjNqg0i7MkTLhitRXl14ORVpC_Zj1BHoTSb096pFLJhBIboB11zOLq5tF-FI2VaWc0zCsPVxruIptPnqErkePgqCEN4Si_3LJNfI6Qr_I1hJNRyG0NXJsbpSoBoa1r05pqhz6169LDFlSwiabm_mNxwYCt5jTNO6mXendt9h9DueFHySasuTRQVzV0EDiQzxTGF1wwzlZetsbcmJUkVZAjJbld0nkgKwVpS4BwmfmvmKeR1vn3lmdkW2U2uueYQmDIAatuGXKPESjG-uTtNVkqciO73MXDFTASP1PZPaCJVEcppJTVjZDvXO4lhI-1R68aNvuJuEg88iJdjkwSSJYw9NHCpUhLskaIARd2qy2sfh8N5UnmPjdwa0ArxyB7L1RaYhP-Djo-QBkn1WqMtDWZDAzs8mSmzpFrw_ahgnRvDsoqM8RfoRdy1kFrY3GnImwdLrEBGC3aejLVX9E8h-fqAfSNPChph6KWr8n46wLPa8KyGVHTaFaIfl6L5AU1Ou2GKegXAbVa3b-VHZUAh1Jl-yJS0&cid=CAASEuRowNQ5seTS0tZ43guLeEXOVA&rfl=1%2Chttps%253A%252F%252Fkooora4lives.net%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:07:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:07:54 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/ Frame 7D28 25 KB
9 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220216/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d44b84e0471d9d1ac53ce061c9becfa720931b7364c7b55a6325d03859781782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 20:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9648
x-xss-protection: 0
server: cafe
etag: 2224892065184813991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Mar 2022 20:07:21 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7D28 41 KB
15 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 19 Feb 2022 17:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Feb 2023 17:22:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 73DC 1 KB
749 B 38ms
37ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 19 Feb 2022 05:53:44 GMT
expires: Sun, 20 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 51323
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7D28 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4258b7eed814e83b93302fdcefdf9490eb6956a99469adc3b546d866e5a93a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 160x600.html
s0.2mdn.net/sadbundle/17969436453016436736/ Frame 4778 0
0 49ms
49ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17969436453016436736/160x600.html?e=69&leftOffset=0&topOffset=0&c=dZvT4TBhVL&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Sat, 19 Feb 2022 20:09:07 GMT
expires: Sun, 19 Feb 2023 20:09:07 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 11 Jun 2021 18:35:42 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST view
googleads4.g.doubleclick.net/pcs/ Frame 7D28 0
0

GET Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F286 0
0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 73DC 0
103 B 14ms
13ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOFvN92r2SrDb_9CTUxn4rk&google_cver=1&google_push=AYg5qPKpXIZESGRAsjI2VFtW77X0hhae8adFdBjIpQ0L7sxCTDipK-jv_yv3X827MELafWfEqlGyzaUyXGtrEWu-TWXzNlAg3ynD
Requested by: Host: c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
URL: https://c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Feb 2022 20:09:07 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET ping_match.gif
pm.w55c.net/ Frame 73DC 0
0

GET

pixel
cm.g.doubleclick.net/ Frame 73DC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHq1EZaUAXq4Bzuy9XUDxIU&google_cver=1&google_push=AYg5qPIqAK1IceAAdZ-ZNIaKIYwDfj_WyyG-bvZZANYg_6VS_q7z-0iVeL6Z4HrJWSlxJzPWl15iT6T8y6rA3ye5...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIqAK1IceAAdZ-ZNIaKIYwDfj_WyyG-bvZZANYg_6VS_q7z-0iVeL6Z4HrJWSlxJzPWl15iT6T8y6rA3ye51RNn3HvfHpzp

0
0

GET adx
pr-bh.ybp.yahoo.com/sync/ Frame 73DC 0
0

GET usermatchredir
ssum-sec.casalemedia.com/ Frame 73DC 0
0

GET -
s.ad.smaato.net/c/n/// Frame 73DC 0
0

GET ebda
eb2.3lift.com/ Frame 73DC 0
0

GET attr
cm.g.doubleclick.net/pixel/ Frame 73DC 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESENoNRKsYyT-qHVxEffwym1c&google_cver=1&google_push=AYg5qPK3ZxObTNi0jHx6XqELNhtKpF_gFMQ2EN_ddVGgoBt3GEa33rW9GBaqrw7mooJ4HPd7Pj9VYWPDxvTIL6g0Is5z0DLpdwoqxw

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGsGKeNqJGj5f3GFw6oKz_v5N-hzel_6uo6z6EcTnxmKfhUfzRz1v1UHPQIptgPWuzTYSVdsoBhdnSnUo6a5q99I2q5LPkZ0cTXNIFo7CDjYxdjfHFLA&sai=AMfl-YSh4r-_oYpWEKJBOeywWEHBTznonrZq0JTpwdtcPSANYjczngQ0TL6I6CPYbalYKIJ2OGL0yiEsK2zXQsROjxXORw6T5GjTimUX-zNgQk8idgn_kgQovJSwmXuk&sig=Cg0ArKJSzF-u0MVdPH8XEAE&cid=CAASEuRoWUozigUz9O4JcBzeHcJRLw&id=lidartos&mcvt=1249&p=310,-41,350,0&mtos=205,1188,1249,1317,1947&tos=205,983,61,68,630&v=20220216&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2154825476&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=b&rst=1645301343681&rpt=250&isd=0&lsd=0&ec=0&met=ie&wmsd=0

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnaJaj9C8gcU8y5tzx1XxiP5GjsOB3i-AsMS4zvgZDZ7DVK_PwEm4-kNH5pNWqv9CFhpN4B4-j_bF2vYPgee4rkpcEE4X64mbQEDXWCPrFyG7vBBXPwBLaXZ9OdkFnxkLOG-3Nvy5EvX_esO3F46zaQ7d9E1m0vnUE7UFyqj15IAniifaTE890TXrEF7ksEki_SYavGD6nOnnBZlnVecyGr3e6sTuhr2br-rzmkeamguuWbgIQlxxoFSdaW_IhmgTFpNwDu2ZUrEngD8qqPaPx7EXcdWr1boPU1fLoGypCiFkoHxJQo4c4V1w-md9VUwobDYLRNK8YTqN357RI1VvJLHAlX9PPdfYdPU7CSKxYdcMZWb45Rg4j-X9VU3R72T8VeiHzHdu-e2sZPRT34w1yEnfPxWg12j65jcnil6SkeOIr8sbOt9v7cmvVpZSR4GMKSEIDx8TZMQFZwXh76UjNiybXL_ENoTxHDpC-WT2vlDlXs1MTAHr_o19HkXqbRrThn2AhWQ3VYIOmupnrRKLG9Y0WNo2vY4aqmak3SsAzAvAJye54NuA6k4uKWh45U_Hx_c82TT5_vAv5vGGOL5yMO9CJwswBwWaOY80MiK5E_e_vuI7rau8fue5PMNP9pkcagwCLVxNEK5vOUApjYxy-lDGoZ8eeNlC8wXvHdEhHAl3QBYvDDRe8oQYCx-h9sjUnLVjV3R45hlj88hIohwUXEXgJLsQbuMYGKBZBMDK6Bq2eUukGJsTe9dDdfr6Wh2PmSr5JzRYD3PSVD2KUxvJJW9MY2_m4NYTCpJemg3PchsnFrT_-HaqJ9hYHdMdQ4jJDn8ixG9AaKo5z2sPSQ0_G8X9Sk6zK_UoDt24p7SkacJYcmRMIlcZM9RiSdYb3TnLsQbBFleGm2UPedtNtH_mp9JPl_OKCiZw9tUgi5wv11y113mmM4wSwvDNqPP8AdHjFkSOHIb2QKb8_0IN-ofIpKeYotpEW95GMWvcvVDTREBi2zY-45ryYF3B89dNHyayPbNAfHUuCxHeVcNfgy0B_ndEbdMlTjWkoXkF6-gpYQGLTeKWKHHEzo2plS8XE2ltVrgHvR6okuNkdkjThJbivvQ6krB10kA3xvXfW7enJuE3-K6IWM0UVL7I-7XS20gTh_JwpnYbOw2KGDkAG9PM_hGp3PnHMtvQQZnQBKHBtfOMq6Btx369-Ho2uqziq-zcQZkC1&sai=AMfl-YSCGIx0sqXZFbaiW3Kc512s76VGQlW-1VdfDxCVcQa_qNDRrg2YtYu2S2Tb41lSCtzAAlVweCAoan5DPz0E7p8wCHCND0JXQPevBWApys6aGIZLg53qQ8Em1GpmW_2AQjXZkBB5b3Ac3eImm7ST_jrP8zAvCA&sig=Cg0ArKJSzM4KsouxUOCOEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=69&cbvp=1&cstd=67&cisv=r20220216.33058&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Domain: pm.w55c.net
URL: https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEA1VWs4WNI-sANpuGJQT0o4&google_cver=1&google_push=AYg5qPL3bIfU9fJVoda_D5EDnbnyjfl254ORNQfmNhumQkS8sXQw3pQXGbE7eEFP3dKQoLW7hYzH3x8ArNdfdOUwXTgekxLvZMEF

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=pyw3b8cuSTOkrTUbu8cSow2&google_push=AYg5qPIqAK1IceAAdZ-ZNIaKIYwDfj_WyyG-bvZZANYg_6VS_q7z-0iVeL6Z4HrJWSlxJzPWl15iT6T8y6rA3ye51RNn3HvfHpzp

Domain: pr-bh.ybp.yahoo.com
URL: https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDovk73Y93KiHoY2mrPof9Q&google_cver=1&google_push=AYg5qPLPgp97miQcxx8La4H4YIbZ1OA5w42u8vybryDdKSOjs0FrHKQTfNXKx3uBAhkuXmNhluzsydMNdvKU7e0NxToMVOiIS5gA

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_cver=1&google_push=AYg5qPLAyf6SiZPuvP5NaGRewXT81DYhmt8ZTYsYW8pMAOFTgaZYjsi4P12Dmn18L564ZkT1FvCI7vJQXt0ZS8AQNgPBwYDmCBdb

Domain: s.ad.smaato.net
URL: https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEGb6QqFjmenuB6AqYNNNEMI&google_cver=1&google_push=AYg5qPJCOLotd-rrdI_o2ZBaYH8ryBx8A014xdk5OUVk76ltY_uCSWh0adlIYoEBYxiH0PG06A_U8R7T2H9KsnxsqJbw8ZnEh1Ke

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEI02O5VDuApdQN4upiM4jbc&google_cver=1&google_push=AYg5qPKNHEwdlzYpw0jZJBHI2aEj1zVxCAL2dzDij6b7F6snSdVHXt83-0_mVm2_Y2lL2orhKCfXfbuASDPLuVkSC4P8g-DN3sY

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J_evIoDU8gBENXVgUi7D6ZWGuXlc_tBM1Vybx32hHbWx982GrEJvqBdkC-HhcJgaEndWbv

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

57 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
kooora4lives.net/	1970-01-20 10:27:36	Name: __atuvc Value: 1%7C7
kooora4lives.net/	1970-01-20 01:01:43	Name: __atuvs Value: 62114e5c7074eca9000
.addthis.com/	1970-01-20 10:27:36	Name: uvc Value: 1%7C7
.addthis.com/	1970-01-20 10:27:36	Name: loc Value: MDAwMDBFVURFTlcyMzIyMTg4ODAwMjAwMDBDSA==
kooora4lives.net/	1970-01-20 09:47:17	Name: HstCfa4625840 Value: 1645301341215
kooora4lives.net/	1970-01-20 09:47:17	Name: HstCla4625840 Value: 1645301341215
kooora4lives.net/	1970-01-20 09:47:17	Name: HstCmu4625840 Value: 1645301341215
kooora4lives.net/	1970-01-20 09:47:17	Name: HstPn4625840 Value: 1
kooora4lives.net/	1970-01-20 09:47:17	Name: HstPt4625840 Value: 1
kooora4lives.net/	1970-01-20 09:47:17	Name: HstCnv4625840 Value: 1
kooora4lives.net/	1970-01-20 09:47:17	Name: HstCns4625840 Value: 1
.kooora4lives.net/	1970-01-20 18:32:53	Name: _ga Value: GA1.2.1217640050.1645301341
.kooora4lives.net/	1970-01-20 01:03:07	Name: _gid Value: GA1.2.944434122.1645301341
.kooora4lives.net/	1970-01-20 01:01:41	Name: _gat_gtag_UA_150096121_1 Value: 1
kooora4lives.net/	1970-01-20 01:44:53	Name: _pbjs_userid_consent_data Value: 3524755945110770
.kooora4lives.net/	1970-01-20 09:47:17	Name: _pubcid Value: 8596117e-1025-4b1c-bc2c-529f0fef0674
.lijit.com/	1970-01-20 09:47:17	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.adnxs.com/	1970-01-20 03:11:17	Name: icu Value: ChgI4axaEAoYASABKAEw3ZzFkAY4AUABSAEQ3ZzFkAYYAA..
.adnxs.com/	1970-01-20 03:11:17	Name: uuid2 Value: 3554596838059038288
.betweendigital.com/	1970-01-20 09:47:17	Name: dc Value: mow1
.betweendigital.com/	1970-01-20 09:47:17	Name: tuuid Value: 0264f395-7939-5132-9132-b0ccf323fe91
.betweendigital.com/	1970-01-20 09:47:17	Name: ut Value: YhFOXQAMwaCBbeUBc6c04gARIN4w8juDCVl6ng==
.betweendigital.com/	1970-01-20 09:47:17	Name: ss Value: 1
.betweendigital.com/	1970-01-20 09:47:17	Name: unm Value: 1
.kooora4lives.net/	1970-01-20 10:23:17	Name: __gads Value: ID=a930ac425e81a615:T=1645301341:S=ALNI_MYCle3qGP99icq8_BLxkPwG1KJybA
.doubleclick.net/	1970-01-20 10:23:17	Name: IDE Value: AHWqTUmbTM-ja91u1ThGArAMjZQoz-209fywrwyb0uWs_Axg65TTSimCBMV2zfy3AkI
.hurra.com/	1970-01-20 09:47:17	Name: __uu Value: MV4CLY34JxNa4-0Szzzzzzzz
.travelaudience.com/	1970-01-20 10:27:36	Name: _tracker Value: %7B%22UUID%22%3A%22A72C376F-C72E-4933-A4AD-351BBBC712A3%22%7D
.quantserve.com/	1970-01-20 03:11:17	Name: d Value: EAABCQG9JYEA
.quantserve.com/	1970-01-20 10:31:55	Name: mc Value: 62114e5e-a588d-4a91c-c5c9d
.turn.com/	1970-01-20 05:20:53	Name: uid Value: 7925839476619326427
.de17a.com/	1970-01-20 09:40:05	Name: guid2 Value: 1.6227181504529911199
.advertising.com/	1970-01-20 09:48:43	Name: APID Value: UPc84dde3a-91bf-11ec-9152-02d562fc542e
.everesttech.net/	1970-01-20 09:47:17	Name: everest_g_v2 Value: g_surferid~YhFOXgAHewVniABH
.casalemedia.com/	1970-01-20 09:47:17	Name: CMID Value: YhFOXut.i0xODyduFi1otgAA
.casalemedia.com/	1970-01-20 03:11:17	Name: CMPS Value: 3274
.adform.net/	1970-01-20 01:42:00	Name: C Value: 1
.casalemedia.com/	1970-01-20 03:11:17	Name: CMPRO Value: 1115
.pubmatic.com/	1970-01-20 01:03:07	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 03:11:17	Name: KADUSERCOOKIE Value: 95CA4225-2505-420D-AEFA-F525229C71AA
.adform.net/	1970-01-20 02:28:05	Name: uid Value: 6898756069755068010
.doubleclick.net/	1970-01-20 01:01:44	Name: DSID Value: NO_DATA
.yahoo.com/	1970-01-20 09:47:38	Name: A3 Value: d=AQABBF5OEWICEJkS-_tAvFNT8PZ42ULzKecFEgEBAQGfEmIbYgAAAAAA_eMAAA&S=AQAAAmqrAhgz_jQRXo_ngwg80kA
.analytics.yahoo.com/	1970-01-20 09:47:17	Name: IDSYNC Value: 18wq~23bw
prebid.a-mo.net/	1970-01-20 09:47:17	Name: __amc Value: 2_1645301341_1645301343
.criteo.com/	1970-01-20 10:23:17	Name: uid Value: 22a7cea6-fa71-4f0f-af3d-6c97ddbe3e56
.adnxs.com/	1970-01-20 03:11:17	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU)FDkLp!@wnfH8K6pQK`!5=E<L5?%KFcIB9a1e4$_msv/+B?wmb1mdoCk>uVYH+=-bpRzqF1`*b^_S)zFvR
.lijit.com/	1970-01-20 09:47:17	Name: ljt_reader Value: 5cfd4169fbb0d560109d6fd0
.ctnsnet.com/	1970-01-20 09:47:17	Name: cid Value: 434f4112a92a4b55a3f0c3610cf011f3
.casalemedia.com/	1970-01-20 09:47:17	Name: CMRUM3 Value: 2d62114e602760CAESEDhZpetrX9tpp3VeXA6dSHA
.casalemedia.com/	1970-01-20 01:03:07	Name: CMST Value: YhFOXmIRTmAA
.360yield.com/	1970-01-20 03:11:17	Name: tuuid Value: 6915be55-e88e-4e31-b880-4916261e19d5
.360yield.com/	1970-01-20 03:11:17	Name: tuuid_lu Value: 1645301344
.o2online.de/	1970-01-20 01:11:46	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324251502_145982138_-0&ref=27008872_4307561_324251502_145982138_-0
.tribalfusion.com/	1970-01-20 03:11:17	Name: ANON_ID Value: a1nseFMwTkF6Xlypr9jFvRcWFZaqcbHeZbOTZasfVWps41AZbi2qBjyZaCVQ6DiKecdhfZc7qp3tXJs7PZafSiEXJbm
.kooora4lives.net/	1970-01-20 10:23:17	Name: cto_bundle Value: QZc4SF9ZOVJ5Q05ZQnJTYkc5VThUNWlQcm52SThKUHlTJTJCOWF3dWJjRTlHN0clMkY3SU9SVHZQSDl4S3ZYN0VsVXd0MEU4b1FOQkhwWTJDNXdPUW1xejBIVzdBR2ptMjVXQjk0MG9rM1N0ZTByRnBycmJlbXE5VkNUeHpkZmJSOERtd3FJc3REY1FCYzMwa3plOWJBY3BOZzNjNFlBJTNEJTNE
.kooora4lives.net/	1970-01-20 10:23:17	Name: cto_bidid Value: IuOYml9weXZkOG1zT1ZoaU5nWDhHN0xjUzZFUldUY0wlMkJqRVVQUyUyRkFMZFZCMXhsRXZWakxudUZpYWZrS0pBNkZkWSUyQkxXJTJGYkN5NHl4QnpuVDRuOXBhaiUyRkhYaVJIYWRWZjQ0V2RoJTJGNTN6MmFoZm5sZWtKQk1NaGJGd0draiUyQjJqYmV0emdE

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://kooora4lives.net/home/(Line 63) Message: <link rel=preload> must have a valid `as` value
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/01/fra_nantes.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/03/1471635382.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/09/ChababBelouizdad2018_7_24_12_49.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/01/spa_real_madrid.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/01/uuid_3s830ae09zdviu2cnqxixflq1.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/01/download-7-1.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.kooora4live.com/wp-content/uploads/2019/01/fra_psg.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YhFOXut-i0xODyduFi1otgAABFsAAAAB&google_gid=CAESEJOH-z01QC7BvWTF_gyGEBQ&google_push=AYg5qPKyI6slL2sWl9lWOYHSpI_AqvrVIYVYnEOBlX_4DV6u0HxuZ6euCCdsiuvSHh8PZ3jLxod2mV08seylg174FEQb_CPrK-4&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aRW-VeiOTjG4gEkWJh4Z1Q&google_push=AYg5qPJSNArcaDXu1UAx8kEqF_TM25s_neZhACLnLOJoi4l_AUaw5dyIdlBA4MWaSlTiUaLsy2UeAATY-mu-geViEaI0HMNu2TLw Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.turn.com
adipolo.com
adipololtd-d.openx.net
ads.betweendigital.com
ads.eu.criteo.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ap.lijit.com
api-public.addthis.com
bidder.criteo.com
c1.adform.net
c2196590ae3fba5f2a64217f13244f3a.safeframe.googlesyndication.com
cat.fr.eu.criteo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
csm.eu.criteo.net
d5p.de17a.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
eb2.3lift.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
ghb.aplhb.adipolo.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
jscdn.greeter.me
kooora4lives.net
m.addthis.com
match.adsrvr.org
mp.4dex.io
mug.criteo.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbjs.e-planning.net
pix.eu.criteo.net
pixel.advertising.com
player.adtelligent.com
player.aplhb.adipolo.com
pm.w55c.net
portal.o2online.de
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prebid.smilewanted.com
r.turn.com
rtb.fr.eu.criteo.com
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
s10.histats.com
s4.histats.com
s7.addthis.com
script.4dex.io
securepubads.g.doubleclick.net
ssc.33across.com
ssl.hurra.com
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
ups.analytics.yahoo.com
us-u.openx.net
v1.addthisedge.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.kooora4live.com
www.kooora4lives.net
z.moatads.com
cm.g.doubleclick.net
eb2.3lift.com
google2waycm.netmng.com
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
pm.w55c.net
pr-bh.ybp.yahoo.com
s.ad.smaato.net
s7.addthis.com
ssum-sec.casalemedia.com
tpc.googlesyndication.com
104.108.145.172
104.108.145.8
104.111.242.245
104.75.88.126
142.250.181.226
142.250.185.162
142.250.185.194
145.40.89.200
151.101.2.49
158.69.251.190
172.67.10.198
178.250.0.157
178.250.0.160
178.250.0.162
178.250.2.131
178.250.2.135
18.156.0.31
18.195.184.255
185.184.8.65
185.33.221.87
185.64.190.78
188.42.29.196
2001:678:cb4:bbbb::11
205.185.216.42
213.155.156.169
2606:4700:20::681b:4071
2606:4700:20::ac43:47ec
2606:4700:20::ac43:4bf1
2606:4700::6810:125e
2606:4700::6812:272
2606:4700::6812:c05
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::200e
2a00:1450:4001:808::2001
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2006
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:830::200a
2a02:2638:1::13
2a02:2638:1::3
2a02:2638::18
2a02:2638::2
2a02:fa8:8806:13::1370
2a06:98c1:3121::7
2a0c:5c81:5142::2
34.149.20.76
34.98.64.218
35.186.193.173
35.186.253.211
35.190.0.66
37.157.4.24
45.133.44.4
46.105.201.240
5.178.65.246
51.89.21.5
51.89.9.252
52.223.40.198
62.144.160.15
72.251.249.14
82.113.101.132
0280b5ec07025974d745833d91f3f71aff053cdb5aebbe37ab368b0284a56f81
02c12d901f4b0b3668eec30ee82d7c248ef3fc0a10f3bef93658f74fb5f17962
04b2b7a53ae50067242578612bf04ecc7f3e3541d2f0abacbdaed4c43174bda7
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a4eaa2e1e620e2f4395e44b8e3885a0648dda372afc684e319278b0cd320c53
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
100e11ec9d5ee986cdfbd47402e848181e7f541685f55368c3c84cb266c0949a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a
18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6
19d68d8c9b0afec111ca934d319c454fe9d57234d8915b2d837e36d54410ddf7
1ada909dba4a333cea85c9d378f2df43151183147ed0cd52c7f98ecb400f8bcb
1b72568a3f7a98d8db169c713523b796402451fceb5188a13c88762bdfeb0237
1ee402996856e81b9ddbe603ca5d65fdd788e4690924a4cfc644ba574ba1a5d1
1f5379be9ef8a74cb98ba69644d1f057db485aaeff192bf08a92ab4712a7b6bb
21fbd6b11f1cf10a085cc6550404fa92a55d0b3471b0ca90cb40be00466b8fa4
24fe63307e2903b2a4b2d80c28383d91861dc9ade1b28feac920e9f5f7b7dddd
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2b071563c8b59cdc2b12b2703f3b5d147f555b1c41d83e5c5ef4a02395aed89c
2c8ae0c883c62c03c5800ca91a31d1f0e00088683fb5f4131667c0504ce99e64
2d2f1fa5f826c9709600c5c5df00962a23b9086873eff45e0e4b72996259c457
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
327df148fcc553459bda0b4d7f4ce2e14e59816e2a47360d20ceea7f114e849c
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794
3ab9eb1b5e0926e9778eadcbb34fa2718370ac32ee5be934f4557ee77e2e8390
3c3f31f09260f95e338bd2c30144726d48b7370ae15e2ef003f2f67e5ba5eb0b
3f5fa988f851f490e6647b38d05972ddb66b5bb932841e1bcf0023e7256c77ed
420cfa3da11ecc4d0dba0f14f66fe079ccb684646ef0c1193d9bfcc2a6874e88
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45deb68232bb5d9ce23bb076bcc71c1f248f8177b00a86aaf13040427050038f
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
47de3e0b41f9b017aa18bd88eab045f08a0de9ea26ca48b5c80fad4db5abca19
48782e40a118e879c461cda8345768ca277421d4a1c65c972e43c28d8e8f0965
487f4e277ea60147de9d3f5825d789c48517cb2c37715ad0fa2cec96808e6bd3
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
496f0506f067b9d12292da403157663448e7d9a96da1b77d61c65e5c87ce9e75
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bbd05de6bc0b11c8e0f89415f2a03355a7518a9e6331e09cf6990fcc01be061
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50b355d30ddbdcfbc57eb2a32734c6574995395b4c64f278ce270f8646b5f3b4
51204696e9c1f477b79b8ba0d78cbecf0f7245ca706a796ce4d6d9d6a73cd5ad
5191512fdc0a424fc981e1660693d6b6d34458e165eb9eeda1e14eadd9f65dad
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5624e4db6aa9885754a015d03016416a61b5fb820db6edf07f358dfbc02c3e3a
569b333ec4213d5394f80ca05bb2b395f9ed9a22c4e305a7d787ce40f3dc3e64
5b9794842e89dcec3790d21b95acce36c08673d4162e745dc440e6766534ed53
5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
60a7eb65405bf15708fee714a46b4dfd08b437eb071bcbc23753d4129b5dce83
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61daa5e10d1910c94db36832a3adb3e9bec2c60a0b584b37daea27f634f36fd0
63e61a12e2ffd38ad4f225cccb848320cc935061b431a2d7654e16cc0a846513
64eafbfed672f76eb4ea7bf1c50083ac34b4ddaff32684448b703943655e6d67
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
69113e7e849e0fb870d2ff2a5d3a65a48df84c31e20e4df20009ffad06ccfd08
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c4c87e7a6f3bf47a6dba04f225c8de902eb46441faf5caf90f849d099bf91df
725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f
72d2367dc35967c758f93deefb69e76a1cfed9be0dcab06fc8ae2bf8d37bc879
7358e901e1612a4feb4408bf49d642ab8ac978eadc59b2249c76335315fc8dc2
7888a75eac5f8b9dc4c448f10e8dc9030fcae612cb236f1a9e9700d56ae6ef34
7897757471988b6dda805254de287e19033514ae748b13569acd29dd275c8d26
78ea6d7806beda2d76bb7d9abb14b034ad476a897376c270aefcf40a2f49316c
79a0bfce16bca841a59d7a5d5a9ed95b22ff6dcadb97314cd96405a7a0241c53
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7ad8673fe58d5f38e085656191d1693f4490e2e637f45087048faf0d42a62d09
7b4fbd6cf87898b005b09546b1c4e82654918b11e5f64ccb8fc32ea0a04e237a
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7cee0a6fb3fdc11cccc6eccc2161a9cc8ca10b4cc331338e41a6464cb2103828
7f584ca8ce0f7b72a76b78921f4fbf8707240962068e9c9a2af45e4dd79f97b5
7f7a5c2a5b6e679fb4aec8a4be6c7b3f6ed9346ac76fc69a6de91e27eae684aa
84081fd74a7d991ee0d9f0f7a46ec0e1da117b875ae918cb6a749b5a81f89aa7
85dd140f4baab8e6605241f797355cd44662fad62533929b506690e40e9d4d6a
894fed31670f2df43b7fdb18514db3246dd7936fc5ce2ea525620cd33e9b468c
8aae2a9600f84efeb57ee4f6b81ecc3db0a920d145f1701d6313aeed9a8aa3a6
8ca09c6adf6b7cefdbccc3871a5a4fff94a39e3f272894ad1b6a18f7d6eced60
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ddc63cbb22fabacdb6e51e53e71a408f18eecd3927f019ccc738d5c6a0ff911
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
916e91af8a6c9d519add774dc21b48301529cb9ee14dba7ed2a0460b0bc6cc69
975870a576905cac3784587d8ac1ec7cdd44469e7a6c20240b7fb32b56543008
97654894d2633abe25bbd287bc1e82cc5adce08c3db329bb8c618444f75c67a9
997663e6a373f85d2fd73078031d335d03e896b56638072e34bf9c30ce15ee4f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d025cb87b46b8acf22761f34d1e400cf1d89239cbefaf3c8001e1bac830c4e2
9e56ed8691648f560cf884ac3576f80c0c70b1f4ddb08eea6703d7f716da6a6d
9f8d022015ffa2ea08110580dc3649e5afb4e10b1f28feb02bd82ab5db5d687e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a15ea0a91601623e6edaa9cca76e0eacec8b53fe3edfbf814b30127921bdccdc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a50761af47976acf2a9b1ed88cff6727c6c0fa4a18c2806a26f108c5268b4c1f
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aaf72a44a5b3934367835f0f41b5c2f6fa0cb99911478a0a5d1ba85d8e58d67d
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ae57327425f6c8bf113115125d8b96902294e7552bb08dc989abdcce89b7e1d7
b0afc15a3765accee14866c3d6104cf5d9554ff90207cce78173bf07a30a2827
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b682cb1fee45d7f80c900aba4d8ddcb18ac1016dcf38ece495801ac65eb14f
b6a73c0fe653467d00b943fa1add3ccd0fe0bc96691ae47d2d30e5a18c990cc9
b8bc808d0fbed368037ca8b541271009eee2956752778faa1600980ccd9cf414
b9ab67d9a55a7ccb9efc03a9f952d84218103c558c873ae08577e8f0ea834457
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bec41605f65590f408d8cf1c648de86b3d19f588dcd18e2568afccecbaf271cc
bef26ed5c20d51463038d461b21ae787170945e2daac0ff482a331bae8c7ee0f
c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a
c040fba9f46fc28d49e48163aa2b5234d34bd9faf1c8ec3aa482eb526c30e546
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c1d4f1cb4d7af73b5f4e8af1c564e4eee052b08780ce97750617849c8fc0e38e
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c32c1f1aeb37aa15f1a29d8685d0c47b9ec1a3d910eeae55b378a14c7d47e226
c35fd278f4eb6bcdcbdcd96bfb324fe3f67dd3d1f6bd0e43cb3bc344425048d2
c54b14e35c0fffc8df23c73c6f47a61b1c2c6c8974e8dc4dbf68bbded5d87a68
c71ea109cef72aaf3121a2adeef6275f77331cf43117eb9b04c72ac78ef4e851
c7779c789f5f18e949052ce81ab23fbe066cb84c8bb36d2fd4fe3f7346fb9e6d
cb0a1ac121b8aa9b8e2912768985ee6341cdd33d4c7b4db39052731d4b5248e2
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc5f4b1ec545dd9c5ace2f3090b097dc24170f14811c6af909785d1780fa6701
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd01ea3cd56c3f77b2d294910bbe09a139ee76ffe85a9d00f7d512606987d865
cd49b40d94b753e7b0fa0add308fb9b127bdb605a44f4a09d874c744d7f0ffdb
cd504f1bb1914654f21691bdcf4b88f5108e20d984b6d14e3894c8c1700d6c61
cde8796cabb7b93bbcf7c8a4bd2d39b926a22d2dfbbe6a37fdafd10c5bd8f965
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d0f31d005ef59a76e769c39569dd29119890ea59abdac12d237185aa495fa6b6
d1870c49e74adfa2d70351cc067c6a3320da45d18231c5a31eb39356151620cb
d32dc522b5e62d7525e3701ac1c8e8c6e7559ab329814177aa7bfad4ad9353f0
d44b84e0471d9d1ac53ce061c9becfa720931b7364c7b55a6325d03859781782
d4abb53f5b0fddfe3f7cce53e43a2dc7e78293f0d25e7d92e9fe3b749f13fa45
d7ce0c9f1013a5a77245e85b1648376519bc7fa5f8a1ca8328d87a9d57d9cdc9
d82cb29829450dd683e7fce8e7ab304007eb326b9a4d81c86734a3dd33011124
d9aa195ab3b1ecdc60aa513adee801ae6d45bb8254f4c7e3e135b553226fee8b
de103d5f4ad393bb96697192045e2f571c47b491690081364d746755fbc9a3f9
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3ad8c90cec1318c90852dc018d75e7afadcb71c36508344fc1c133021007bb3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4c0e8eb5f9a5e0fdacb5a07df9135c9cf978aeaeb88f03aa5049b48184bc94a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ebd6473658a5665ed104b4e2ac49203e198d091b8ecd601489cb33d57ae32abb
ece75ce990e47cc04e5ae7881961750fd684c74a4e2122aff6be636e3a5a4eb0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6fa9b042e6a16b8557219c0358e7d684206224fd10762e52db97effabfdb4b
f1f1657c032b60b67455147db30f0a67e800916bc8556b5303fa93593c42531f
f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf
f4258b7eed814e83b93302fdcefdf9490eb6956a99469adc3b546d866e5a93a4
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fd64a75843c2a615fae6e2137b3dc93cb5d60d406a35f3b6d04af83a4c9ddde1
fef766f3df5eefc3a866123e0ee8474d5e0e41cb8f8e9781b856cf355a174ea4
ffa5977a546df82667e3e44ed295927837ac2309b2be16419c8c47f88b45977a

kooora4lives.net Open in urlscan Pro 2606:4700:20::ac43:47ec Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

346 Requests

89 %HTTPS

43 %IPv6

56 Domains

85 Subdomains

62 IPs

11 Countries

4538 kBTransfer

8588 kBSize

57 Cookies

5 Outgoing links

Page URL History

Redirected requests

346 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

kooora4lives.net Open in urlscan Pro
2606:4700:20::ac43:47ec Public Scan

Screenshot
Live screenshot

Full Image

346
Requests

89 %
HTTPS

43 %
IPv6

56
Domains

85
Subdomains

62
IPs

11
Countries

4538 kB
Transfer

8588 kB
Size

57
Cookies

346 HTTP transactions
14 data transactions