www.ransomizer.com Open in urlscan Pro
69.163.207.112 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.ransomizer.com/
Effective URL:
https://www.ransomizer.com/
Submission: On December 13 via api (December 13th 2023, 3:15:24 pm UTC) from US — Scanned from DE

Summary HTTP 197 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 13 domains to perform 197 HTTP transactions. The main IP is 69.163.207.112, located in Brea, United States and belongs to DREAMHOST-AS, US. The main domain is www.ransomizer.com.
TLS certificate: Issued by R3 on November 12th 2023. Valid for: 3 months.

This is the only time www.ransomizer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	69.163.207.112 69.163.207.112	26347 (DREAMHOST-AS) (DREAMHOST-AS)
6	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
36	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
19	146.75.120.193 146.75.120.193	54113 (FASTLY) (FASTLY)
15	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
9 12	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
9 15	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9 12	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
3 6	54.217.222.23 54.217.222.23	16509 (AMAZON-02) (AMAZON-02)
38	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
9	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:223... 2600:9000:223f:d600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2600:1f13:800... 2600:1f13:800:7780:c62:c4f4:bfd5:92f9	16509 (AMAZON-02) (AMAZON-02)
197	19

12 69.163.207.112 (Brea, United States) 1 redirects

ASN26347 (DREAMHOST-AS, US)
PTR: vps13011.dreamhostps.com

www.ransomizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 146.75.120.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.98 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.64.151.101 (United States) 9 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.89.210.153 (Frankfurt am Main, Germany) 9 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.217.222.23 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-222-23.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:223f:d600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	572 KB
38	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	487 KB
32	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	170 KB
25	adsafeprotected.com 3 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	306 KB
19	imgur.com i.imgur.com — Cisco Umbrella Rank: 7364	1 MB
15	casalemedia.com 9 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	10 KB
12	adnxs.com 9 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	9 KB
12	ransomizer.com 1 redirects www.ransomizer.com	115 KB
8	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3986	33 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	86 KB
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	47 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	193 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
197	13

	Domain	Requested by
38	s0.2mdn.net	www.ransomizer.com s0.2mdn.net
36	pagead2.googlesyndication.com	www.ransomizer.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
19	i.imgur.com	www.ransomizer.com
15	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net
15	tpc.googlesyndication.com	pagead2.googlesyndication.com www.ransomizer.com tpc.googlesyndication.com
13	dt.adsafeprotected.com	googleads.g.doubleclick.net
12	ib.adnxs.com	9 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
12	www.ransomizer.com	1 redirects www.ransomizer.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.ransomizer.com
9	googleads4.g.doubleclick.net	www.ransomizer.com
8	static.addtoany.com	www.ransomizer.com static.addtoany.com
6	static.adsafeprotected.com	googleads.g.doubleclick.net
6	cdnjs.cloudflare.com	s0.2mdn.net
6	fw.adsafeprotected.com	3 redirects www.ransomizer.com
6	cdn.jsdelivr.net	www.ransomizer.com
3	www.googletagservices.com	www.ransomizer.com
1	www.google.com	tpc.googlesyndication.com
197	18

This site contains links to these domains. Also see Links.

Domain
www.transparenttextures.com
www.addtoany.com
www.melvix.net

Subject Issuer	Validity	Valid
www.ransomizer.com R3	`2023-11-12` - `2024-02-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
static.addtoany.com E1	`2023-10-29` - `2024-01-27`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.ransomizer.com/
Frame ID: A20930468FBCD3EB34846E55048460A4
Requests: 50 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: F4410BCDAF096EE8F6DFDF65F9275093
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 57B575931D7BF3A7F22EA31F0CAA625D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5190069960016990&output=html&adk=1812271804&adf=3025194257&lmt=1701310383&plaf=2%3A2&plat=8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fwww.ransomizer.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702480518814&bpp=3&bdt=806&idt=291&shv=r20231207&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1371485061910&frm=20&pv=2&ga_vid=1185640549.1702480519&ga_sid=1702480519&ga_hid=842044383&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079437%2C31079979%2C95320885&oid=2&pvsid=1098057064834304&tmod=67448278&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=311
Frame ID: 3DCF6493F46B2A708B63B8EDC8CC8F70
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 9A4949D567F826056D452670F882BC84
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 65FA30B1966EB4736FC720E2FDDC9259
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C6FCB329D73AD97D8441AF09AA496DF7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNW_rIZbZgqhkT5qGIZMTcpbqRZk67dVwYHct_TpXHnZmShY2sbCLEJoeLDPTwy_cvaHT0CT7tzKLkiwX88EE_pD2Sml9tY0ODkxuy7bqP9LWPkAVgXS27m-s2Uh-Jegl0LRYAji8mYnx0A2qHJLC2I8B3EAHZPjYE8R8YowuBKPNTTZu0E
Frame ID: BF13F0E72C42E8DB95438A93FFA9B00C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: D18274A705A1FAE3FA31B8548266D24C
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNUkd7dcMADolhpAABsWoDopxfIjkC269rpTHWD2p51Fxp_pHBQp88reDTosdNNZjnb1ujCUIOyyWP7bkQbBJys1mcKB2Y8vaE-aQi2IxOeZX9_aBjFsJ-0PvtqbtRErVFBxcuq5MhTvnicNmIqcUgAp0WcyQWTzGfcU1Xxi8J8GzCfmxnM
Frame ID: 93666F8F312DF5020265B2CFEE4F78B0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 45779365457AC11BE3CBFC25FC4EB5C1
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNW8j2urnOwBnE_QVGVXp6x-R5Ol_L6ctvBQiVnzQR3BjuXwwQm6qwjtF92kKyv2PacYBe5q7WSxwPAK0pWMJ2r2vLsN62ysk_QnH5uEQ3FAt-WlMmNp66N5LjopjdFKTMlCUh_Kknc3L2SRPn-wUWQ9MOEeg2G8hlVybgroITN1BKLqrBI
Frame ID: AAD00711C16B4618B405D8DFA01DDA84
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 6CCF6A55AC726B9F1EF62A04EB021C4B
Requests: 24 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CB7B9737C908F74199EAC8396D469AFC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AC98DF0031F41887E8FBA488D7E0735A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 10E2E5D5FFB924A87708C37A9C47A1FD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1B411609FE564DF3EA40438AB6F88DB2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
Frame ID: C41B990422176256F8BDB763B1A5ADC8
Requests: 15 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: FCE824DE0CEEFD17C28771CE3255A6FC
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: B642364272B139591A07732CA3CB6F86
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 4589751541B771839E45BC6F81579D53
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 70871CE68EE666905EAEF776ED81BFBF
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 2C507114FDEB18D3209C53B350750C30
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: C46A6E36ED8A1C9459A08C042D0C0654
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Ransomizer

Page URL History Show full URLs

http://www.ransomizer.com/ HTTP 301
https://www.ransomizer.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

197
Requests

92 %
HTTPS

61 %
IPv6

13
Domains

18
Subdomains

19
IPs

3
Countries

3341 kB
Transfer

6734 kB
Size

9
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.transparenttextures.com/
Title: Transparent Textures

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.ransomizer.com%2F&title=The%20Ransomizer
Title: Share

Search URL Search Domain Scan URL

URL: http://www.melvix.net/
Title: Melvix

Search URL Search Domain Scan URL

URL: http://www.melvix.net/contact
Title: contact me here

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.ransomizer.com/ HTTP 301
https://www.ransomizer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1&C=1

Request Chain 75

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKifAQd0ihpHkzzXlBhwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO8mCIJ6Ytd72Uvtc2xPXHM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO8mCIJ6Ytd72Uvtc2xPXHM%26google_cver%3D1

Request Chain 77

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTU4NDIyMTc1ODY2MTc4MDA%3D

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1&C=1

Request Chain 80

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKiWf3w3ZyFxmc9vc23gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAv0Z-RNcY288ivzZWXOaQc&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAv0Z-RNcY288ivzZWXOaQc%26google_cver%3D1

Request Chain 82

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1&C=1

Request Chain 84

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKiT6M61QGFcLpQtzLPAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIA0AXp2TnmeMbAMydfvbf4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIA0AXp2TnmeMbAMydfvbf4%26google_cver%3D1

Request Chain 86

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

Request Chain 163

https://fw.adsafeprotected.com/rfw/st/1627455/73523880/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0j97msJqW2sYavVKzH_w-fB&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0j97msJqW2sYavVKzH_w-fB&adContainerId=brand_safety_icp5ZZGXCOXS9u8PxvmE0Ag&cbFunctionName=goog_wrapCb_icp5ZZGXCOXS9u8PxvmE0Ag&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.ransomizer.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.ransomizer.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271801%26client%3Dca-pub-5190069960016990%26fa%3D1%26ifi%3D2%26uci%3Da!2%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:7c787c11-c5ab-8dce-855c-ddb967557c83,c:wH5paZ,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765b799994-pgcxz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tYkGLDH+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:12,oid:6e99c9d6-99ca-11ee-867f-1a55120d1ee9,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 170

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0iombqB7ID3_fCGbrkNujAU&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iombqB7ID3_fCGbrkNujAU&adContainerId=brand_safety_icp5ZaHuDJLT9u8P_ta06A0&cbFunctionName=goog_wrapCb_icp5ZaHuDJLT9u8P_ta06A0&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.ransomizer.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.ransomizer.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-5190069960016990%26fa%3D3%26ifi%3D3%26uci%3Da!3%26btvi%3D2&adsafe_type=be&adsafe_jsinfo=,id:bb3bf488-9e7e-1603-9125-44312928b392,c:wH5pc6,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765b799994-5bbqp,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tYkGLEN+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:151*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:14,oid:6e99ca45-99ca-11ee-8f3a-2e8934b60384,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 172

https://fw.adsafeprotected.com/rfw/st/1627455/73523873/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20487175905&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0gEpz6_AyaJf_BoyJq2tcdD&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gEpz6_AyaJf_BoyJq2tcdD&adContainerId=brand_safety_icp5ZeDVD7Ki9u8PqoaagAg&cbFunctionName=goog_wrapCb_icp5ZeDVD7Ki9u8PqoaagAg&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.ransomizer.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.ransomizer.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-5190069960016990%26fa%3D4%26ifi%3D4%26uci%3Da!4%26btvi%3D3&adsafe_type=be&adsafe_jsinfo=,id:3b7907ef-b572-5fa9-16b0-dfa43cc238fe,c:wH5pcC,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-6bd95bc6b4-n65xw,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tYkGLFk+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C1511%7C15121%7C1513%7C1514%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:161*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:13,oid:6e9dc1c6-99ca-11ee-9290-fedfa76205d9,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

197 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.ransomizer.com/
Redirect Chain

http://www.ransomizer.com/
https://www.ransomizer.com/

140 KB
16 KB

689ms
218ms

Document
text/html

69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

445789b592a10dab6cda49698274740c1dccb1eada9f22d40db677aaea74e9ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=86400, public
content-encoding: gzip
content-language: en
content-type: text/html; charset=UTF-8
date: Wed, 13 Dec 2023 15:15:17 GMT
etag: "1701310383-gzip"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 30 Nov 2023 02:13:03 GMT
server: Apache
vary: Cookie,Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-drupal-cache: HIT
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 10 (https://www.drupal.org)

Redirect headers

Connection: Keep-Alive
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 13 Dec 2023 15:15:17 GMT
Keep-Alive: timeout=5, max=100
Location: https://www.ransomizer.com/
Server: Apache

GET
H2 200 css_iasLO9fU_XMgF7a72bV-5YDugUsZC7bvkGFyYY0xx-g.css
www.ransomizer.com/sites/default/files/css/ 16 KB
4 KB 638ms
636ms Stylesheet
text/css 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/css/css_iasLO9fU_XMgF7a72bV-5YDugUsZC7bvkGFyYY0xx-g.css?delta=0&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

93e60e7fa967a263f2595e5792069ca12b52f6dff9cdf00bd52a0b2b8fb1f888

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:56 GMT
server: Apache
etag: "e93-60b5530a0b257"
vary: Accept-encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3731
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 rangeslider.css
cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ 5 KB
2 KB 69ms
29ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/rangeslider.css

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c9029a03bdacdbeac4466dcde013ec1d100134704d07d40837935a8269d6bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1312976
x-jsd-version: 2.3.2
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230095-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"13ea-2D9TIwpJ8wWmM4QtN3HzaQ0T4SQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w78bYFs2HtNfjEJJmMMdzdUYDlM60dTSN05hiOXxKeL1t42M7aMz5W%2BhnN4Wo%2Fb8kfgBL%2Fz8GTg%2FPFjARkqdgj88822%2BC%2FE1gd54qB3AQDxz%2F8bkM7hHVqh6Z5a7OdG4wGIYlg3IODDpiWH9Z5s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 834f2965dca02c77-FRA

GET
H2 200 css_vlkFvJBhMX7DL4jAuj57J-zBc8li7gSpdtInPOfaOg4.css
www.ransomizer.com/sites/default/files/css/ 4 KB
1 KB 642ms
640ms Stylesheet
text/css 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/css/css_vlkFvJBhMX7DL4jAuj57J-zBc8li7gSpdtInPOfaOg4.css?delta=2&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

f383fc1dd896939cf47adaa32b807a19430e16df4e11ed434679bf127bd0c719

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:13:04 GMT
server: Apache
etag: "3c2-60b5531180634"
vary: Accept-encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 962
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/ 118 KB
20 KB 75ms
36ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ransomizer.com/
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1258629
x-jsd-version: 3.3.7
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230117-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"1d970-ZSfYvz4ek2i6uMe2D1a8Afo6/Wg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3mJpFr9fmUQhxBH%2FubmCVRpWnmebgEtdpcTNc0ac8ek72iIwWPkOenb9W9RKS8TmWYjv8hC4D7sKPMgmI%2Bkcu4dTcJn0wUSwMFydeuLtqJV4rd7U9kPCt1rPHU2tKcL4tveKtKWx4mpzTDfW5o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 834f2965dce24d37-FRA

GET
H2 200 drupal-bootstrap.min.css
cdn.jsdelivr.net/npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.3.1/8.x-3.x/ 11 KB
4 KB 66ms
27ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.3.1/8.x-3.x/drupal-bootstrap.min.css

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a276d362f6e87220e6a884af95943870767643be8443eb6e42c511488ae3a93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ransomizer.com/
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1163837
x-jsd-version: 0.0.2
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230130-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"2ba9-3/FCnSrlxEHHqKHDrOwd7qfgeuE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufx9oBiVDnNe9%2BBK4KO46GMaHOCVGgvdOAPF1pueK0z8NyKlorXV21jcEzmcU%2FC1ywUmWUkEjqbQnOpYWUUZt5Dy7tR9Qjmr58w2Tk8GmBKOtjZuZy6ScHaPRWYanbgHJP2I3zPMmVvwTTQFGTY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 834f2965dce04d37-FRA

GET
H2 200 css_0wuxWRCToAS1DcBJTgNxuVNo34N3chYy8npDVao0Gik.css
www.ransomizer.com/sites/default/files/css/ 16 KB
4 KB 639ms
637ms Stylesheet
text/css 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/css/css_0wuxWRCToAS1DcBJTgNxuVNo34N3chYy8npDVao0Gik.css?delta=5&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

8954a3997bf726636d49ec096aa349538baeec15c9a52ca5c6814e42f7f3ec24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:57 GMT
server: Apache
etag: "f47-60b5530b4a7e2"
vary: Accept-encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3911
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 js_wWCDyle2bV75pxW4ZIt7Ri8duyz_n3t9jW58TdQwF4w.js Show response
www.ransomizer.com/sites/default/files/js/ 92 KB
32 KB 640ms
639ms Script
text/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/js/js_wWCDyle2bV75pxW4ZIt7Ri8duyz_n3t9jW58TdQwF4w.js?scope=header&delta=0&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

c3ce6cf1f18835d40d3177b0a7d5e6f08493a0c74daa32bde4e004ea48d3cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:57 GMT
server: Apache
etag: "7e5c-60b5530b82289"
vary: Accept-encoding,User-Agent
content-type: text/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 32348
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 logo.png
www.ransomizer.com/themes/custom/ransomizertheme/ 37 KB
37 KB 195ms
194ms Image
image/png 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ransomizer.com/themes/custom/ransomizertheme/logo.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

6a75d4c4f4e85a020d754b2357673d97413e0e24d1f4c782181a1211a761f90f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
x-content-type-options: nosniff
last-modified: Wed, 29 Nov 2023 00:31:36 GMT
server: Apache
etag: "9394-60b3fa8606a00"
vary: User-Agent,Accept-Encoding
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 37780
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 110ms
66ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5190069960016990

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

356ec4081f8da79482e8cd8697750c6afa7e283c16047dac5175e1a9028ca9ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51744
x-xss-protection: 0
server: cafe
etag: 331317250825004641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:18 GMT

GET
H2 200 js_zM0GwMWZ5dlJ1RaElCntT00Z3g414yOkX0wvbK1SEu0.js Show response
www.ransomizer.com/sites/default/files/js/ 21 KB
8 KB 492ms
491ms Script
text/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/js/js_zM0GwMWZ5dlJ1RaElCntT00Z3g414yOkX0wvbK1SEu0.js?scope=footer&delta=0&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

939ff687e5c1b1e8f6bdcec7b917fd2798deeea1113c76b79d2d1c6f636f48c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:57 GMT
server: Apache
etag: "1fbd-60b5530b6bb26"
vary: Accept-encoding,User-Agent
content-type: text/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 8125
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 81ms
33ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

042a9121e1c7bcdc3bfc48ed5e23b8dd1f64f375ef5872a5984e5d5096444702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3632
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"03396a6543cd35a0e73d2b4de150841b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nBSTaf9OYEzFeHia7N%2Bkhp51Ej8kuufZf7qqNYQhDP1hkIR7SwAvZUAiYghliq%2FZ7vNJle2pUD8n2cx%2FCw7ObQktvRCUe2hn2Yi0lfD%2FlGw3e%2ByTcnQ0gWfdqAepEt30BFTFIb8F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 834f2969f97e364a-FRA

GET
H2 200 js_5lDp623LIX3mO8lDQ4taxGVO6lf_GL7SPfrZqUpL6Sc.js Show response
www.ransomizer.com/sites/default/files/js/ 4 KB
1 KB 195ms
192ms Script
text/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/js/js_5lDp623LIX3mO8lDQ4taxGVO6lf_GL7SPfrZqUpL6Sc.js?scope=footer&delta=2&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

16368e9daa6a156a3955ec6f3a69b8a3366a7872f82bb40ac6a1ba6e98457bc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:57 GMT
server: Apache
etag: "56d-60b5530b776a8"
vary: Accept-encoding,User-Agent
content-type: text/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1389
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/ 36 KB
10 KB 35ms
35ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ransomizer.com/
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1344386
x-jsd-version: 3.3.7
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"90b5-QwpEPXSDD+m+Ju/KQx9EjBs3QPk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlfptfN98CUp9fAc1VZntcBnynrfU%2Bicu6sGkQE8mS043DcRJnVlcM6PFbhbqc7UugnGrsqw5uSL0cWuJyDZRQOfu7euxyNcaOISLbGPM9Zbhn2f%2FYeSQNqiqN5zyTM5KuQgC2rQ2KuDNjj7uxU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 834f2969a99d4d37-FRA

GET
H2 200 js_jy_pCs2APG2U6Lb8lDMNddI-plpG1AWF8d1PX76Yv1k.js Show response
www.ransomizer.com/sites/default/files/js/ 24 KB
6 KB 194ms
193ms Script
text/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/js/js_jy_pCs2APG2U6Lb8lDMNddI-plpG1AWF8d1PX76Yv1k.js?scope=footer&delta=4&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

4b87a2a7865fdf6e92ec39077b939e8e7bce5bdfc99f445eac774742e97fb4b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:12:57 GMT
server: Apache
etag: "198e-60b5530b9998c"
vary: Accept-encoding,User-Agent
content-type: text/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 6542
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 cookiesjsr.conf.js Show response
www.ransomizer.com/modules/contrib/cookies/js/ 916 B
558 B 190ms
189ms Script
application/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/modules/contrib/cookies/js/cookiesjsr.conf.js?v=10.1.6

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

8dd936a87b45186800a8977d9b06fa995bceb4398b6ceef1aa475188a832800d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 Nov 2023 13:55:39 GMT
server: Apache
etag: "394-60aa9f5272cc0-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 442
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
H2 200 cookiesjsr-preloader.min.js Show response
cdn.jsdelivr.net/gh/jfeltkamp/cookiesjsr@1/dist/ 35 KB
8 KB 29ms
28ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/jfeltkamp/cookiesjsr@1/dist/cookiesjsr-preloader.min.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38bddf83484d1e8c2022ae0fd0d61dad8c01a431b43c406813c7f350e90a18e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 34221
x-jsd-version: 1.0.13
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230117-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"8cf3-QTymxkvcX9D68jHt+CHVm7C8mkM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqwTiosrE%2FsgakWXtxehcFRXUXbNeR1OwH31XdwJzEz7agh4PfZ%2BgVdtz9T6bC1Giv7zuqvWvs7hJfLUM4VcUkq8Qahf6Svpz9fTdBCT6ombMdhHQ22CX%2BDQhygMA%2FiMEjRHpWMM91dK0li8%2FUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 834f2969aa8a2c77-FRA

GET
H2 200 rangeslider.min.js Show response
cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ 8 KB
3 KB 28ms
27ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/rangeslider.min.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc5844b469da436c41fb28c14d25f1b2cb6135c7dd6f3bbe9662d8842769d827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1250860
x-jsd-version: 2.3.2
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220105-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"1fd3-YMpPEDOhY3bi04aRWykrWCCu8Wc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6UpzX3DQN61NmeyjV8vluBrDoszjZdHiFqtFt35FLrghHpqITGXlGJ%2BksqxRMK50YN%2BTxvCJji6Y2O%2FeWIhOAeLyRd1XE3cKGPa9wbVpnwd%2BzR7v5ggjByz3D9y4W%2BSnbQwU%2F3fdKXB5bhhCr8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 834f2969aa892c77-FRA

GET
H2 200 js_tG-1tO8sopbcH8FRDF6z9-xsDmGwRFisIU9ZtbQjzSw.js Show response
www.ransomizer.com/sites/default/files/js/ 17 KB
4 KB 195ms
194ms Script
text/javascript 69.163.207.112
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ransomizer.com/sites/default/files/js/js_tG-1tO8sopbcH8FRDF6z9-xsDmGwRFisIU9ZtbQjzSw.js?scope=footer&delta=8&language=en&theme=ransomizertheme&include=eJxtkGtuxDAIhC9k2UeKiM1azhJwgVRyT9-0ifbR5hejj2FGAkpxAR4JThFvKuwhi2JaPjbUEapIJZyAgYa3bOkvCDbMcU0zGO6Xcm9oU4X0NMwibq7QU5cun6gvxEXIWz8qi24dKBacZeOMbxCY_8MVzaA-atM5F9OYhW-XvPAVNh-EFhTYZG1fqOkpj0r5Kd9hxcmold1BbVbQPSD-4oPGxd5dSLgi-6snHL-dspBob_n-CBtXqzPhGyNNqTs

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.163.207.112 Brea, United States, ASN26347 (DREAMHOST-AS, US),

Reverse DNS

vps13011.dreamhostps.com

Software

Apache /

Resource Hash

4d1cbc1cc820b123c9be585105368c2b843b714ffcd2c5d1bc67c54017d22a9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Nov 2023 02:13:04 GMT
server: Apache
etag: "1148-60b55311a57f9"
vary: Accept-encoding,User-Agent
content-type: text/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4424
expires: Fri, 12 Jan 2024 15:15:18 GMT

GET
DATA 200
OK truncated
/ 513 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1107824fee57311554e87b7ebf3da2f518124457e2b0df8bfdd22870dfbb2548

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame F441 677 B
727 B 34ms
33ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 2617
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 834f296a39d4364a-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 13 Dec 2023 15:15:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTMQVW0%2Bw7NeQN2IDE5XCzuZ0YjBYD60%2Budt9%2Fv0Fgf8kYXqiMlCiObfjUdgjTqUNpFVXbGS8egAM5eVUNVWv%2B0oDC2p%2Bcq8IV46vhp%2FIy%2FTDjZB85Bj7m%2FrCFcRx6m8xhiLA37n"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.11bfb520.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 108ms
69ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.11bfb520.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77fd2e01fe7322b437084ad512b3c3df777ce7d092b975eb8b29ecb4fb612187

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ransomizer.com/
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a34c5f06f67d42236ec124345ba1b81c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZOq7qxQut3zeQGht%2Fikw7v02BYfBseaJpVfNRCRAP7vTfC7JbE2GD5m01BUOYJgcB1QZls6x01GeXpkw9JtumBntZAkWp7EEwWI60Efp3jkEWddYPI3UKtXTyA6l5IqTDevxLtv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 834f296a6d5d71c1-FRA

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 398 KB
135 KB 125ms
85ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5190069960016990&plah=www.ransomizer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5190069960016990

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bdab73c6a2cf2ace6638c2bd844073e6915d013a64fe1af434efd37500285ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137718
x-xss-protection: 0
server: cafe
etag: 7427843739561490915
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:18 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 57B5 9 KB
4 KB 63ms
18ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5190069960016990

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 5140
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 13:49:38 GMT
etag: 5585625838579639069
expires: Wed, 27 Dec 2023 13:49:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ruhP2kd.png
i.imgur.com/ 20 KB
20 KB 129ms
71ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ruhP2kd.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3e96e791d85d66936d032a8e4a5cf096690845489d6a72261f1019cf283552c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1147864
x-cache: Miss from cloudfront, HIT, HIT
content-length: 19993
x-served-by: cache-iad-kjyo7100140-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:16:17 GMT
server: cat factory 1.0
x-timer: S1702480519.998532,VS0,VE24
etag: "e2e9b82747aecb51b2ea984bc78ac8c5"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 3pDgBHKj4gjAvi6Yd0rd7djm9fW98YA71kIqWvnirHU73ZDQixJ8bw==
x-cache-hits: 378, 1

GET
H2 200 pwrAKPo.png
i.imgur.com/ 20 KB
20 KB 128ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/pwrAKPo.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d243c42e2acd1104b8194c6021008fdb31a04247db8a53e7befbd5998741a2e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P3
age: 3636267
x-cache: Miss from cloudfront, HIT, HIT
content-length: 19993
x-served-by: cache-iad-kcgs7200129-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:17:00 GMT
server: cat factory 1.0
x-timer: S1702480519.998672,VS0,VE3
etag: "471df31f81cfd2c892d9a131fd513619"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: OoSs9QzUkQcDBEse-MAHDgoBT-VpvzuNfuVodWjoifLHuDB08HW24g==
x-cache-hits: 282, 1

GET
H2 200 3EarthF.png
i.imgur.com/ 8 KB
8 KB 84ms
26ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/3EarthF.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

eb2ab28f65de3477fa6111bf66ac0d518b474dde773b12cf228285147979aa31

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:18 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 4683265
x-cache: Miss from cloudfront, HIT, HIT
content-length: 7861
x-served-by: cache-iad-kiad7000121-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:17:08 GMT
server: cat factory 1.0
x-timer: S1702480519.997725,VS0,VE2
etag: "0e93cb30c6e8dec2cedd0b5151d937c0"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: MjmNZJ1Gyn5pdJI3KWP59BvNH5v-QPUzeaKuOkjvF3XykGzDK6SyVw==
x-cache-hits: 209, 1

GET
H2 200 jbMv00O.png
i.imgur.com/ 19 KB
20 KB 128ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/jbMv00O.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

6f5b001078068b0a370dababf149ec25a09c339a71112155e2d2cdc547e49be2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-C1
age: 4325651
x-cache: Miss from cloudfront, HIT, HIT
content-length: 19907
x-served-by: cache-iad-kcgs7200092-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:17:15 GMT
server: cat factory 1.0
x-timer: S1702480519.998182,VS0,VE3
etag: "b170effc88bf0f8f78fa7ab47167b37e"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 7UoSs0yLZbO-tU0Aiug0Ja3W_X-WOQZCC56VdXAyX2scPizI6gLvZQ==
x-cache-hits: 755, 1

GET
H2 200 nIRJZjA.png
i.imgur.com/ 79 KB
79 KB 91ms
33ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/nIRJZjA.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

5c22a92f965d8618e18c4c57a901f7b0f72bbd0f31ee8fc000f1904437d96743

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 3639720
x-cache: Miss from cloudfront, HIT, HIT
content-length: 80610
x-served-by: cache-iad-kiad7000049-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:17:22 GMT
server: cat factory 1.0
x-timer: S1702480519.997749,VS0,VE3
etag: "bb5ab02bd492e577b277b56d93f8cd5b"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 5Y3xdaWYx_J8VUVYcHV8VDkdywOqjXioSKzOnkliyE_01UKWeIzH-A==
x-cache-hits: 218, 1

GET
H2 200 DCLz7wl.png
i.imgur.com/ 84 KB
84 KB 86ms
29ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/DCLz7wl.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

ecef4edc5ce2370c9445f97e249c56cabbe4ad36b93834caf0b16ddc73e81259

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: PHL50-C1
age: 3731659
x-cache: Miss from cloudfront, HIT, HIT
content-length: 86226
x-served-by: cache-iad-kjyo7100169-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:17:29 GMT
server: cat factory 1.0
x-timer: S1702480519.998183,VS0,VE3
etag: "56adfe899d5e3b9b4b58614d515bdfeb"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: mZDgGOZn3BXswrji68FKU76v6r7U70i5butDC-YMBMHoRUc6fbpEKA==
x-cache-hits: 116, 1

GET
H2 200 ND5EcNq.png
i.imgur.com/ 199 KB
199 KB 54ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ND5EcNq.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

73d3b9c26a4ad28a1e6c87251dfc19962d7c0537b475d99a5d1ae6aa418864a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 2425135
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 203431
x-served-by: cache-iad-kjyo7100138-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:20:42 GMT
server: cat factory 1.0
x-timer: S1702480519.031430,VS0,VE2
etag: "a61f806601a3912276796bff6c9311ee"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 7mkZy2R2acyaJVK7qYzpzCs977EC7j9SC6kj7iiE9h8b2YG_WgucWg==
x-cache-hits: 2, 1

GET
H2 200 1wxqouY.png
i.imgur.com/ 32 KB
32 KB 54ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/1wxqouY.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

018f3858ecc7e31d12acabb171287809069a700990711bfe9c0de526e8b4e8e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-C4
age: 3707963
x-cache: Miss from cloudfront, HIT, HIT
content-length: 32590
x-served-by: cache-iad-kjyo7100109-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:20:59 GMT
server: cat factory 1.0
x-timer: S1702480519.031390,VS0,VE2
etag: "87467da4aa3a62d0d8d0cc7026098d3d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: hSPdXmj1Tuv4SzVSjBGlU7-Mfu302jbBf6vhUvqC6Gb-SkDeDQTT5w==
x-cache-hits: 50, 1

GET
H2 200 h2wsr9q.png
i.imgur.com/ 40 KB
40 KB 55ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/h2wsr9q.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

787dfff8d6b0bdd47278d893f53a57979266027c632cd9bc41d17bc664f5cb7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P4
age: 1071228
x-cache: Miss from cloudfront, HIT, HIT
content-length: 41003
x-served-by: cache-iad-kcgs7200156-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:21:15 GMT
server: cat factory 1.0
x-timer: S1702480519.031392,VS0,VE2
etag: "75a7a84a76f0b6679b46fc53ab761149"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: qrMBynmVENRDToI_mxRERw13VklHC40SlQ4r_nWmcpqQxZhJG0ykMw==
x-cache-hits: 238, 1

GET
H2 200 56UD0sh.png
i.imgur.com/ 99 KB
99 KB 55ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/56UD0sh.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

bcd3148113eb4f3ab143062d7d3bbaecfc34f8ebfc9545d453732e732dcc36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 2413066
x-cache: Miss from cloudfront, HIT, HIT
content-length: 101511
x-served-by: cache-iad-kjyo7100102-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:21:27 GMT
server: cat factory 1.0
x-timer: S1702480519.033206,VS0,VE2
etag: "a701ba32983a7b9dbdd591974b30e8dc"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: dG4lseLxTFMB92ukmSsGzpKGpeUYu7BZSgGtLtw9vZviGPjnyGV0zA==
x-cache-hits: 497, 1

GET
H2 200 EJx08Bn.png
i.imgur.com/ 129 KB
129 KB 55ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/EJx08Bn.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

fd7c229ce14a5809e39275163bf9bb8c2dbc51d0eb1d79c5cb8ab7ba7b9fdcc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 4333696
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 131898
x-served-by: cache-iad-kcgs7200112-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:21:41 GMT
server: cat factory 1.0
x-timer: S1702480519.032244,VS0,VE2
etag: "73af168c150f3b634928e8c6637ddbc4"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: jRtFIqt_JUJoU-irRcScJlJsXKuN7pKtauvs10klksmMeO-4i5cmlg==
x-cache-hits: 395, 1

GET
H2 200 Tg0fOcU.png
i.imgur.com/ 72 KB
72 KB 56ms
55ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Tg0fOcU.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0281a41949ff4acb0bb39178be18f4dd8f046a602d165dc39af7e83142af4929

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2528872
x-cache: Miss from cloudfront, HIT, HIT
content-length: 73446
x-served-by: cache-iad-kcgs7200126-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:21:49 GMT
server: cat factory 1.0
x-timer: S1702480519.031872,VS0,VE5
etag: "ae8d7563f120b08f7e809adac2e78ac1"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: bvcYRvGtLVpB0llWPLMrfNhpOOc6LQ87I4MKWwSrMEHsP3jBU4enuQ==
x-cache-hits: 537, 1

GET
H2 200 E5z77Fj.png
i.imgur.com/ 63 KB
64 KB 54ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/E5z77Fj.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4620f86827d61968620018f8ab3a98bc53d823ba1633770d68434f189a3093c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2531833
x-cache: Miss from cloudfront, HIT, HIT
content-length: 64991
x-served-by: cache-iad-kcgs7200162-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:04 GMT
server: cat factory 1.0
x-timer: S1702480519.031282,VS0,VE2
etag: "4c05492673dbb38cb7adcdb377d3486c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: r7HqWYeNgMJiHkUAyjVBtiPv3eRzEo6ClXx6UJI_vpCPvXRP9yYQnA==
x-cache-hits: 919, 1

GET
H2 200 jIHCf3i.png
i.imgur.com/ 38 KB
38 KB 55ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/jIHCf3i.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

27e2807d1a3e26f1e1c85c81b37c6ab938a8ca5275d928d58cdf7a5dc04d448a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P1
age: 3189483
x-cache: Miss from cloudfront, HIT, HIT
content-length: 38798
x-served-by: cache-iad-kcgs7200132-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:13 GMT
server: cat factory 1.0
x-timer: S1702480519.032725,VS0,VE2
etag: "38b03d7849be32ddb81704ac826385ec"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: b98RVVRxfi_jYqKHa-W3Guxuq9Msrvu96S-Je5q2o8rGzD4QTWdVKA==
x-cache-hits: 263, 1

GET
H2 200 b3FJONj.png
i.imgur.com/ 80 KB
81 KB 54ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/b3FJONj.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

06ac02ee03014393fe405754206fe7b7979d22853bc3b5aa9058489ed761ed47

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: ORD56-P6
age: 718474
x-cache: Miss from cloudfront, HIT, HIT
content-length: 82219
x-served-by: cache-iad-kcgs7200161-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:25 GMT
server: cat factory 1.0
x-timer: S1702480519.031260,VS0,VE3
etag: "e627ffdaa9854f8684c4349f0c54ad78"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: XpGAGVTnQVmXcJ4zenLwoanKG_6m25vE_t0e83dytfE1YnnWS6tyhA==
x-cache-hits: 315, 1

GET
H2 200 omJifnt.png
i.imgur.com/ 36 KB
37 KB 54ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/omJifnt.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

13b9601033f6b97dece65143046c49d062a167f0e1390d7a552d788ab220ef9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2441160
x-cache: Miss from cloudfront, HIT, HIT
content-length: 37337
x-served-by: cache-iad-kcgs7200066-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:34 GMT
server: cat factory 1.0
x-timer: S1702480519.031807,VS0,VE2
etag: "b576aa610e7773be400e315710e9db66"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: cQ7bDGmGD014tuhRZIIkZ1dms3ofS9uvRKZzaGPJrjcb_L4xWKD5KQ==
x-cache-hits: 122, 1

GET
H2 200 6ILZOkO.png
i.imgur.com/ 205 KB
205 KB 54ms
53ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/6ILZOkO.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4a84ec6543c13bbab9450576e08a8c15cfb64c40ef82435f8730b80ee8be9271

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 2106781
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 209808
x-served-by: cache-iad-kiad7000022-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:44 GMT
server: cat factory 1.0
x-timer: S1702480519.031208,VS0,VE2
etag: "07d5372dbd07cc919d369fd5f1fa1ae9"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6pcBJbKFQE-UPdaAzmD2mSVnZOj1er5WVun9OqI5xTy_MD2E8xQbeg==
x-cache-hits: 510, 1

GET
H2 200 EXlM455.png
i.imgur.com/ 84 KB
84 KB 54ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/EXlM455.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d530b5cff36f60202b4228917c0adf771bcc60dca25c1cb99cf9e2ec2b505bc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P4
age: 4333696
x-cache: Miss from cloudfront, HIT, HIT
content-length: 85718
x-served-by: cache-iad-kjyo7100084-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:22:53 GMT
server: cat factory 1.0
x-timer: S1702480519.032275,VS0,VE2
etag: "0d0e5b7060c030b947debda20df97f2e"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: tufoUgKUkTsB2d_Zpa_TXlX00p-XmLlF2XhpNOwU0B1AWB1A4mQrsw==
x-cache-hits: 272, 1

GET
H2 200 IcV8Q3G.png
i.imgur.com/ 14 KB
14 KB 55ms
54ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/IcV8Q3G.png

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

f9f739c0d112cd2001b05245f231bf745ce850880a5005ec98605d225a5222f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1134133
x-cache: Miss from cloudfront, HIT, HIT
content-length: 14447
x-served-by: cache-iad-kjyo7100116-IAD, cache-fra-etou8220103-FRA
last-modified: Sun, 29 Jan 2017 00:23:05 GMT
server: cat factory 1.0
x-timer: S1702480519.031196,VS0,VE4
etag: "4e561b1b17d13c67a0ab1897ee2972eb"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: x75V-zFv6pMHzbbFypOb4S_hWvoL4KSIZ9qNE5SoHEUKFD3Xp_cYvQ==
x-cache-hits: 255, 1

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 430 B
821 B 73ms
73ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.11bfb520.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee1397f4da0e0c981a979bc1ea43be1d0c28bf3619636df8ab9dc09fa770aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.11bfb520.js
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3c6ccaafe275b5b477d0400b5847bbce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0B14Mysu9TRRfkni6k%2FKPdgQC7mT28oygMjkZbB0J98dqrN%2BgImriS23u8WTBoXVqURZftqY2%2BzRFXV5jrSMuuyp%2FuV4i3k6BGvvsnAij12%2BbNMEvuAL%2BEWoZMwG9I9oo75dqf0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 834f296c68fc71c1-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 695 B
929 B 70ms
69ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.11bfb520.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.11bfb520.js
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"31edccd311957616d32bbcad27fcf679"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYWcz7INo2ECgSc1u1WXxBLwXW3wFMamHJ7IJWj%2F8U2FZ6CD%2Fs5Y%2FdGIwh6Otq%2BbVLakPiZ6QRKdAFc55LPpQ7dXvdwci8yP0O2mh9dTN6tNIf9KNmEH6mEehPmAbHG0NeQ825xv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 834f296c68ff71c1-FRA

GET
H3 200 whatsapp.js Show response
static.addtoany.com/menu/svg/icons/ 1 KB
1 KB 47ms
47ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/whatsapp.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.11bfb520.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

390bb80c8ec894a3669df1522e5f88b9f1c2a7dc7b2a6aa39ea8a6401b1aea80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.11bfb520.js
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1522
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"6a035bb94747645017c1cfe9f5801857"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEVSh97Ss2VbmUYDVm42a%2FuMURe0FJZNtePNgVxYIvnm280NiAbLmij4kDq%2BXKMefoKfgSB2CelYiNMErhIGfrbAzq4TW63I%2FU3oiWcEzichXe1DSwXXmdAd%2BC%2FoFo1h1iwtI4w8k6wG2wXKJGSSG8I2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 834f296c690271c1-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 427 B
822 B 81ms
81ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.11bfb520.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b199ed28ba39e8d3bdc0d2860b8f710808796f2c7272406178010428f509d397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.11bfb520.js
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"48a669f03d3a3ea93ea22be8f12d6cc2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSn9wdvw8rs4lhu%2FPtL6Yyq6J5Llh0DGOWhi7EPGR8a%2B0qIBRl%2B1P%2BPHicxXIx4fM29KxHdMe52go2FiGVuD1bWnjn3yHtw0Z2K%2BB6BsDh0GPuuuPw%2BiP51ZU%2BVqe3duU3%2BW7s9V"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 834f296c690671c1-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
691 B 48ms
48ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.11bfb520.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.addtoany.com/menu/modules/core.11bfb520.js
Origin: https://www.ransomizer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1522
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PXL8Fp%2FCYZ6%2Bu%2BPOr%2BZGc1tqX%2FAMSX7ox72Ew6J6%2BN2Fhje5h7JZBVf245i0sIp%2FfiktqJsCoSQTrRsw%2FIbkdncV1dBSa1qs7UL3ZWq38yAIp4bEJLMye3uOYc0xjoVORZOMcPRKXVVjT9tFGBVJS%2BW%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 834f296c690a71c1-FRA

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3DCF 120 KB
27 KB 1688ms
1687ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5190069960016990&output=html&adk=1812271804&adf=3025194257&lmt=1701310383&plaf=2%3A2&plat=8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fwww.ransomizer.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702480518814&bpp=3&bdt=806&idt=291&shv=r20231207&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1371485061910&frm=20&pv=2&ga_vid=1185640549.1702480519&ga_sid=1702480519&ga_hid=842044383&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079437%2C31079979%2C95320885&oid=2&pvsid=1098057064834304&tmod=67448278&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=311

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5190069960016990&plah=www.ransomizer.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

602b74dfd9b7d822b1a557ee336f3db32e1ec09787e0a7b3caf1818dc5ae0e00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 26973
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 15:15:20 GMT
expires: Wed, 13 Dec 2023 15:15:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 70ms
68ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ee1c7a575a73d4933d56995cab9fc66f5118ccc6f4ba9f6e9ac37b02ca666d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12190
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 160 KB
55 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71362177b3d8142bbeae0a44551c90ca1df028db322a218d9868bf032ccbde65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56002
x-xss-protection: 0
server: cafe
etag: 15688372950900506739
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:20 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 78ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 13 Dec 2023 15:15:20 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 9A49 9 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 39493
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Wed, 27 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 65FA 9 KB
4 KB 18ms
18ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 39493
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Wed, 27 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame C6FC 9 KB
4 KB 19ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 39493
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Wed, 27 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BF13 624 B
246 B 61ms
61ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNW_rIZbZgqhkT5qGIZMTcpbqRZk67dVwYHct_TpXHnZmShY2sbCLEJoeLDPTwy_cvaHT0CT7tzKLkiwX88EE_pD2Sml9tY0ODkxuy7bqP9LWPkAVgXS27m-s2Uh-Jegl0LRYAji8mYnx0A2qHJLC2I8B3EAHZPjYE8R8YowuBKPNTTZu0E

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 15:15:21 GMT
expires: Wed, 13 Dec 2023 15:15:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D182 89 KB
31 KB 116ms
115ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D182 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D182 20 KB
9 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D182 203 KB
65 KB 135ms
85ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65486
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702315402350014"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D182 42 B
63 B 53ms
53ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AwJ1QFsqmdcj_cSMhgjWG0XtsSIq3_GEntvzyqBrdy1QR8bi2VJwWrA8XMMiDT-gP9n-PjRpXxg3k_eLB-VWzkUtRnJXx-FmTqASR_JrmQabXQd_I

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9366 624 B
246 B 62ms
61ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNUkd7dcMADolhpAABsWoDopxfIjkC269rpTHWD2p51Fxp_pHBQp88reDTosdNNZjnb1ujCUIOyyWP7bkQbBJys1mcKB2Y8vaE-aQi2IxOeZX9_aBjFsJ-0PvtqbtRErVFBxcuq5MhTvnicNmIqcUgAp0WcyQWTzGfcU1Xxi8J8GzCfmxnM

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 15:15:21 GMT
expires: Wed, 13 Dec 2023 15:15:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4577 89 KB
31 KB 141ms
140ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 4577 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 4577 20 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4577 203 KB
64 KB 143ms
137ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65486
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702315402350014"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4577 42 B
63 B 53ms
53ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CWq5MwsweTav-95QPDlWMxbLgrUqeWa_zQ_92-pHiUT8bZPKNXSer5ROO-2_JCcYOU6Ip8zSsrOzVohcP7svftd9qnd7bCg-70hri9Vuf87JM0oYQ

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AAD0 624 B
246 B 62ms
61ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNW8j2urnOwBnE_QVGVXp6x-R5Ol_L6ctvBQiVnzQR3BjuXwwQm6qwjtF92kKyv2PacYBe5q7WSxwPAK0pWMJ2r2vLsN62ysk_QnH5uEQ3FAt-WlMmNp66N5LjopjdFKTMlCUh_Kknc3L2SRPn-wUWQ9MOEeg2G8hlVybgroITN1BKLqrBI

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 15:15:21 GMT
expires: Wed, 13 Dec 2023 15:15:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6CCF 89 KB
31 KB 165ms
164ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 6CCF 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 09:00:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 09:00:36 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 6CCF 20 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6CCF 203 KB
64 KB 143ms
142ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65486
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702315402350014"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:15:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CCF 42 B
63 B 54ms
54ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CqE87eH-FUPGStmmfII86NSekf5Yn5M4rFeS2xyi-9o8Aqb7VzpRtXPSgLu79lLtUFCBeaIeHXgIxJs-1hoOky7mrBoZ10t_Qq0Eq3awqDGrLF6kM

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CB7B 13 KB
5 KB 22ms
18ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1854
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 14:44:27 GMT
expires: Thu, 12 Dec 2024 14:44:27 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AC98 829 B
1 KB 92ms
43ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7b40468d33d9f7509146b67a24418544b416dab528d017662c5005edc3452702

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DRwkXedk7Cp1RXaviWQgDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ransomizer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-DRwkXedk7Cp1RXaviWQgDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 13 Dec 2023 15:15:21 GMT
expires: Wed, 13 Dec 2023 15:15:21 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame BF13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1&C=1

43 B
540 B

63ms
63ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNW_rIZbZgqhkT5qGIZMTcpbqRZk67dVwYHct_TpXHnZmShY2sbCLEJoeLDPTwy_cvaHT0CT7tzKLkiwX88EE_pD2Sml9tY0ODkxuy7bqP9LWPkAVgXS27m-s2Uh-Jegl0LRYAji8mYnx0A2qHJLC2I8B3EAHZPjYE8R8YowuBKPNTTZu0E
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PcNZIf2YKpA%2BMNk1VhOdceruvSEH95ppBaCUY8vPxzFC6ttswQNbWunFQd8%2B3z%2FCDS0IY6I7HE7LUAkpr8Bx7V3i%2BZg63iAu%2BZZKTqIfpTcpus3bfyPgHdcUy093FpgwAmCJ3WIV4HyYCg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f29797bbc2675-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YhYviI%2F0Ot8Vz0wOznsDMMRW72H%2BmTdqcofEIDKwjZ%2BYJkzXJZmObpZ325oG2WXTuA2EjTwRLy1Bn4%2BokQM8PiiAjDIZxcWHyBvzDLIADe4aTD%2BaS0w8WCThvs0pSBMIRK1fk8ks5bz3fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEHljWGh7WqZh0a_WdSRCJgY&google_cver=1&C=1
cache-control: no-cache
cf-ray: 834f29790ab52675-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame BF13
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKifAQd0ihpHkzzXlBhwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

43 B
738 B

61ms
60ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNW_rIZbZgqhkT5qGIZMTcpbqRZk67dVwYHct_TpXHnZmShY2sbCLEJoeLDPTwy_cvaHT0CT7tzKLkiwX88EE_pD2Sml9tY0ODkxuy7bqP9LWPkAVgXS27m-s2Uh-Jegl0LRYAji8mYnx0A2qHJLC2I8B3EAHZPjYE8R8YowuBKPNTTZu0E
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L8Asfp964%2FZ%2FnGxGAz4DbPX1mbhqqjOaVz5T%2Fmr93xOr09j%2BkEPXiZjzM8VK6bihdvAfMTO6k3ne54RT5vempHWQixB6PCBRo%2FZnA9Tig2ejRYNMKbXcYLFktfrjR%2Bk7Da4VSOZb5O6sVA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f2979f93b4510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame BF13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO8mCIJ6Ytd72Uvtc2xPXHM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO8mCIJ6Ytd72Uvtc2xPXHM%26google_cver%3D1

43 B
894 B

32ms
30ms

Image
image/gif

185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO8mCIJ6Ytd72Uvtc2xPXHM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNiL3_QBMAE&v=APEucNW_rIZbZgqhkT5qGIZMTcpbqRZk67dVwYHct_TpXHnZmShY2sbCLEJoeLDPTwy_cvaHT0CT7tzKLkiwX88EE_pD2Sml9tY0ODkxuy7bqP9LWPkAVgXS27m-s2Uh-Jegl0LRYAji8mYnx0A2qHJLC2I8B3EAHZPjYE8R8YowuBKPNTTZu0E

Protocol

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: 77f53a90-4935-4ca7-9b16-a5e5c9d0313d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: f40c7104-7797-4830-bfa8-6d90e2281d26
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO8mCIJ6Ytd72Uvtc2xPXHM%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BF13
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTU4NDIyMTc1ODY2MTc4MDA%3D

170 B
232 B

30ms
29ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTU4NDIyMTc1ODY2MTc4MDA%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: c12c3add-1e8d-4e4d-929c-5ffce654bee1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTU4NDIyMTc1ODY2MTc4MDA%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame CB7B 39 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 11:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Dec 2024 11:47:25 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9366
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1&C=1

43 B
768 B

58ms
58ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNUkd7dcMADolhpAABsWoDopxfIjkC269rpTHWD2p51Fxp_pHBQp88reDTosdNNZjnb1ujCUIOyyWP7bkQbBJys1mcKB2Y8vaE-aQi2IxOeZX9_aBjFsJ-0PvtqbtRErVFBxcuq5MhTvnicNmIqcUgAp0WcyQWTzGfcU1Xxi8J8GzCfmxnM
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHrEzMOyHZp4q6NmS%2FQdgA4jlR30wpoyvy9sYuPtwzebYU1PXA4Amm49SUVNeQO5xCmY%2FFhgGDFFWKFBiu7TJzkMrQfP62yn5PUgDeBRqbItiBtFZbLF4XYqvIm9tzhhvC5UJZYufg6OqA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f297988424510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGy8%2Fkvuink3BpvQJWR5ScZTEzF6W2W5nCZXny4gYMvtI5EKWkT8y5dmaZ7peCAxyY6yrz5x2A7pO7lTqr3LyIDlgrb4F5EdeVKUFoJJCr%2BwLa6pKLAAUAye6Rsc4Uue0mDTgSxq4po%2BMA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESENPKH-Vay8Y0L3YVN1JA_rI&google_cver=1&C=1
cache-control: no-cache
cf-ray: 834f29790ab92675-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9366
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKiWf3w3ZyFxmc9vc23gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

43 B
735 B

62ms
62ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNUkd7dcMADolhpAABsWoDopxfIjkC269rpTHWD2p51Fxp_pHBQp88reDTosdNNZjnb1ujCUIOyyWP7bkQbBJys1mcKB2Y8vaE-aQi2IxOeZX9_aBjFsJ-0PvtqbtRErVFBxcuq5MhTvnicNmIqcUgAp0WcyQWTzGfcU1Xxi8J8GzCfmxnM
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KI3QnZIpVLHCMWj9lUVwg97da1ibyYCT%2FA8Vxid%2FH6lknaqXXaH5%2B2kOdQT7tt3CR%2Fg4OrNEBUBazF%2BZzAgcdhedjCIgbNQcxiDomKlky4gL1qqrebrP7hHg3gfo9amkrtZzy72bcQnmvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f2979f93d4510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 9366
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAv0Z-RNcY288ivzZWXOaQc&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAv0Z-RNcY288ivzZWXOaQc%26google_cver%3D1

43 B
894 B

29ms
29ms

Image
image/gif

185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAv0Z-RNcY288ivzZWXOaQc%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNUkd7dcMADolhpAABsWoDopxfIjkC269rpTHWD2p51Fxp_pHBQp88reDTosdNNZjnb1ujCUIOyyWP7bkQbBJys1mcKB2Y8vaE-aQi2IxOeZX9_aBjFsJ-0PvtqbtRErVFBxcuq5MhTvnicNmIqcUgAp0WcyQWTzGfcU1Xxi8J8GzCfmxnM

Protocol

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: 19f0dfca-92e6-49f9-bf25-32935d4c9d87
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: 0985d9b2-12da-424c-8b4d-9217dd611964
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAv0Z-RNcY288ivzZWXOaQc%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9366
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

170 B
232 B

35ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: 3ef9360e-1711-4b09-83e0-fa817f19981d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame AAD0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1&C=1

43 B
530 B

71ms
68ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNW8j2urnOwBnE_QVGVXp6x-R5Ol_L6ctvBQiVnzQR3BjuXwwQm6qwjtF92kKyv2PacYBe5q7WSxwPAK0pWMJ2r2vLsN62ysk_QnH5uEQ3FAt-WlMmNp66N5LjopjdFKTMlCUh_Kknc3L2SRPn-wUWQ9MOEeg2G8hlVybgroITN1BKLqrBI
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tnphdEvRnewAnVah8fwT6%2B%2FSm22Rn%2F8brUVjbvEVc23%2BRjFOs5L814Iq326pbkXfgftJAVekYJ7Y5LitT%2BVQzVPLCscJ%2BaLub9IDGGgpSJlzBJQ%2Bz0UJej7LZUNHMS8psSLmckZvVsHzA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f29797bc52675-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdTnu2dVkTFEVFASlNZP8VsYfuhrqrTY5pCoy8VEp2MRjsNaeJjedUCbFhOt%2BcKBzvssYQsCiYJ4qh4KSD2YsViGQBsNCsvDIXg6aksog3ss3CR9FxChtg5fyTIQqaImds2Cu0B1AtX27g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1&C=1
cache-control: no-cache
cf-ray: 834f29790ac92675-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame AAD0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXnKiT6M61QGFcLpQtzLPAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1

43 B
735 B

60ms
60ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNW8j2urnOwBnE_QVGVXp6x-R5Ol_L6ctvBQiVnzQR3BjuXwwQm6qwjtF92kKyv2PacYBe5q7WSxwPAK0pWMJ2r2vLsN62ysk_QnH5uEQ3FAt-WlMmNp66N5LjopjdFKTMlCUh_Kknc3L2SRPn-wUWQ9MOEeg2G8hlVybgroITN1BKLqrBI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zcFZFu6YF9XX8T%2BytM5Bm%2FXjA4lbdaWSjfNsop1EKQcUgy6I8n5SjZAXJAw1vcYzrIjBj%2B5cInBgDRSLJJVJjDjaPLt7rqV7IPMq2h2du8td8QK6xsYEYH6n%2FXWroHbXnJyhQJVnbURo8w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 834f2979f92d4510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFp5LQSNUZjuhUatZBlz2VI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame AAD0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIA0AXp2TnmeMbAMydfvbf4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIA0AXp2TnmeMbAMydfvbf4%26google_cver%3D1

43 B
891 B

30ms
29ms

Image
image/gif

185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIA0AXp2TnmeMbAMydfvbf4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNW8j2urnOwBnE_QVGVXp6x-R5Ol_L6ctvBQiVnzQR3BjuXwwQm6qwjtF92kKyv2PacYBe5q7WSxwPAK0pWMJ2r2vLsN62ysk_QnH5uEQ3FAt-WlMmNp66N5LjopjdFKTMlCUh_Kknc3L2SRPn-wUWQ9MOEeg2G8hlVybgroITN1BKLqrBI

Protocol

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: 913d1401-3ebd-4a85-a61a-00c00a309ae2
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: fc618bdd-6f99-4277-9fcd-82239d0d4bb6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIA0AXp2TnmeMbAMydfvbf4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AAD0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

170 B
243 B

30ms
30ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
an-x-request-uuid: d7cf6ccd-3586-43b7-8c3c-2d5a8bc7ccb8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxOTI3MDE0MDczNTQ1NDg3OA%3D%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D182 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6384949756232&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D182 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6384949756232&version=m202309260101&ct=76&x=1&cor=14682752037034078000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D182 110 KB
41 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2Fi13NT_BKe2mDAUH--Dn40fKEFBuNsjR-uu5elafWAxoiKyy1Q2VDgiW3U9U3bU9G0pyScaFUpf-BDL3Rhxk7zDqfLzywPrixy0-aJj9YPTq-1b02N6PvoLWHxNvCDWlI7vAzaADxGG4zhB4NizyfWPaXXLV3Can8XF9OfdlFqt5-zc&dbm_d=AKAmf-DaMUi32FInM2y1pkt87MDS7t5ErtxLCQD7OIoo4rEIpH6lEF28cSXRSFhinQUbvvKNqdAdxGsqWPlLtvxKDQD2ezL9ahstRmZy3LXQQbaueojnZ7aHZSTJhL2hLFrluYZ-05a-NNTIR_Bz_pjFk-Wx-0NzcaKGaPLXutZSBA3qc2Rfw-c7wXqEAIDtAOF2vD-r909J8TWw936MMPtxXVOHZpobWynDv3D5JJHLcMevhatZ30dgBj_bN89fabwUrl_7KJ8ee55sjktsjNm7LhH7IR5FdQSh_xdfOAqdd3mKHXycQX06tPX7Wptrw-DvJ7USyFWieJ1ShP1QQyzz4nVlUOuPPV5yt1i3zmcSpl_GBZ8CjKIzjb1tXbg0RuB6oxrspZcJsqeSKPaLexPStKcaZkcOW8sQGHK-JChUELec3ZdzJCxT6oC8U87SHZUtDxDythTKmhTz0g74b-OLF1NnTe7O2zvLUDJ2y4zFpc_HRs8YMe_3IfdEuX4rLAk8jVK753jN0MhAcRQC1rNVmUJVjxHEEckp6rFG-jTx2RgE0ENBXdxlMfgmHKz510STO9vu-3PCgWtkC0r3RYQ3Y_h-KpEGKYzRbVv-sU3TrOf8jRnZQdX_4OCHqM65eSePpQclUR3IyKzKLboPmhB1NdU3_e8q2vJRjKZu54xjCPNbCDlEZKf0_vt-yveR2PbSdPUcqw1cqs50UYmEBqkhotOvcWcvqDBETCR6qlva8ijhECKWeMNPAugrJFzAGRuKmjBcUxuFE-lCgmXLN0BGnS81q7TXrmpA4iqOD5ll_YjJz-mK2N2kqJLY2dwumlimojhlB0qqFFq7PKAmAhyy81xYGmNTaDZYtW7Uppe_AaOIn62lSEj4N7rozu2rcraIK8-Zox0irquweLMC3BBSmbTYySRP3U6ROg0Y4Ti3BpKj9quVvvI5rqrKTyG-DrsoqNjMnaGNeZFc6KG9CGksIuM902ETkNOg8pZug3cVZFhywsfmNPDuIJQI0hQLATBWPsfoQwHlVqoivBbFW4q0eDEgYsaD4VhhxGKMLMUKCit50OnWpgoeNCNHYHLyZ3eKkf_GQgKYdBpk9qnj_pYx2PxMS8iFi9gpIbhlm16i11qZlQ-MVvWoGtNkKo8MirXq1YaNw_YfshcGkuh8wZe6z4_3R7RUH3aiVS3fbp1b5s6fWcuLyuNnskrElhvq7zXktzuQFUHw_OaomNhIySXVTsvwCEPdwE7ijoD99oeCt1zx1IGN_HsHD_4r_NiIFV03xp8plHqMUBoOmjYxTrXdv6H-wCoaUBfCSZRP8XIb5f1I-ymmP_tQO_PjnVlWuGPr00hCK4t3eN3wqh7pDMFkFO0m3UVfaI5T66bkKUlawSkqOpDjalm3vtvCZKAo3JQBMsXk65b-cXhgI0Ff_twzoWC4n3UXIbYviFKP87e0hzlUNPeFrlX6z-T9pH17eWEB8h9dohFjXD3vkHEr5Y_fMtVGolDFGovyQk0lsccBrNBMbCluZUg67hhiJPtI6WQG3oqab48C1jTo-xBxf61oqzr0w8Eyju6g0poRWIKD2ntB7bMzEjN-E6XStkFxSe-9FPYtu8oKA5bSSTwwWxFtCMvDruiEfD-ew6U1fIIomBEbmFQSUtDHCkHwO0pMaqUZrK_k2AVoB67pV0Rxq8BB10lVqtX8MRRYAr3qSNB0XdgtoTybpptf8dr_m_DTzGoCpef4Q-TmgDN6tLWVrZer0cCdK2UyLRLYKTJ9JYlfXGjedybmTO8UyuO6ozX441kbzz1UA2bVGbXvGFizpRswvGxykimRZFTu4Z2s7H6B8fBR2Aw2SQLs3wbPLGn4C-eLeeh-tvNE6ObMmLpStXOVy050jKez4UjcBGT5Cbs7JxTZ8ZkUn1_6D5Qdc5RAFwSxpKIG80Dzel-gL1FqnPlGgNiVPwm2UW672Eznh-dSLrXPB17x5UbfduLMTpe88bkHkpNb1TicmbbZWPCcVI_Jiy9JleLnWw-mZAlFj284gQymw1XRRuXDtEG0O7A4KshoRD2kY79kv3nf5-ORLGkenzitMkwU_SaKEWfYBwzySlWlSKqqS228RUMLNonZ8ipTtmSVWyytIJFXl9dX9Dsat4x7_n_CaITBJMv3Eh5Pb2ezECiHL9lFBv-LFImacTKWDnZalJWDZpuwfqPznyWbeGTNzNJEqVLQe4_ELp4gn7iW_R2mZp20PeOjksQA9hoNprWOP3-v9-XzLmHhDjDoZ2UF9PlCL6BlUc5brOHhppyaADNGSlnoAs4naKLwWYWpDtvao_LbEXNimmZ1GW-0YbQe2tcWAgVxn0xpTY6Ty5w4f_X8WkdHItGysPEpEKI45ZzXFRorzl6lgGmOviV6olCh5gjRGfX9uIjO__R4Fauc-A-QVxlF_k_UDDCZ-lQr58oXVGnrCBKB53IMmGKdNLlLn78duBZ-eCRVjl5K3LnYUH5msERNiW9PoBpx1na4AHbWSibOtj55o6RlYo_anps_7y9qvbHrODmdULSJR14-DQFGra3ZosO_Mt_9a01XyKr7fTEGCyvSKxCzYTKDaDTRuyVxh8pQAMQqcFaaqh24DH_8XIgbdNGjsL44WOy9mfYk2SlwGpSfwCR4LfbZBmvHHP2omnk_knK-SwOv6w_F2VgPn3ji7C9WCKPAsjxNWX6UJnSCTLSl4HfE_au8M7p6j2PZYKnCiMpJdKLhuNhFsklhePVGgsHZHJl8gwY0lu4lbK3l-1jhxa-NgpQacfUD7YJrqsOtAS8pixhW_LvHGw-uIgr0bxVoPtbtzrFS2iNw_sZjLRzpzy-3Gcn4zXYper_pQPRjdFNpsR8nnAE_n9d074nWx79JJ9P_5oSz0xL5wUcsZBwGxkcunzYSwbLkH3GlPAbYsQp_lhfIGHRS6bu-hfHLAfDwiku-albcHK7tJAd4ZhrxCNz5nqNwxZCG3KRnyb-cEFzBtFmvr00BH87JjI1jzyo9fEHz2PxajklEsXtL5YnXIOthlT3hRcfx4mW9Y3stzTQAUC2R1b9AuwlRnWKyLu2B-7-QPDAaD_LWojidFV32yHgQopJRwW0MdMy6jM5YT25EOAK4xLy0TMPqsml_5ZJAn5B_mpDIX5yIfQZV244CkAJINrPwIKEDAFnFzMNQHYHCPiNKtaBGSXOLAGJu1Lcj3_IyZy635TB-ffWbdZ1ELNmwN7Zp2lrt80jKOTodaCputKKFgzdKSToKMluE39hPcLKz9UMa4G0k0iJUUDgPRObM6adKLAO65GrJGWeBsUshkXXiEskSBz89C-1cgscdUh_E6pGa10MxFeTOhB54NmJd-Uaog7nYfzu-jB-XjZDdK31cZp3NQtToqqlOJUiEovltC76180CQsU_QWKjgFN7CB-D-opvjAz0rfambE6e1aWBeEV2Xfb_Ib3PphPoADH1Kt1Jjsbw-zVeBgGEKzA8Hge4P5kFaeErxHxUkGTZIuTnrp_OQHPIgDGv7eYDhAVxgxoVcj_UgDegx8wbLK2ATXpzZjC_3u00ebLF-3d95AXo7xql4gco1i5cj7N75Go9VymlrwuF_9J_H7gxeke2KvVs3ZEL2IUhS_AEsKvrwF_J8NptcFUOtmQw&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=14682752037034078000&adk=497053792&idt=121&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eebeb1d46efc55c9effdb14210a1f747e78fb0075ac3cd0f8b62f1313da76b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42307
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CB7B 0
10 B 19ms
18ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bu7UIA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC98 0
0 53ms
53ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=1098057064834304&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4577 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2939411092806&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4577 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2939411092806&version=m202309260101&ct=76&x=1&cor=9737416674403009000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4577 109 KB
41 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ATWP0jwEwJ8HZnS_TR5LJzvt1XuJKxp-U5rW1_ZxRqvFLFvS6zIYrNmy9dEk-0XcAsj-ZyPVGe-g-jH4N9e0V4fs9xNmO-fKGZ1YdpuVgV1LeFcMSTyTdXRKQEXiK2HTcsnb73z8CJOd8tLHNywyBtKMuk0dtQeMzUwCnajWVSrUyzj1Q&dbm_d=AKAmf-DhldsbI2Te1ztDRDM-sm7xmaiUxhOj4hIufn8xGxYrhT95LfJcK_z9hh0cxO8xeSp4coIqThrdESlMjj_0sHWoa1PEIwAzB9OqIf-Y24mJrB5qJ2EwI0N9hWV8uUWOEf_TTZ3SmJMXcht6tXJOVz1v4d6S9DFMelHxzTt0bi6B2mFGlRkWlIS6d2bEC5IBUVE8aN7Z_8GYk9cK5idG_q0t6ifq6QJ5OJgZvHiQYzW3xTMugXyNZHSprA9peKWluu7UIYeFFbR8gaHTm2NinT2m3NVJdA_WhfXvfi6YMk0qzukvRtdi6-dVbKyCIdPeNTp_fczBmMUNR03wQNNSIMpd8a7WEbTedb6I8f9d_Rrg0mJ2RgpdXv7EjUdj5ku8Z65DA0HoQgTjWJjBaar_ZhRGpjyT69moKpZDl8LhMrgsMg2Ej3B3BLfgbRSzgiPgjuNiuZHtTvhdIyPV5mOdAdvXVJNhF51tSGxV9B4fQQIRPJdEBu103COlGS7eO7g8K0OUqLGYieGGy1hOgjO2fuD7-LnkFqJ3m1EWCujGl9luLa3mHf98rydwsdnC5kqkH3waK8FQeM_hcb1o75WQHDH93AxAm7bKXKQ3bJQf4jPA3pY_MAAwSmyjKS_DYwNcX0u9CoWikU2d5dfzO12kmCSY-o8ScH0CF7Zaz7g58N53qxtfL5q-I2-lT67I9JHSrmu4zfPEa_zLSCDa3pgTEHfr7aggMlpMPh7z_s8_7zKlrraps4bHx9TY-Pm8soww0Lij4c3Ux1hp7hTV4wqdEpgwzz7RQDUtSWnl_d0PFr884b2IDjIi1C345D44i9RsGnTpd6y6zRhrc3rK0I_FvVPvuz4BEzvWvjd-V_eUTEJeYxBHtjDQvRfEXdFa06WHy3shL8MIWJb9ql1VBkXhaLB1doe2D9hloIhij9OSz98iL-Oy5EsZhs2DuA8FtyXc1wrcnwio9MXm0sERr0LKbgtaoNmtqx_kt5VbbIUzeBMw8p41Uck0XYpiwYlfSij_F6sDpfxZvw_2vSgByX-Y6E75j9S4Y8qsCmK4jy9d7MeXmxzkerMAtWpr_DSD25uIjKnBqTkioKBZiyD7C6wPS5FpKw7ARVkEN9-eCWANXcoRK6rWGYKX37AeOH_9RRO5HOmxUYP8hbqNrkQ-HARGkLLu1g-jPEF3BmlZ3JGyyljUyLyjzoh50vcM54Sub9dkH4Nm4iILxVKZ0evl6pijHWz3q4_3-aZHSn24VDYp2tVxYwYpUJ3s602O7J6vrfx-LwcEkvKcmKUcuR6rcO2HPkQ2wJQs-xhoZdKGCGXdrTFKmFZ_mXq548QRKgzvQAxSb2hqFQ6TmOsr1jnU3uMpHCpKFPFAUDzXr2juqpw8EhuzIRAtr9XnyDYvzSj1e15H3DS-TAEPKK09gpEs6OYjM4vvWbzKRkVbd6aXdH3uGbH6pocDZABw1C1OJwCq8g5eppfNywWvw3yqa7zLskJ1ojWJOt8CRnNlrluzu_grPPzwi6dLGHw7ugKab-ZrdHq6AQCJhE2guLeQzvE8TwN4FnW3t7RztbK7nSgico7xkRMKZ0bG-Fm8azLXQL3XB4A5aFJWAtS9qywbn6jwvjjCNCdXnEhuYuz5J2A3u7ExeMka1DlZNOyQxdgpC85r088ERXc72CMW9522m7wQvXC8CJ30-tl_eKNmO3uzpumLjTRiNx4e1ujC2fdIWTghQLSC6j5eEj5vJg6K9SuoAnOyRjYhTts6_OuCbU3gH8YX2Kfr8KdD8xASZGK47J0wUb-GVabcqSBcaWQE_lfMEZ9-Pr7YGdQZd6ILkqju4L8ZArsm7pX7fts-mMDYhtCrAo8ALVGYox-3chGIi8YNqa63s3iQ35LfMggpLS0BUIs4i8G8VAqMauOSpG3ZMo469q6hvaEKnZDwnODPjCjFK4BfpWUFj4P2_yr2ls7eLH3mQIOp4t5ql2cKR9BeTAHC_jmElGPgyURQPHk6_KMs3p2q1DvulI9TVq2BGUAseuI_-rTohsXrq1_p-Zv1B_tTuN17pn8-c--7SvGq8gJ9Px9VkkB8xScJ5rga6ddr0W7ytFdTRezhP81XOXvIoxjXismMoO3JlVduuseO3l7cTjQ00rm-hUODud1WxGrxrnZ5se-jscyDBmhpsxdHqHwgdsfV6jUKZTvxIG_hKbi4dVSPIrUyNCNdkfnJTmV8tuZwj4z7kK54NMv1ZejmWXJ2Dc4vdZhcS5XB8V32xppddcu0kHG120MF5VF8TZ4i_UNg0kvDAd5M3XzPp5Ez9WrnVUJO8kmIaq4mtqL-mCrVdf0-kApBar6D3Xw3bK5bZuF0DzCTQ1b3FHdPhmbGH1C8qLJSMn0jeplkH89uQzGbACiTqkVcdb9oXV2019SzSLtPwlNiR_xp839-sZk5-LgyFUxljLfLk3BjakoguNT2CovTcrhOQS7EksHovItQXqbBrBAfxlkuc0OZEqyVfXSQqLQJO192_F989KNSISKIXLwtc_JFvjbVuDBGLguO70U2HzTmz2AegEdL_0C_IaEMUehnpyugHq-VdtR9mi2Iyk5S1GijlMYo-3RWEqFNvjcLaPdC-UQdCkWqDarc51ckGFvvoH31F3vy0xdaPp0N-6W36noBZlhcE7M1tFC7dsn8Vj0D0iXzlxl0AEi7c-ikoHphHrCHsbAcZwHEskSK6HYxeSgKHUbkeNXZNAkrRu5Vvl-HPR_QGFK9Ut84r5iD4R7gMZiGTvSRvBGrX0o7dOLQR-l6_oSDgQmE4bgZLynprYSUGvsqEGFZDV_QgfPNx28_dihy3tFd-ZIqOKzUC-IMJow_-2Wavteh89_9mIqDNOb8kdU9UnhOgXPxmtRwj_MqanyRF8dZr1Hsac-fh8gcflE22t9NisAG1kksIJLSnQXlmI4-AJW7CCynRfLfeIXPRLHCpSjOiScdR65tus2-pXEXDf4ivyDAD8zol2XoIwyFOv5ucZIh9PBmbP5if_8MD2B4dS6YlGE3W180XLELqDN9ehnacuuBSK6ciWXAzyXO0M7ogZSSga-uacxQFNK0owv8Uew9aAB0bUUSaYPVuiEqQOj5YcO-VCQQkbF-KAfFHFVLzgXjvukBePkEKdKx_wK-TtagjYRyAa4kp9L-5_BMiM9V2iiu0Q-GxBlShq0ivsL5nUICV1OwU9Imn0Qk_lJFgwXe0jGMVjGpLjJR8W79UkXdsN7TtBbWpAKs-WuwGdJZLmq8tJGnsOZ1O54yxjZqQIipCcxrKazmtVL8nRgrovs05dFMC_07D2s023A7NONXYDrjv771kAkQPUrONoEJg8_xQAYhkjko92NQYjCTCldfU45SlANYGRohZID3kkRikLW0y_RRTt4gk2MrnbT59MOTADQCL7-B7AObQ4qGADFqIV4HwZozjsTJCV_Im6Ztb4N3SXONQSpV8gEyhJVzwpygVnSJWHK3_h_6ghBnca9lRNNBRBrwbaknFEMwRqSk150vGd9irTU_7JGtMJMg7ZwEfTIUfI-HHpNlxDNAmnyCbe35mMPmUD99WjT53GBFsW4-ryrV3SasvQVYw74PtMeL2fBXuD2i26aCvp9tPrJZ1gn2zVvIz_0Hf8JlO1SombS0T7O659mztC1m6Gn0Gt4e&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=9737416674403009000&adk=1761367584&idt=176&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8625646d45d00395060b97b69df84b78a1fe565ad9d7da9740fff39e2aa5d6ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42262
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523880/ Frame D182 255 KB
77 KB 136ms
46ms Script
application/javascript 54.217.222.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523880/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0j97msJqW2sYavVKzH_w-fB&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0j97msJqW2sYavVKzH_w-fB
Requested by: Host: www.ransomizer.com
URL: https://www.ransomizer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.222.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-222-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 35dbb75896c0d59b7858e3792cfe08539ebd1e951d08dcb706413c0c24a60618

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D182 111 KB
39 KB 78ms
19ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:46:38 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame D182 11 KB
4 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2Fi13NT_BKe2mDAUH--Dn40fKEFBuNsjR-uu5elafWAxoiKyy1Q2VDgiW3U9U3bU9G0pyScaFUpf-BDL3Rhxk7zDqfLzywPrixy0-aJj9YPTq-1b02N6PvoLWHxNvCDWlI7vAzaADxGG4zhB4NizyfWPaXXLV3Can8XF9OfdlFqt5-zc&dbm_d=AKAmf-DaMUi32FInM2y1pkt87MDS7t5ErtxLCQD7OIoo4rEIpH6lEF28cSXRSFhinQUbvvKNqdAdxGsqWPlLtvxKDQD2ezL9ahstRmZy3LXQQbaueojnZ7aHZSTJhL2hLFrluYZ-05a-NNTIR_Bz_pjFk-Wx-0NzcaKGaPLXutZSBA3qc2Rfw-c7wXqEAIDtAOF2vD-r909J8TWw936MMPtxXVOHZpobWynDv3D5JJHLcMevhatZ30dgBj_bN89fabwUrl_7KJ8ee55sjktsjNm7LhH7IR5FdQSh_xdfOAqdd3mKHXycQX06tPX7Wptrw-DvJ7USyFWieJ1ShP1QQyzz4nVlUOuPPV5yt1i3zmcSpl_GBZ8CjKIzjb1tXbg0RuB6oxrspZcJsqeSKPaLexPStKcaZkcOW8sQGHK-JChUELec3ZdzJCxT6oC8U87SHZUtDxDythTKmhTz0g74b-OLF1NnTe7O2zvLUDJ2y4zFpc_HRs8YMe_3IfdEuX4rLAk8jVK753jN0MhAcRQC1rNVmUJVjxHEEckp6rFG-jTx2RgE0ENBXdxlMfgmHKz510STO9vu-3PCgWtkC0r3RYQ3Y_h-KpEGKYzRbVv-sU3TrOf8jRnZQdX_4OCHqM65eSePpQclUR3IyKzKLboPmhB1NdU3_e8q2vJRjKZu54xjCPNbCDlEZKf0_vt-yveR2PbSdPUcqw1cqs50UYmEBqkhotOvcWcvqDBETCR6qlva8ijhECKWeMNPAugrJFzAGRuKmjBcUxuFE-lCgmXLN0BGnS81q7TXrmpA4iqOD5ll_YjJz-mK2N2kqJLY2dwumlimojhlB0qqFFq7PKAmAhyy81xYGmNTaDZYtW7Uppe_AaOIn62lSEj4N7rozu2rcraIK8-Zox0irquweLMC3BBSmbTYySRP3U6ROg0Y4Ti3BpKj9quVvvI5rqrKTyG-DrsoqNjMnaGNeZFc6KG9CGksIuM902ETkNOg8pZug3cVZFhywsfmNPDuIJQI0hQLATBWPsfoQwHlVqoivBbFW4q0eDEgYsaD4VhhxGKMLMUKCit50OnWpgoeNCNHYHLyZ3eKkf_GQgKYdBpk9qnj_pYx2PxMS8iFi9gpIbhlm16i11qZlQ-MVvWoGtNkKo8MirXq1YaNw_YfshcGkuh8wZe6z4_3R7RUH3aiVS3fbp1b5s6fWcuLyuNnskrElhvq7zXktzuQFUHw_OaomNhIySXVTsvwCEPdwE7ijoD99oeCt1zx1IGN_HsHD_4r_NiIFV03xp8plHqMUBoOmjYxTrXdv6H-wCoaUBfCSZRP8XIb5f1I-ymmP_tQO_PjnVlWuGPr00hCK4t3eN3wqh7pDMFkFO0m3UVfaI5T66bkKUlawSkqOpDjalm3vtvCZKAo3JQBMsXk65b-cXhgI0Ff_twzoWC4n3UXIbYviFKP87e0hzlUNPeFrlX6z-T9pH17eWEB8h9dohFjXD3vkHEr5Y_fMtVGolDFGovyQk0lsccBrNBMbCluZUg67hhiJPtI6WQG3oqab48C1jTo-xBxf61oqzr0w8Eyju6g0poRWIKD2ntB7bMzEjN-E6XStkFxSe-9FPYtu8oKA5bSSTwwWxFtCMvDruiEfD-ew6U1fIIomBEbmFQSUtDHCkHwO0pMaqUZrK_k2AVoB67pV0Rxq8BB10lVqtX8MRRYAr3qSNB0XdgtoTybpptf8dr_m_DTzGoCpef4Q-TmgDN6tLWVrZer0cCdK2UyLRLYKTJ9JYlfXGjedybmTO8UyuO6ozX441kbzz1UA2bVGbXvGFizpRswvGxykimRZFTu4Z2s7H6B8fBR2Aw2SQLs3wbPLGn4C-eLeeh-tvNE6ObMmLpStXOVy050jKez4UjcBGT5Cbs7JxTZ8ZkUn1_6D5Qdc5RAFwSxpKIG80Dzel-gL1FqnPlGgNiVPwm2UW672Eznh-dSLrXPB17x5UbfduLMTpe88bkHkpNb1TicmbbZWPCcVI_Jiy9JleLnWw-mZAlFj284gQymw1XRRuXDtEG0O7A4KshoRD2kY79kv3nf5-ORLGkenzitMkwU_SaKEWfYBwzySlWlSKqqS228RUMLNonZ8ipTtmSVWyytIJFXl9dX9Dsat4x7_n_CaITBJMv3Eh5Pb2ezECiHL9lFBv-LFImacTKWDnZalJWDZpuwfqPznyWbeGTNzNJEqVLQe4_ELp4gn7iW_R2mZp20PeOjksQA9hoNprWOP3-v9-XzLmHhDjDoZ2UF9PlCL6BlUc5brOHhppyaADNGSlnoAs4naKLwWYWpDtvao_LbEXNimmZ1GW-0YbQe2tcWAgVxn0xpTY6Ty5w4f_X8WkdHItGysPEpEKI45ZzXFRorzl6lgGmOviV6olCh5gjRGfX9uIjO__R4Fauc-A-QVxlF_k_UDDCZ-lQr58oXVGnrCBKB53IMmGKdNLlLn78duBZ-eCRVjl5K3LnYUH5msERNiW9PoBpx1na4AHbWSibOtj55o6RlYo_anps_7y9qvbHrODmdULSJR14-DQFGra3ZosO_Mt_9a01XyKr7fTEGCyvSKxCzYTKDaDTRuyVxh8pQAMQqcFaaqh24DH_8XIgbdNGjsL44WOy9mfYk2SlwGpSfwCR4LfbZBmvHHP2omnk_knK-SwOv6w_F2VgPn3ji7C9WCKPAsjxNWX6UJnSCTLSl4HfE_au8M7p6j2PZYKnCiMpJdKLhuNhFsklhePVGgsHZHJl8gwY0lu4lbK3l-1jhxa-NgpQacfUD7YJrqsOtAS8pixhW_LvHGw-uIgr0bxVoPtbtzrFS2iNw_sZjLRzpzy-3Gcn4zXYper_pQPRjdFNpsR8nnAE_n9d074nWx79JJ9P_5oSz0xL5wUcsZBwGxkcunzYSwbLkH3GlPAbYsQp_lhfIGHRS6bu-hfHLAfDwiku-albcHK7tJAd4ZhrxCNz5nqNwxZCG3KRnyb-cEFzBtFmvr00BH87JjI1jzyo9fEHz2PxajklEsXtL5YnXIOthlT3hRcfx4mW9Y3stzTQAUC2R1b9AuwlRnWKyLu2B-7-QPDAaD_LWojidFV32yHgQopJRwW0MdMy6jM5YT25EOAK4xLy0TMPqsml_5ZJAn5B_mpDIX5yIfQZV244CkAJINrPwIKEDAFnFzMNQHYHCPiNKtaBGSXOLAGJu1Lcj3_IyZy635TB-ffWbdZ1ELNmwN7Zp2lrt80jKOTodaCputKKFgzdKSToKMluE39hPcLKz9UMa4G0k0iJUUDgPRObM6adKLAO65GrJGWeBsUshkXXiEskSBz89C-1cgscdUh_E6pGa10MxFeTOhB54NmJd-Uaog7nYfzu-jB-XjZDdK31cZp3NQtToqqlOJUiEovltC76180CQsU_QWKjgFN7CB-D-opvjAz0rfambE6e1aWBeEV2Xfb_Ib3PphPoADH1Kt1Jjsbw-zVeBgGEKzA8Hge4P5kFaeErxHxUkGTZIuTnrp_OQHPIgDGv7eYDhAVxgxoVcj_UgDegx8wbLK2ATXpzZjC_3u00ebLF-3d95AXo7xql4gco1i5cj7N75Go9VymlrwuF_9J_H7gxeke2KvVs3ZEL2IUhS_AEsKvrwF_J8NptcFUOtmQw&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=14682752037034078000&adk=497053792&idt=121&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame D182 31 KB
12 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 20:42:27 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D182 41 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 421813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
DATA 200
OK truncated
/ Frame D182 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aed7baf001b9a4139215678844126d1b40eca8eb31bf95e9f0d8d3e1aa2005d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CCF 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3242258529077&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CCF 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3242258529077&version=m202309260101&ct=76&x=1&cor=5461576250965307000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6CCF 109 KB
41 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVFNA0ZpU1Z6PsElWys3n8mJ88vPB5PdhqCbjQczE5mRaAE8ZhPPqpzFDtEipGSK6XxerfBjHNXtLlej9NEKGkKcXlFx0BAgNv1wbNmBwlQeEGJBgpj7RbGwg9yAZ_TYuYja0R12lAvghbEy7oaHReChBPCExkfblFaKInipqoAn_d6JM&dbm_d=AKAmf-ANdhU3SlZsRYIxT_Bdz-bA9fiLS_WE2oBKqdEDO0qSGr1li_YpoSMVwRNSMPeXj72B9U9OQcwXbG0Xsv855GVNaRm4plzKE-PI_w942d65Jq-mFzDA1ceE8g1xEDET7W_vCnzeKCHVN-q7RNoEieVyTFXKRCmHbHmcAgNA7fYXySX-dhIF4F-prHm82Y6JsQaBsepcaOOhQ3j9wU8aG-lAA_viZrmaz7Wcc0QnHN2dIaaUpjtGe8Ce7mDPWGv4W1DjFUQPmaghTOoV7TOOuQoZwWIHrpH9VCtTRNXTWzHBoeowFpjZkQ_xt6Fd8yHQqYkWTG-hgT3jwGp4H6LyXh-Wd5Wam9YPk8DIqZDUv_zUAexJaj24-xcRlNSV9B8kBhs3sdRGBJesceVLO1TrTiUf4FoHaBRGCnVjqECXUrWZn3bRyCpV96IGQuagrKdJSOwucvuADbLNQZf1Di1C7f7l0qj19FJmk_5WdSp_mbeNTgCNv5zcjdAooUgSqQf6rfiU-oqLhFyh8mDmt1nepb6xrgrL-PEfHZh3m0nLvlAf4RoPlFnCcPgaU_8J9Wd8c5QwzBuvCJxgCsEwkYsrlRwDFiKcYGbyt1g4FHvmb2_0-8qzqUZohnAOpIhBgqpK-HeATx5NJYw_c3I1rjrL3ZcEsSCv4M-HuyG1vF7Q2WauOJKGFDb8nL2HfaBBAaHFszVcZ8-AqcW-1hmlLBfPPsP_QfIiCxjtD1bHWYPQaoh6O4Et6mHgi0-VNGAU5lX-VbvvmsfW1TSmufvPvY7omWUWC5SmQwj7DaVmMFKOjej7rE9VLUhIjKE2oYE6oz4i8N_17fVOPeRp9yAztAU6xO0XifITUndi_tIpbL0XoZBT-UPBBHw-WqTXr04RQ8NPP5cTC491Pf5mEwjkvnjpk5jcrWtrakmhSLumyv9AIECTTJDH7W3ovELtT-8mPeBoOcgY9RNxJMXGYQ6_Ilt6LWtXMSIlvhS-I9Xy9hxGhg5qLBKKJaI4sYZPlfyC9cD4ibaaHuJdhn_3os_rvH4mi2ZnzpDZ-t1COg1xeYtxYq0oziwFTtZ8Dhu8aDo5ptkXtogUyPbQm1FafbuOlnT8VTUX19LwvTYlfm-7yeL2DXdicyVySKAFa8qtF3d3eQ1HzeCmWSSDHfOfrNtKlj96hVvPCKJku_PFcP__b2ZCDQTBSnxPNOSvArTKn4lcNQZl8P9iDSauGi09f7EwLBfAAqe3k7ll--zL0DNl5gcUsGmYugrS4IJ6m3PfqsCFzgJ1DXgcEYRRb38MVPL7dhAdQ4574gtNuDyP_DTHVTpaGd0d30jAq8YBjzTKizinAD4t5veiUntf5vcyW5q7IR6tcmHGrvZFmjkTAKc3dIddyv5TVs0M1LQhz7x5aKEB1DIdq1FAsW8h_oepIcjBorATGIVHXLuBWmkgxuW-ecWlE8pJj7sePK0IXsuWxaw661ELBZ_Eju8RVISTldcxSrhXGto6CG95ott6kNOBIyixSJCvW6caFPt_spFSfn_TlHQ5uXBWICFo1zb4h9ThDIhPh-JyhOhTqxxvja9jZtG2OdtlK08Toq3MLpeJIQblcrURlE5D3fXcLrA5oS9UF4dmI9Q7-8DE9fe8z5YcJ10Y0bCO6vghGZRXRfx4U54Uwq92oPDDtRRycknucFGdj-iAU5HITrCboIWcUgof9JL6RzSeZPcPiHc380_CyOZY0j1K1-_8LzAvJsbKLTo2Ixd8zAtvQAyJfAGlO8U-4DuaokbdnzpbKqckXX6b6wW2x8GHSB6D_dr6n02LLg6eTM8ZiD7aqrxWlVIRfe_seHMuviwxKw-2MsF44CceieD4YL4JjFQYMvrPPL3Qs_Q_p0V9kzQYm_9V6jXYpW7Xxhk-YAYODGF7qBsGytRxwgPY2F2fMCmiw97PIsobhMMqiaIHY33aFFYeRwx_v4dYfFmHPamElTMHr18Ug5r43lU6rTjiwJJnf8fzGvVNm6BGCjvAG4bpVnUtW7tilF85XIikuN2Jc-RzhM80W35hnlSrQXtzY-lJXZMaQinwtzvoUpHh_VfmZxb_C0pfKh3g5hBILZjceH5-RGvmG0Yqmf-PKvAotjMzIcrIougjUZE6n6fhvyvD0RJqWLks3lnhyTHBCQQgZ4OQoZwqNTBxxzIB1w8823hGCO92BqHpMVZ6SSW_LFvfRHFokBjM7DFKpA3PqS8CKg4bE5UjtSomeD3gYuxS5o-_pBtW2OsexzbalUONc9STdU0w0Pe3-BsYJUpnL_p3B49UAfZf5ewM5sypPwnWmzH-8kcPeSVkWKMHEW41L2izEn5Ljmq30Qyi7J_KdU_BXL4evJnSU3xKjUB27JPDXQ_mwfgd9aF4nxIMqeGx6LmtKcyRGpvh8XVkWTCeBB15DzexBBvMmQOZ21IcI2u3XF1rb6HI_G7SJkXi88sRG2hNVeXvZBUaUqfBs8QGl24Qm0KGOs9EFWMG7P0Ykbc5-xweAVq-3rPyjhI4LjFVcp6dFhSCgNmQAJh0DrcY0HQZYyxuN_KyoN8dhmRx2w8xIPjhHB5hT2vOIcQlFgJDgI8ltxeh4gf9bDkVVsYPeRu-y5vC-ta4DDIluvGI-KIVdxyM9EpnR0xOdlfh70HzlzpsVAiH6RvRuNnWCEaD4xLhNi-lVVR4oASzew4BHr4h4NltbeogLlz-byAeGyDEcgDaXDMf3m-9t-lyeyxZ2tBLCyWWra3AU45memNAZMlxOxcS9VXxL0g_Cl1oNvz6we0RABl8vAAhV4EY9oxVgKo93P70eXFA8xymyV_n6NQE42zQlxklSRdWwEgeEXamdSSQiNt-Eo8i81W7QPIEmbMEZpMIliDF472tIDAOzSqPr8o_BnpHFRDJxMKPOYMrB1shh-Pa2xAsfNMu-219_l1eOhExtu2LIp4Em1IwoXfpBFVu4vEe-Wc4ruSjU2CiXrpOQdLvP5DddKkGQ6pL4fn29uOGiXWsyIwh0YyU8UvP6LtWwzixNqYRgsz_7MYpACsuegRDJiDieCWWYHVp6if8v4VlGKFuVJTGeN9mY8unRnmAjRH0WMLu4f_XQs1USq1Aqm0_ssYhXKlClP7Q0GwOaooCVUDqCw12Qxo6_c9g_rTLoFPjNrumUM0arWAfziXsqUag-jCgqAS6cxQ9gkeFH_KlGJnYHGwte4XCG3ftboDtkuu61m0KdMixU5QMkFwpqw79ckN4y1VDlA6sLoSGY8c5pmo8by5kCOZO-WuXoEGU_vu8N_TjUPHO6CTa5oo6arruzxF5pNTGs9wQgM54ficxG2MhJ_y8WWWtDjZrnQdlul-6J6z7q4CS_0I3cgPPqJGKoPSZyM-Rh6B5iFyPAPoXP7qx_cITPn1-PYRxc1cZX_faszMteASIchjXUa-9pPEFqvUKQna-0NjCE1vsl2yHElQfn79yvpJVVvrihfYnLCnP_P7vf1mc9WATi1PXvSmXnuJeFjGmr40kT-u344WJCC-b95wM2bHGbH3ZYiIyis9Wm4MHc4U0zqsAlt4bXHF495erHFhpnb80qdsFirb4mIRig3gq4rxj3BbZCLVpYxfD9DGeLmpQ1Mjy9pL7_4I504VfG82SnG0NUGv2CQrQOJE2kdC_Gqcb2qQAqb-lKMTpZ0wIBHjnmf0v1IlsifML2Hv6HDeNPlPBJFdRGMcqi0ioNLbg172B0jBRnORrpQAoTYde7zBUQl54Zjno_cxr7g&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=5461576250965307000&adk=1726166463&idt=198&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8417df100729f32b558fb35d7d76694f24354af51d5d6088a0f61ae3f5c90e44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42174
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 10E2 38 KB
13 KB 18ms
18ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 108114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523888/ Frame 4577 255 KB
77 KB 64ms
46ms Script
application/javascript 54.217.222.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523888/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0iombqB7ID3_fCGbrkNujAU&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iombqB7ID3_fCGbrkNujAU
Requested by: Host: www.ransomizer.com
URL: https://www.ransomizer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.222.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-222-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ff6ea408a6f0d5eacb673cd0818d80756b1c1a83b36f890561f58821463ddd37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4577 111 KB
39 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:46:38 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 4577 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ATWP0jwEwJ8HZnS_TR5LJzvt1XuJKxp-U5rW1_ZxRqvFLFvS6zIYrNmy9dEk-0XcAsj-ZyPVGe-g-jH4N9e0V4fs9xNmO-fKGZ1YdpuVgV1LeFcMSTyTdXRKQEXiK2HTcsnb73z8CJOd8tLHNywyBtKMuk0dtQeMzUwCnajWVSrUyzj1Q&dbm_d=AKAmf-DhldsbI2Te1ztDRDM-sm7xmaiUxhOj4hIufn8xGxYrhT95LfJcK_z9hh0cxO8xeSp4coIqThrdESlMjj_0sHWoa1PEIwAzB9OqIf-Y24mJrB5qJ2EwI0N9hWV8uUWOEf_TTZ3SmJMXcht6tXJOVz1v4d6S9DFMelHxzTt0bi6B2mFGlRkWlIS6d2bEC5IBUVE8aN7Z_8GYk9cK5idG_q0t6ifq6QJ5OJgZvHiQYzW3xTMugXyNZHSprA9peKWluu7UIYeFFbR8gaHTm2NinT2m3NVJdA_WhfXvfi6YMk0qzukvRtdi6-dVbKyCIdPeNTp_fczBmMUNR03wQNNSIMpd8a7WEbTedb6I8f9d_Rrg0mJ2RgpdXv7EjUdj5ku8Z65DA0HoQgTjWJjBaar_ZhRGpjyT69moKpZDl8LhMrgsMg2Ej3B3BLfgbRSzgiPgjuNiuZHtTvhdIyPV5mOdAdvXVJNhF51tSGxV9B4fQQIRPJdEBu103COlGS7eO7g8K0OUqLGYieGGy1hOgjO2fuD7-LnkFqJ3m1EWCujGl9luLa3mHf98rydwsdnC5kqkH3waK8FQeM_hcb1o75WQHDH93AxAm7bKXKQ3bJQf4jPA3pY_MAAwSmyjKS_DYwNcX0u9CoWikU2d5dfzO12kmCSY-o8ScH0CF7Zaz7g58N53qxtfL5q-I2-lT67I9JHSrmu4zfPEa_zLSCDa3pgTEHfr7aggMlpMPh7z_s8_7zKlrraps4bHx9TY-Pm8soww0Lij4c3Ux1hp7hTV4wqdEpgwzz7RQDUtSWnl_d0PFr884b2IDjIi1C345D44i9RsGnTpd6y6zRhrc3rK0I_FvVPvuz4BEzvWvjd-V_eUTEJeYxBHtjDQvRfEXdFa06WHy3shL8MIWJb9ql1VBkXhaLB1doe2D9hloIhij9OSz98iL-Oy5EsZhs2DuA8FtyXc1wrcnwio9MXm0sERr0LKbgtaoNmtqx_kt5VbbIUzeBMw8p41Uck0XYpiwYlfSij_F6sDpfxZvw_2vSgByX-Y6E75j9S4Y8qsCmK4jy9d7MeXmxzkerMAtWpr_DSD25uIjKnBqTkioKBZiyD7C6wPS5FpKw7ARVkEN9-eCWANXcoRK6rWGYKX37AeOH_9RRO5HOmxUYP8hbqNrkQ-HARGkLLu1g-jPEF3BmlZ3JGyyljUyLyjzoh50vcM54Sub9dkH4Nm4iILxVKZ0evl6pijHWz3q4_3-aZHSn24VDYp2tVxYwYpUJ3s602O7J6vrfx-LwcEkvKcmKUcuR6rcO2HPkQ2wJQs-xhoZdKGCGXdrTFKmFZ_mXq548QRKgzvQAxSb2hqFQ6TmOsr1jnU3uMpHCpKFPFAUDzXr2juqpw8EhuzIRAtr9XnyDYvzSj1e15H3DS-TAEPKK09gpEs6OYjM4vvWbzKRkVbd6aXdH3uGbH6pocDZABw1C1OJwCq8g5eppfNywWvw3yqa7zLskJ1ojWJOt8CRnNlrluzu_grPPzwi6dLGHw7ugKab-ZrdHq6AQCJhE2guLeQzvE8TwN4FnW3t7RztbK7nSgico7xkRMKZ0bG-Fm8azLXQL3XB4A5aFJWAtS9qywbn6jwvjjCNCdXnEhuYuz5J2A3u7ExeMka1DlZNOyQxdgpC85r088ERXc72CMW9522m7wQvXC8CJ30-tl_eKNmO3uzpumLjTRiNx4e1ujC2fdIWTghQLSC6j5eEj5vJg6K9SuoAnOyRjYhTts6_OuCbU3gH8YX2Kfr8KdD8xASZGK47J0wUb-GVabcqSBcaWQE_lfMEZ9-Pr7YGdQZd6ILkqju4L8ZArsm7pX7fts-mMDYhtCrAo8ALVGYox-3chGIi8YNqa63s3iQ35LfMggpLS0BUIs4i8G8VAqMauOSpG3ZMo469q6hvaEKnZDwnODPjCjFK4BfpWUFj4P2_yr2ls7eLH3mQIOp4t5ql2cKR9BeTAHC_jmElGPgyURQPHk6_KMs3p2q1DvulI9TVq2BGUAseuI_-rTohsXrq1_p-Zv1B_tTuN17pn8-c--7SvGq8gJ9Px9VkkB8xScJ5rga6ddr0W7ytFdTRezhP81XOXvIoxjXismMoO3JlVduuseO3l7cTjQ00rm-hUODud1WxGrxrnZ5se-jscyDBmhpsxdHqHwgdsfV6jUKZTvxIG_hKbi4dVSPIrUyNCNdkfnJTmV8tuZwj4z7kK54NMv1ZejmWXJ2Dc4vdZhcS5XB8V32xppddcu0kHG120MF5VF8TZ4i_UNg0kvDAd5M3XzPp5Ez9WrnVUJO8kmIaq4mtqL-mCrVdf0-kApBar6D3Xw3bK5bZuF0DzCTQ1b3FHdPhmbGH1C8qLJSMn0jeplkH89uQzGbACiTqkVcdb9oXV2019SzSLtPwlNiR_xp839-sZk5-LgyFUxljLfLk3BjakoguNT2CovTcrhOQS7EksHovItQXqbBrBAfxlkuc0OZEqyVfXSQqLQJO192_F989KNSISKIXLwtc_JFvjbVuDBGLguO70U2HzTmz2AegEdL_0C_IaEMUehnpyugHq-VdtR9mi2Iyk5S1GijlMYo-3RWEqFNvjcLaPdC-UQdCkWqDarc51ckGFvvoH31F3vy0xdaPp0N-6W36noBZlhcE7M1tFC7dsn8Vj0D0iXzlxl0AEi7c-ikoHphHrCHsbAcZwHEskSK6HYxeSgKHUbkeNXZNAkrRu5Vvl-HPR_QGFK9Ut84r5iD4R7gMZiGTvSRvBGrX0o7dOLQR-l6_oSDgQmE4bgZLynprYSUGvsqEGFZDV_QgfPNx28_dihy3tFd-ZIqOKzUC-IMJow_-2Wavteh89_9mIqDNOb8kdU9UnhOgXPxmtRwj_MqanyRF8dZr1Hsac-fh8gcflE22t9NisAG1kksIJLSnQXlmI4-AJW7CCynRfLfeIXPRLHCpSjOiScdR65tus2-pXEXDf4ivyDAD8zol2XoIwyFOv5ucZIh9PBmbP5if_8MD2B4dS6YlGE3W180XLELqDN9ehnacuuBSK6ciWXAzyXO0M7ogZSSga-uacxQFNK0owv8Uew9aAB0bUUSaYPVuiEqQOj5YcO-VCQQkbF-KAfFHFVLzgXjvukBePkEKdKx_wK-TtagjYRyAa4kp9L-5_BMiM9V2iiu0Q-GxBlShq0ivsL5nUICV1OwU9Imn0Qk_lJFgwXe0jGMVjGpLjJR8W79UkXdsN7TtBbWpAKs-WuwGdJZLmq8tJGnsOZ1O54yxjZqQIipCcxrKazmtVL8nRgrovs05dFMC_07D2s023A7NONXYDrjv771kAkQPUrONoEJg8_xQAYhkjko92NQYjCTCldfU45SlANYGRohZID3kkRikLW0y_RRTt4gk2MrnbT59MOTADQCL7-B7AObQ4qGADFqIV4HwZozjsTJCV_Im6Ztb4N3SXONQSpV8gEyhJVzwpygVnSJWHK3_h_6ghBnca9lRNNBRBrwbaknFEMwRqSk150vGd9irTU_7JGtMJMg7ZwEfTIUfI-HHpNlxDNAmnyCbe35mMPmUD99WjT53GBFsW4-ryrV3SasvQVYw74PtMeL2fBXuD2i26aCvp9tPrJZ1gn2zVvIz_0Hf8JlO1SombS0T7O659mztC1m6Gn0Gt4e&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=9737416674403009000&adk=1761367584&idt=176&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 4577 31 KB
12 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 20:42:27 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4577 41 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 421813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 10E2 39 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 11:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Dec 2024 11:47:25 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1B41 38 KB
13 KB 18ms
18ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 108114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/1064608057035189096/ Frame C41B 6 KB
2 KB 62ms
21ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 140074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1879
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 00:20:47 GMT
expires: Wed, 11 Dec 2024 00:20:47 GMT
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D182 0
0 119ms
65ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPrzhdadyV57mmfxViri_8wf1qZVe5nsMU48bQUiyStictgB8wuHN4yAl9Z1a0jT-2dpmgP0chegKZ_ZC4NoBaS8_HQ09cmSNyzyfojQXZsDgyFGT31EUTunTfMNeUrXH9i0CUXJfpllWiCyckRkWrzC9Cta-JpfGUPCjasoJJPg-yR2OZFZDt_yxTXWSg9hJRc92nxYmuW-YD2z1u2bi5GQuhXwYhJiVOH7SzkvUxnwfuENdWDYnMURL7dESzgUxdxWz_oz_yx3UtkdfBSNP4PkbsDiTv33XdYOrN97u92m2igVjJQl1aBg5wnPTpjTLbbm9khuIZNB4Kumne7OMJQVoL7N9WVo9a-8XBTwYWN8XAk8a6BgYZgIhyaJvgGjIfZh85Rl7Gy5MgVEHPAzvaj58XmkVFyxRyfUDE4Xwr9guN1Mvmcww1rta-X4Mmdc79uqC45y8w0SkbtlFy6CHPVjq3KAnHjDAmm5cxoEzwQlY34eBVEWdOpYIKkuvgQuAquF0Kc30Uj_SBFKlm1Zsd9CsvRR_-wQeaO62h9dZm0kZ1UhyQX_m_--J4eGu8-LXmECq_daCIdW3eE8QhJAi4kyA2cO_J87SdAfm4CLhTocvEgaRvRtyugp7_DwsgmksWTCt-se-jL91DNigV5WQZhgx4gUiXWid7UptqIIQTzd6cT48oej35LUV-sr4l5MCO6LCaz3dcQIQjw0PrGIddM-s6OrIQeYAdwtX6_kAxm39Gx65r6N1YUfaFnU4UIzs_JVlgYLk85z3UhmKIVJVta8GMSZZa5kPcwY9k9gYCX3WAy4XvBv2-XhbXmijIXJUWyuuaaRkJ7AuoTLUIeQJdQLK2Jb5exntWDJW6QgJGvfbhETbed5pvPchGyAMmxWqYlBHz0ClLn3koyK6ENBdTi2Cx40paa8sxsHLC-y_Tz4TTU1grPCPHai6JZIAAja4XE4nxSLlEzO09mbY95ijci9z3WDUxgoqRAjYa9QJrh6wb18jNGXv9s9UowcQ5UtKyMjJ3e2kipUCXfoyIlsTXMf6YW_Cws2yFg-jBqCiMH1CYs43HGxgiqKLcJidADizyBBWXMSCheg5CMv3pouYg3ZFgAgiyPA5aFeaa4s5NgEq-VEO_xygimbYaG5K0yy4CD57jqgfklU-Mo2VGZYk7qrWT22FHKAry9jhWDgdUntWUKgbBV9x9tlVtbvsJZBZfk1vBOh4_bmiBPzkXyWXgoXM5KqkqF3WOfkhBcV5PdPn80BFDrK41eoIPfj6fZo6Tgg7ZEfS5WdzOWMvF177kTwwG9NvCEwDcY_BvSn_5iqvidwuf&sai=AMfl-YTxyTxEiVKYRiJpNx5I-01-KC1pxysCUjaRPeZ9sOebyH-PaYFnL7ktJOejgE9JB-yE1po5VrIeWyKaAbUB5bP_KyfWP-71DG62bWQ61p1TrbqlcvmWWHB11vTe-N3UWTtSnvUNe06QzO1Dzo3MjuPmtDfIuWDW6-NsM2jCl47BAlTyyLXc7jUUr_6qRwsNKXH36RfTJDm9gAxV1Yp5r2NjG2uHzNCNVtd5xNs2WXsCApCkJnvIUrzmE1ZXdQQACsc66BLlXmjxHZgcpHgeKkydJDY3e06G7TmQyw&sig=Cg0ArKJSzD9Z5NbR0QmSEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=109&cbvp=1&cstd=107&cisv=r20231207.58135&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523873/ Frame 6CCF 255 KB
77 KB 105ms
105ms Script
application/javascript 54.217.222.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523873/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20487175905&bidurl=https://www.ransomizer.com/&ias_dealId=&xsId=ABAjH0gEpz6_AyaJf_BoyJq2tcdD&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gEpz6_AyaJf_BoyJq2tcdD
Requested by: Host: www.ransomizer.com
URL: https://www.ransomizer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.222.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-217-222-23.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3c04eb4dcb01cfc622831f6ee979a1cf12aa0f99289250e8c1193b4fdeff7051

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 6CCF 111 KB
39 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Dec 2023 20:46:38 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 6CCF 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVFNA0ZpU1Z6PsElWys3n8mJ88vPB5PdhqCbjQczE5mRaAE8ZhPPqpzFDtEipGSK6XxerfBjHNXtLlej9NEKGkKcXlFx0BAgNv1wbNmBwlQeEGJBgpj7RbGwg9yAZ_TYuYja0R12lAvghbEy7oaHReChBPCExkfblFaKInipqoAn_d6JM&dbm_d=AKAmf-ANdhU3SlZsRYIxT_Bdz-bA9fiLS_WE2oBKqdEDO0qSGr1li_YpoSMVwRNSMPeXj72B9U9OQcwXbG0Xsv855GVNaRm4plzKE-PI_w942d65Jq-mFzDA1ceE8g1xEDET7W_vCnzeKCHVN-q7RNoEieVyTFXKRCmHbHmcAgNA7fYXySX-dhIF4F-prHm82Y6JsQaBsepcaOOhQ3j9wU8aG-lAA_viZrmaz7Wcc0QnHN2dIaaUpjtGe8Ce7mDPWGv4W1DjFUQPmaghTOoV7TOOuQoZwWIHrpH9VCtTRNXTWzHBoeowFpjZkQ_xt6Fd8yHQqYkWTG-hgT3jwGp4H6LyXh-Wd5Wam9YPk8DIqZDUv_zUAexJaj24-xcRlNSV9B8kBhs3sdRGBJesceVLO1TrTiUf4FoHaBRGCnVjqECXUrWZn3bRyCpV96IGQuagrKdJSOwucvuADbLNQZf1Di1C7f7l0qj19FJmk_5WdSp_mbeNTgCNv5zcjdAooUgSqQf6rfiU-oqLhFyh8mDmt1nepb6xrgrL-PEfHZh3m0nLvlAf4RoPlFnCcPgaU_8J9Wd8c5QwzBuvCJxgCsEwkYsrlRwDFiKcYGbyt1g4FHvmb2_0-8qzqUZohnAOpIhBgqpK-HeATx5NJYw_c3I1rjrL3ZcEsSCv4M-HuyG1vF7Q2WauOJKGFDb8nL2HfaBBAaHFszVcZ8-AqcW-1hmlLBfPPsP_QfIiCxjtD1bHWYPQaoh6O4Et6mHgi0-VNGAU5lX-VbvvmsfW1TSmufvPvY7omWUWC5SmQwj7DaVmMFKOjej7rE9VLUhIjKE2oYE6oz4i8N_17fVOPeRp9yAztAU6xO0XifITUndi_tIpbL0XoZBT-UPBBHw-WqTXr04RQ8NPP5cTC491Pf5mEwjkvnjpk5jcrWtrakmhSLumyv9AIECTTJDH7W3ovELtT-8mPeBoOcgY9RNxJMXGYQ6_Ilt6LWtXMSIlvhS-I9Xy9hxGhg5qLBKKJaI4sYZPlfyC9cD4ibaaHuJdhn_3os_rvH4mi2ZnzpDZ-t1COg1xeYtxYq0oziwFTtZ8Dhu8aDo5ptkXtogUyPbQm1FafbuOlnT8VTUX19LwvTYlfm-7yeL2DXdicyVySKAFa8qtF3d3eQ1HzeCmWSSDHfOfrNtKlj96hVvPCKJku_PFcP__b2ZCDQTBSnxPNOSvArTKn4lcNQZl8P9iDSauGi09f7EwLBfAAqe3k7ll--zL0DNl5gcUsGmYugrS4IJ6m3PfqsCFzgJ1DXgcEYRRb38MVPL7dhAdQ4574gtNuDyP_DTHVTpaGd0d30jAq8YBjzTKizinAD4t5veiUntf5vcyW5q7IR6tcmHGrvZFmjkTAKc3dIddyv5TVs0M1LQhz7x5aKEB1DIdq1FAsW8h_oepIcjBorATGIVHXLuBWmkgxuW-ecWlE8pJj7sePK0IXsuWxaw661ELBZ_Eju8RVISTldcxSrhXGto6CG95ott6kNOBIyixSJCvW6caFPt_spFSfn_TlHQ5uXBWICFo1zb4h9ThDIhPh-JyhOhTqxxvja9jZtG2OdtlK08Toq3MLpeJIQblcrURlE5D3fXcLrA5oS9UF4dmI9Q7-8DE9fe8z5YcJ10Y0bCO6vghGZRXRfx4U54Uwq92oPDDtRRycknucFGdj-iAU5HITrCboIWcUgof9JL6RzSeZPcPiHc380_CyOZY0j1K1-_8LzAvJsbKLTo2Ixd8zAtvQAyJfAGlO8U-4DuaokbdnzpbKqckXX6b6wW2x8GHSB6D_dr6n02LLg6eTM8ZiD7aqrxWlVIRfe_seHMuviwxKw-2MsF44CceieD4YL4JjFQYMvrPPL3Qs_Q_p0V9kzQYm_9V6jXYpW7Xxhk-YAYODGF7qBsGytRxwgPY2F2fMCmiw97PIsobhMMqiaIHY33aFFYeRwx_v4dYfFmHPamElTMHr18Ug5r43lU6rTjiwJJnf8fzGvVNm6BGCjvAG4bpVnUtW7tilF85XIikuN2Jc-RzhM80W35hnlSrQXtzY-lJXZMaQinwtzvoUpHh_VfmZxb_C0pfKh3g5hBILZjceH5-RGvmG0Yqmf-PKvAotjMzIcrIougjUZE6n6fhvyvD0RJqWLks3lnhyTHBCQQgZ4OQoZwqNTBxxzIB1w8823hGCO92BqHpMVZ6SSW_LFvfRHFokBjM7DFKpA3PqS8CKg4bE5UjtSomeD3gYuxS5o-_pBtW2OsexzbalUONc9STdU0w0Pe3-BsYJUpnL_p3B49UAfZf5ewM5sypPwnWmzH-8kcPeSVkWKMHEW41L2izEn5Ljmq30Qyi7J_KdU_BXL4evJnSU3xKjUB27JPDXQ_mwfgd9aF4nxIMqeGx6LmtKcyRGpvh8XVkWTCeBB15DzexBBvMmQOZ21IcI2u3XF1rb6HI_G7SJkXi88sRG2hNVeXvZBUaUqfBs8QGl24Qm0KGOs9EFWMG7P0Ykbc5-xweAVq-3rPyjhI4LjFVcp6dFhSCgNmQAJh0DrcY0HQZYyxuN_KyoN8dhmRx2w8xIPjhHB5hT2vOIcQlFgJDgI8ltxeh4gf9bDkVVsYPeRu-y5vC-ta4DDIluvGI-KIVdxyM9EpnR0xOdlfh70HzlzpsVAiH6RvRuNnWCEaD4xLhNi-lVVR4oASzew4BHr4h4NltbeogLlz-byAeGyDEcgDaXDMf3m-9t-lyeyxZ2tBLCyWWra3AU45memNAZMlxOxcS9VXxL0g_Cl1oNvz6we0RABl8vAAhV4EY9oxVgKo93P70eXFA8xymyV_n6NQE42zQlxklSRdWwEgeEXamdSSQiNt-Eo8i81W7QPIEmbMEZpMIliDF472tIDAOzSqPr8o_BnpHFRDJxMKPOYMrB1shh-Pa2xAsfNMu-219_l1eOhExtu2LIp4Em1IwoXfpBFVu4vEe-Wc4ruSjU2CiXrpOQdLvP5DddKkGQ6pL4fn29uOGiXWsyIwh0YyU8UvP6LtWwzixNqYRgsz_7MYpACsuegRDJiDieCWWYHVp6if8v4VlGKFuVJTGeN9mY8unRnmAjRH0WMLu4f_XQs1USq1Aqm0_ssYhXKlClP7Q0GwOaooCVUDqCw12Qxo6_c9g_rTLoFPjNrumUM0arWAfziXsqUag-jCgqAS6cxQ9gkeFH_KlGJnYHGwte4XCG3ftboDtkuu61m0KdMixU5QMkFwpqw79ckN4y1VDlA6sLoSGY8c5pmo8by5kCOZO-WuXoEGU_vu8N_TjUPHO6CTa5oo6arruzxF5pNTGs9wQgM54ficxG2MhJ_y8WWWtDjZrnQdlul-6J6z7q4CS_0I3cgPPqJGKoPSZyM-Rh6B5iFyPAPoXP7qx_cITPn1-PYRxc1cZX_faszMteASIchjXUa-9pPEFqvUKQna-0NjCE1vsl2yHElQfn79yvpJVVvrihfYnLCnP_P7vf1mc9WATi1PXvSmXnuJeFjGmr40kT-u344WJCC-b95wM2bHGbH3ZYiIyis9Wm4MHc4U0zqsAlt4bXHF495erHFhpnb80qdsFirb4mIRig3gq4rxj3BbZCLVpYxfD9DGeLmpQ1Mjy9pL7_4I504VfG82SnG0NUGv2CQrQOJE2kdC_Gqcb2qQAqb-lKMTpZ0wIBHjnmf0v1IlsifML2Hv6HDeNPlPBJFdRGMcqi0ioNLbg172B0jBRnORrpQAoTYde7zBUQl54Zjno_cxr7g&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.ransomizer.com%2F&ds=l&xdt=1&iif=1&cor=5461576250965307000&adk=1726166463&idt=198&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47843
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 27 Dec 2023 01:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 6CCF 31 KB
12 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 20:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 26 Dec 2023 20:42:27 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6CCF 41 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 421813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame FCE8 6 KB
2 KB 20ms
20ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 139545
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 00:29:36 GMT
expires: Wed, 11 Dec 2024 00:29:36 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4577 0
0 73ms
69ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuREQF5NvcBuX4AfZeUKaHxyowBeZgRJcOHzZk8iwex9L6vu-OG-6toiI_-r2fBIaFPM5KQ344gRwEJo4yaQ8IzHesSUVs5rXRUpUtikl168bDUifn3VXCn-rIjo58D9pUzPsvT18Llq6rmOZJBoZAsb5bpyBFm2U-1ZzJjjl3j1oLoMNMBmTlE1iDH44qXvXqKxqWHAuMsta81z07dGAu0ZLVn2iuu3O2AibN0QCuDFD87vQiroURksCgFVjNXlLUu-2SUtbQnjhJqjc5SCVg6UnxNraP7DHbKWEhYcV-y2R28svSIUhZp9Ke8n5fk8vJSC9R2da5CgoNfRGQA55HIgd8F5rYSt-cZ-US76w9XHBFiKACBnk0PCz_FU0a64zOGkhfImwXdVnmX-LIAnC6HijUJDsA8lmUnetZpr7Jv4ghmwNN9kbwkFBkod1T4Cf9C72xWYpWDJ8vkMW_-cRB525LmOHkepjNqCfHEAocuG8L35K9hQdqdCyTndIJoZBU_vhLanOoU6yXp4WostnR7Zvf-A6faWJDToMZnefWycbQkbVZHGRdggEfffckgy-bp9akyU_EMg9f-6Jkm3QcxGV5IE2j4_i5lOtLp5V77ebl5S-NRn9n8IW5eODvgim8mUUAkYHuqPoGU-ISIsWfaKWG91Rw7FUv21rjnJ8iUtQQsvbCNJTl1y0hvsbdNiACDR0C1PTUqQ2GEjFFtq5DfInhq7NwcYshGL9euscgFHfyIJwiy0udSuxEC9nHmRKuM89IbzCltnPBw60yDEawSePDctT-vLjfJkCaHvCLjg70CnMkt50eX18i1NqcHeOs37kPnnGKHMA02eD1kBBQP8fZMg2GTGNnO4kF1sLWh1amo5BYRMJlVj-Sr3RSgKht7qJM_cspHlrpUij6CNJMhViKjUqX1siLMX6mhrmqczVIXvwlusWt5O9-XoVejSR5KpIMoCCcxhSYFHEYzQqAwMf9waeFMdGE60KdmMQNZmaW8H7HaVhcpR1Xu_iXazF952VBl3IzdQgbBJwkuN8CKzlF4gW64zme7gp0VG6Cs7hQPz0ZPh_QVUYxW5FmyIj6K9EzyMxJjk5a5WQ3FpDYHFz8RJnEFk0GTUl-ULxPj6T0a_KYBRooO0WOu8AoJnmh4UXyotZaHbYr9WT_pOv81BwcpYBUyJW9fnSGVT8YzGmjknf_ujlvAPyTwiogQXeIxq3kGQrOxwVWLLPL91ODlj-qShODH-av4B6bftdux8JhxMMCnDuZwFiEMyi2c-AEy_vWuTElm9Pc7hTIyN9T3JDoSBmcO9fbjWDFOSkocRksKa1Ooz9UV&sai=AMfl-YSiNt7Jdx1cx90P_78sxYA1rCIdSu4XLmAfk0HuDqH5OW4zrGBSeCrhKbTtY_WOwTNzprR3aEDrbOMDvidBQFuEmCzMKCS1iXzQGNN5XraYoAyTdwaq5vdklG8bAE5PuBtoVRV_GGVJbKQvweBYGgcl3u-zxudtD0UYycFx-I0dp6_loIMWZIk3dqcv_kPHaONnqYARVcbdBz3uevxvZgg5wmJHTUq5_jSS3dOWJlgWuzWsVI6L1nIVO1EyUfzbD8cpGl1E53czOUNi28MH_UDS3qXNQ6JIPqgGfQ&sig=Cg0ArKJSzCjUeQS8CBBnEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=87&cbvp=1&cstd=86&cisv=r20231207.20895&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/1064608057035189096/css/ Frame C41B 6 KB
2 KB 21ms
21ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 20:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2000
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 20:44:22 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame C41B 70 KB
25 KB 68ms
29ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 412955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKV18EBR%2FiWoRUH16OfjxbobLoPmW1SPvfMmo8jWI4yuEdPlU%2FWxMHPGRfQVQuqFRnKQVaTCT6WKIxbMjYvUFzP0R312wroTEd2ehGRt%2F7NogM%2FSgKtZVM1rSzOFpoB9w6%2BsmoEZP69xYbAivgHk2QsT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afcdc2c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame C41B 7 KB
4 KB 65ms
26ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1342576
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWVpOC6t996rJB%2BZPsD8vdRx%2Bu35j9K1F95u%2F2HsaynZMjmSxZqL%2F%2BGyZiEnFIixssTQp1UIHJgxohM6Za5rJEaSk0nf3%2BsftWpMQZNK3DFBXmJZ2QXLHzJVr2qmlfYW47JcBU6qE93bvGHalk4qjCE8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afccd2c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 2 KB
1 KB 23ms
22ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 23:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142791
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 23:35:30 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 2 KB
800 B 22ms
21ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127287
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 03:53:54 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 429 B
349 B 23ms
22ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 14:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176332
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 320
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 14:16:29 GMT

GET
H3 200 dyson-v15s-submarine.svg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 25 KB
8 KB 24ms
22ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dyson-v15s-submarine.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 12:55:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267600
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8356
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 12:55:21 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 33 KB
33 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 15:40:26 GMT
x-content-type-options: nosniff
age: 171295
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33567
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 15:40:26 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 33 KB
33 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 13:08:53 GMT
x-content-type-options: nosniff
age: 93988
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33601
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 13:08:53 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 25 KB
25 KB 28ms
28ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:11:06 GMT
x-content-type-options: nosniff
age: 108255
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25911
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:11:06 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 9 KB
9 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 12:16:51 GMT
x-content-type-options: nosniff
age: 183510
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8971
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 12:16:51 GMT

GET
H3 200 5-min.jpg
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 12 KB
12 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/5-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:50:15 GMT
x-content-type-options: nosniff
age: 109506
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12054
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 08:50:15 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/1064608057035189096/script/ Frame C41B 4 KB
962 B 27ms
27ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108679
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 930
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:04:02 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame B642 6 KB
2 KB 22ms
22ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 139545
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 00:29:36 GMT
expires: Wed, 11 Dec 2024 00:29:36 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6CCF 0
0 69ms
69ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmWjdzjNvu-ayHc6lf5nrqqWoPUuoqs_DGNWW-Jc82jDCejMZhmVoyIS--O3G3y4FSLV7ksARB4mwp-tHHUpyFQjyydtay-iKBJyVJgbPol2nRXRn_JD61iMvi7EghSXnVs8AASgVr8kA8b7s986MkZxBmWUbb3xzeHpVrrkI53XHP0Th6w-tZ4G_mNShoQuzEQxDIUdRqSRm0EnFF6KSC5qvuufDaa1ywZOS3E9GSPqcf-71oD_Gdpl_haDGceZiBdWxwfAJQsaiymUsa7Ff0ZjIfVcPpdkLD0f6mP63l79hjl7EAbJJAzlRFqUtdojcObD4jkaF4ZfAqE3kIPqvdSkILwD2NxiPyB5O_EGJ1_yylP1DOO_fHspz3khXAp48YCzifEuhibacxO8Hf1p2uYUGPHtSCXPvu_iENeDCmua_MZLs3SBx_iAlQL21YcRD7J0Jd2Js60MK--kRU_6Ca5r83QV-2Ji6vo-fQreCBc4Fh_QJ_tTW45EkC7oi5D7Cy8VeUyGKBd3Y6HlqEHOmuKjWQP9Xrh_nVRM7UIlk92OLvXkqr31XqxM-3CqiT0jv9tEtIzPJm1p-myzbBda5IloffV80hLyjtWrSYlm4uieqyO5kxuOSlqCESywsmRGaRzMmp0sFhkEPi0dKSvhsCfxUHCb3SWOKrlaGdoD4UWxLo4yxY80Lf_dfq8NkVN6xzsYSUBFRn6XO3bPR7wqhBRtHIDBVE4s9Sh9YxqVyGbW7AfV6NrTpEASTJ5GzIeAviiFZCOKH0CvzYK7F8slQwyYgLhvLfhxsyLvkpP0jYr5c12cdAb8rnW7dh9rjPk8Bq_PY3X3ky_K_r8xnzovokyjMCnZVhljlfY0YFuVQjN-H8CcbH5VPKzSlpeEA6_uz5QAtCVAsV_RkLl_oXi-yap-gRWrMHvSek8xZ3X8VSSBPwYPMQwH_yhm9di_I6li0uhOhppICVvpIZ9zBYD2JOzrsxxNiHXXJpfItzHj4TVyOUea2wSUNNNi0pfZwcg9UTa4D4_tEQsE04_Z054EyGZw3TERUxyr5TdUx5B0rr8WQnHC7beXR_rp3bzJTuzZOLncq1OJYvveYkhIPCPtp24-tZrRUWoi51VdSK59uM4TMNJmaracFqRQtMkLfmZkrMa0Argd8C9rxyPG4QYdS5dy3PtP9W0W5LANiGJ1LiHWtbcJpLljdlOgKImVq5FtiF4ae1gdEWAbQaX0g2sfW6OHJK4-5at5EiNNbNyLxTfzsjhTrVJTBLB84rDn1ATyb6QILVPPTilVVVguxn79DD917IY3PCGStknP-A4xjlefH3j7xb&sai=AMfl-YRNwJHXzhtBi70V_gZa3epkzBkK_Pi957mLrDrk4r5GwWNozEKYZEYDIO5H3mwme3Zg9F6Arqs71bB1XHJ9YY3Nb-Hc2j04pbYBxrgyzLH1cGbsYLHmHx0YW-kibMtjst6fzELMcWs8IRWBUUMwNimqLRRnGMqyTPNqRSFSevPVnbAzAFEp-WjuyqqKpcN2UE0wUaGlPzc4n7a_q2yDS6gs8pm2Gs4mjwe_qNV20xXcLozMYA9mHETB3C0KlS4QQWjNufWZ2Kp0g-JjCk-9QkIfqU-DLRmNJUY7hg&sig=Cg0ArKJSzCv1kOONik4lEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=70&cbvp=1&cstd=69&cisv=r20231207.88305&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame FCE8 5 KB
2 KB 24ms
24ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 03:35:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 12 Dec 2024 03:35:42 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame FCE8 70 KB
25 KB 78ms
43ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 412955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KNTQab3AzaUVP9SWaYYsHEqfH2Nk6YHGQY3k7AFCxkvgDggiedLPSSxlnyIBditdzcY3z%2FRS7kr6snQ%2FuQFx3NUqh8f4sxp4YyN3A0jZCGqEscVCUh3WnTXFzWNzl91YknraTpIAp5N0DGMlr1qE7PtX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afcd12c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame FCE8 7 KB
4 KB 67ms
33ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1342576
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88LGyjUjvC52OybVKfU8PjbKl6wqr33EMlnot2gkuP%2Bi6o3G2asW2oTLSWFEHxnSo5IpfRyk5odOilulL8f8fOQLSYtQ8AsLrY%2B%2FLoWJ7d3hESYrB2gw0Xk6byKEw4GWln3iLtqz7mxgHtsMMbDfXs%2FK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afcd52c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 2 KB
1 KB 26ms
26ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:02:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:02:18 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 2 KB
800 B 25ms
24ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 02:34:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132071
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 02:34:10 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 13 KB
4 KB 23ms
23ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:12:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:12:50 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 31 KB
31 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 04:42:51 GMT
x-content-type-options: nosniff
age: 124350
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 04:42:51 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 21 KB
21 KB 30ms
30ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:59:06 GMT
x-content-type-options: nosniff
age: 108975
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 08:59:06 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 25 KB
25 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:56:47 GMT
x-content-type-options: nosniff
age: 109114
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 08:56:47 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 30 KB
30 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 05:08:38 GMT
x-content-type-options: nosniff
age: 122803
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30924
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 05:08:38 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame FCE8 192 B
200 B 20ms
20ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 19:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155863
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 19:57:38 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame FCE8 4 KB
980 B 21ms
21ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 20:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 154014
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 20:28:27 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 1B41 39 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 11:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Dec 2024 11:47:25 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 4589 38 KB
13 KB 20ms
19ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 108114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame B642 5 KB
2 KB 23ms
22ms Stylesheet
text/css 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 03:35:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 12 Dec 2024 03:35:42 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame B642 70 KB
25 KB 37ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 412955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhmqCuc4U7p5RBnixgCkokBK6cyX0lu288gLKJWsJlRS5QIG%2BlZqqFpb0u9SM1QpdkxmjRMCibNpTCoyppdSsAWDLIW%2FacQK2ACObyzPoYBVjEsHOGu2XrOqtj8pUaO1v6oZ%2BKtmbx0zG%2BliZBM0Bw%2FN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afcd62c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame B642 7 KB
4 KB 41ms
32ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1342576
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PdEri8i4XG1HwPasWwZ%2F2P6KcqVmGMme8QTIlq2mZF6b2u9fU4q5neO8N5lnm4HIzQC3Kxu%2FZyeRJMW9d48KwvEeV7YTqffhtiU9JtmXANo9K7dQWUUHHUAwgYtqreVXDVT%2FvxdXfBcMwaz%2BGu9HQ41"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 834f297afcdf2c3d-FRA
expires: Mon, 02 Dec 2024 15:15:21 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 2 KB
1 KB 25ms
24ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:02:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:02:18 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 2 KB
800 B 25ms
24ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 02:34:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132071
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 02:34:10 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 13 KB
4 KB 26ms
26ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:12:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 09:12:50 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 31 KB
31 KB 27ms
27ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 04:42:51 GMT
x-content-type-options: nosniff
age: 124350
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 04:42:51 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 21 KB
21 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:59:06 GMT
x-content-type-options: nosniff
age: 108975
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 08:59:06 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 25 KB
25 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:56:47 GMT
x-content-type-options: nosniff
age: 109114
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 08:56:47 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 30 KB
30 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 05:08:38 GMT
x-content-type-options: nosniff
age: 122803
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30924
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 11 Dec 2024 05:08:38 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame B642 192 B
200 B 25ms
25ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 19:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155863
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 19:57:38 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame B642 4 KB
980 B 20ms
20ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 20:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 154014
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Dec 2024 20:28:27 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4589 39 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 11:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Dec 2024 11:47:25 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame D182
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523880/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.c...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

20ms
20ms

Script
application/javascript

2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 505772
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 2O7Rojo9_30pWlVpBaUlBRoTaSy-TNFOQ5y4A3Ofj4CVt0lMdZqCGg==

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: nginx
x-server-name: app07.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 7087 91 KB
23 KB 71ms
22ms Script
application/javascript 2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7225571
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: aG8y1_WLkDmhbS4lTId37VCq1op_8wp4lGbeCxeIkOf-LWQtUEvGIA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D182 43 B
215 B 665ms
183ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7c787c11-c5ab-8dce-855c-ddb967557c83&tv=%7Bc:wH5pbu,pingTime:-3,time:43,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:43,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:141*,rmeas:1,rend:0,renddet:na,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D182 43 B
215 B 660ms
182ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7c787c11-c5ab-8dce-855c-ddb967557c83&tv=%7Bc:wH5pbx,pingTime:-6,time:46,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:141*,rmeas:1,rend:0,renddet:na,siq:12%7D&tpiLookup=ao:www.ransomizer.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/1064608057035189096/assets/ Frame C41B 8 KB
8 KB 24ms
23ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1064608057035189096/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/1064608057035189096/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 12:55:22 GMT
x-content-type-options: nosniff
age: 267599
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 12:55:22 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 10E2 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BxUb5icp5ZZGXCOXS9u8PxvmE0AgAAAAAOAHgBAI&bg=!5uWl5arNAAY3kmNgF5I7ADQBe5WfOBSzoqlCA89HKylC4SX5tYRnMqZOLMFqtp0-fuTKKTlKuKxk0W3zeFdxYvXcdnUOAgAAAHxSAAAAAmgBB5kDQOTxGb7yZh4IJVXERppwNffMjdCmv-GUHoSwqm7ANAof8tugdaeaVw8aplYEDwsWE-WtyHzzvasbX2ZfilR1ZOtPVKFhfDHLuJHWOtlfkKac-bflzp__glJdRXwqFbhgjrQs9CUD1WyUhGXJaSMxtjE1vRo1_qx9hBx0NiuAaSwQsxTYA5lIM0sGYGG02zv22sr7Ynfqg1qhG0ja9uXQ53QNYUW1aunCULoX4PUC29FfKxNOC-hpruisSrRRwMslKvHstfyVh5I9zTJ5bh36E5xPHx345GHK7KNHvb6QTW7PYkVD8kxPu-H5W7v0vGC9lwWo9MIsw_u0Z6-CNZ5dLPejN_W1vjxv_3x2nxqfJP5RPO1q2UMhO62yuBxISEhJsjEEpcqfAv31jteXyzj-3mwRoo12D0cYtrKFHbq0elj87j4nCu856PoEoPS8pfzdbb5WGiwF8jMYd0jFGBFZ22KAuCqaFvmA0ZQEzbIyfte7LG74ioNg7F5U-SJSAbFJHMimk1b_jIdS54umhsoU3K9NpBQEmptlko75KpLrwykp7Ccp2LqDXVCbd1kkLEJgGYl7vg4UM05Xpw2AK8movqUFazY9_Lr7KpeiQlj3PsvxznAaGAkjV9Ze3JB_BwDfuPVgBWDz92gOZ6ABeTzPZNiXWYJU1yZt2dEZ1Y6UA2MOlqH4GVXKqeT3lT5iohg6FBTyel4MAWgb8Qlm6kA-ddR3FwFLb5REvjOiugIkfLFfNkw-cdj1mD0sUVyBi8Q4P0x53GrnDX08ok2E0oztkre6-fFvXSduGcZj1K8urowAPgy_9maqiFWionvqGFr1HRxKg6qZuqqE3wJnRWFg53J9wLM3R1MBcVxiz6YLwStG8IJjSAf5v7vSeSptuX0zdm-7skue0YeWRT-9f_Xm6f39HY7YxlLn9L0zsGm9pQ2Mf120PCcGQk2O_sPi2nSmb_nOwBo4CMDlkjhSkMPvfxlW2UnMV49kLIzlOH8RG7zNhtMbsQN9JLdBm035NACUu-fRrsKo7HoKypLfbu8cbCxuRdhW7lyswCZuZvKCOJZg9vHz4CrV2xg1WG8se4stZOnVkDtLa10o3NJ-TyP6ilw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D182 43 B
215 B 818ms
360ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7c787c11-c5ab-8dce-855c-ddb967557c83&tv=%7Bc:wH5pbS,pingTime:-2,time:67,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:515,beZ:516,mfA:518,cmA:519,inA:519,inZ:521,prA:521,prZ:524,si:528,poA:528,poZ:541,cmZ:541,mfZ:541,loA:561,loZ:563,ltA:583,ltZ:583%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:68,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B64~0%5D,as:%5B64~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:141*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:12,sinceFw:54,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 4577
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20492286635&bidurl=https://www.ransomizer.c...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

22ms
22ms

Script
application/javascript

2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 505772
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: sthYah3bLVk5Ii46Xm60gCJK1ml0E_u5jNbT-ToqyEZVYTpLiaxHUA==

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: nginx
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 2C50 91 KB
23 KB 24ms
22ms Script
application/javascript 2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7225571
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: WqALOV-QuS68xbVEhmFkEAHksqSDimSauL1WEiCJuz1Mi5QW72jYXg==

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 6CCF
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523873/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-5190069960016990&ias_chanId=1&ias_placementId=20487175905&bidurl=https://www.ransomizer.c...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

20ms
20ms

Script
application/javascript

2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 505772
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: O_LCvG9NcNfsbsWo8GSLD7GsmaLCWw1P6wQ7rxSomeYya0urcGgaGg==

Redirect headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame C46A 91 KB
23 KB 23ms
23ms Script
application/javascript 2600:9000:223f:d600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:d600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7225571
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 2k0644qe2Vfq3gw0fJ7zGEHcmS0lPPaqGx-XiQgmZS5-H0BWm_Aw7Q==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4577 43 B
216 B 558ms
182ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=bb3bf488-9e7e-1603-9125-44312928b392&tv=%7Bc:wH5pdc,pingTime:-3,time:81,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:81,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B77~0%5D,as:%5B77~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLEN+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:14%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4577 43 B
215 B 558ms
184ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=bb3bf488-9e7e-1603-9125-44312928b392&tv=%7Bc:wH5pdd,pingTime:-6,time:82,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:82,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B78~0%5D,as:%5B78~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLEN+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C15121%7C1513%7C1611%7C1612%7C1613%7C17%7C18,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:14%7D&tpiLookup=ao:www.ransomizer.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D182 0
0 58ms
57ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPrzhdadyV57mmfxViri_8wf1qZVe5nsMU48bQUiyStictgB8wuHN4yAl9Z1a0jT-2dpmgP0chegKZ_ZC4NoBaS8_HQ09cmSNyzyfojQXZsDgyFGT31EUTunTfMNeUrXH9i0CUXJfpllWiCyckRkWrzC9Cta-JpfGUPCjasoJJPg-yR2OZFZDt_yxTXWSg9hJRc92nxYmuW-YD2z1u2bi5GQuhXwYhJiVOH7SzkvUxnwfuENdWDYnMURL7dESzgUxdxWz_oz_yx3UtkdfBSNP4PkbsDiTv33XdYOrN97u92m2igVjJQl1aBg5wnPTpjTLbbm9khuIZNB4Kumne7OMJQVoL7N9WVo9a-8XBTwYWN8XAk8a6BgYZgIhyaJvgGjIfZh85Rl7Gy5MgVEHPAzvaj58XmkVFyxRyfUDE4Xwr9guN1Mvmcww1rta-X4Mmdc79uqC45y8w0SkbtlFy6CHPVjq3KAnHjDAmm5cxoEzwQlY34eBVEWdOpYIKkuvgQuAquF0Kc30Uj_SBFKlm1Zsd9CsvRR_-wQeaO62h9dZm0kZ1UhyQX_m_--J4eGu8-LXmECq_daCIdW3eE8QhJAi4kyA2cO_J87SdAfm4CLhTocvEgaRvRtyugp7_DwsgmksWTCt-se-jL91DNigV5WQZhgx4gUiXWid7UptqIIQTzd6cT48oej35LUV-sr4l5MCO6LCaz3dcQIQjw0PrGIddM-s6OrIQeYAdwtX6_kAxm39Gx65r6N1YUfaFnU4UIzs_JVlgYLk85z3UhmKIVJVta8GMSZZa5kPcwY9k9gYCX3WAy4XvBv2-XhbXmijIXJUWyuuaaRkJ7AuoTLUIeQJdQLK2Jb5exntWDJW6QgJGvfbhETbed5pvPchGyAMmxWqYlBHz0ClLn3koyK6ENBdTi2Cx40paa8sxsHLC-y_Tz4TTU1grPCPHai6JZIAAja4XE4nxSLlEzO09mbY95ijci9z3WDUxgoqRAjYa9QJrh6wb18jNGXv9s9UowcQ5UtKyMjJ3e2kipUCXfoyIlsTXMf6YW_Cws2yFg-jBqCiMH1CYs43HGxgiqKLcJidADizyBBWXMSCheg5CMv3pouYg3ZFgAgiyPA5aFeaa4s5NgEq-VEO_xygimbYaG5K0yy4CD57jqgfklU-Mo2VGZYk7qrWT22FHKAry9jhWDgdUntWUKgbBV9x9tlVtbvsJZBZfk1vBOh4_bmiBPzkXyWXgoXM5KqkqF3WOfkhBcV5PdPn80BFDrK41eoIPfj6fZo6Tgg7ZEfS5WdzOWMvF177kTwwG9NvCEwDcY_BvSn_5iqvidwuf&sai=AMfl-YTxyTxEiVKYRiJpNx5I-01-KC1pxysCUjaRPeZ9sOebyH-PaYFnL7ktJOejgE9JB-yE1po5VrIeWyKaAbUB5bP_KyfWP-71DG62bWQ61p1TrbqlcvmWWHB11vTe-N3UWTtSnvUNe06QzO1Dzo3MjuPmtDfIuWDW6-NsM2jCl47BAlTyyLXc7jUUr_6qRwsNKXH36RfTJDm9gAxV1Yp5r2NjG2uHzNCNVtd5xNs2WXsCApCkJnvIUrzmE1ZXdQQACsc66BLlXmjxHZgcpHgeKkydJDY3e06G7TmQyw&sig=Cg0ArKJSzD9Z5NbR0QmSEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=437&vt=11&dtpt=328&dett=3&cstd=107&cisv=r20231207.58135&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6CCF 43 B
215 B 725ms
363ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=3b7907ef-b572-5fa9-16b0-dfa43cc238fe&tv=%7Bc:wH5pdr,pingTime:-3,time:63,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:63,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLEN+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C151.1627455-73523888%7C1511%7C15121%7C1513%7C1514%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:161*,rmeas:1,rend:0,renddet:IMG.us,siq:13%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6CCF 43 B
215 B 722ms
361ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=3b7907ef-b572-5fa9-16b0-dfa43cc238fe&tv=%7Bc:wH5pds,pingTime:-6,time:64,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:64,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B60~0%5D,as:%5B60~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLEN+11%7C12%7C13%7C1411%7C1412%7C1413%7C1414%7C151.1627455-73523888%7C1511%7C15121%7C1513%7C1514%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:161*,rmeas:1,rend:0,renddet:IMG.us,siq:13%7D&tpiLookup=ao:www.ransomizer.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4577 0
0 59ms
59ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuREQF5NvcBuX4AfZeUKaHxyowBeZgRJcOHzZk8iwex9L6vu-OG-6toiI_-r2fBIaFPM5KQ344gRwEJo4yaQ8IzHesSUVs5rXRUpUtikl168bDUifn3VXCn-rIjo58D9pUzPsvT18Llq6rmOZJBoZAsb5bpyBFm2U-1ZzJjjl3j1oLoMNMBmTlE1iDH44qXvXqKxqWHAuMsta81z07dGAu0ZLVn2iuu3O2AibN0QCuDFD87vQiroURksCgFVjNXlLUu-2SUtbQnjhJqjc5SCVg6UnxNraP7DHbKWEhYcV-y2R28svSIUhZp9Ke8n5fk8vJSC9R2da5CgoNfRGQA55HIgd8F5rYSt-cZ-US76w9XHBFiKACBnk0PCz_FU0a64zOGkhfImwXdVnmX-LIAnC6HijUJDsA8lmUnetZpr7Jv4ghmwNN9kbwkFBkod1T4Cf9C72xWYpWDJ8vkMW_-cRB525LmOHkepjNqCfHEAocuG8L35K9hQdqdCyTndIJoZBU_vhLanOoU6yXp4WostnR7Zvf-A6faWJDToMZnefWycbQkbVZHGRdggEfffckgy-bp9akyU_EMg9f-6Jkm3QcxGV5IE2j4_i5lOtLp5V77ebl5S-NRn9n8IW5eODvgim8mUUAkYHuqPoGU-ISIsWfaKWG91Rw7FUv21rjnJ8iUtQQsvbCNJTl1y0hvsbdNiACDR0C1PTUqQ2GEjFFtq5DfInhq7NwcYshGL9euscgFHfyIJwiy0udSuxEC9nHmRKuM89IbzCltnPBw60yDEawSePDctT-vLjfJkCaHvCLjg70CnMkt50eX18i1NqcHeOs37kPnnGKHMA02eD1kBBQP8fZMg2GTGNnO4kF1sLWh1amo5BYRMJlVj-Sr3RSgKht7qJM_cspHlrpUij6CNJMhViKjUqX1siLMX6mhrmqczVIXvwlusWt5O9-XoVejSR5KpIMoCCcxhSYFHEYzQqAwMf9waeFMdGE60KdmMQNZmaW8H7HaVhcpR1Xu_iXazF952VBl3IzdQgbBJwkuN8CKzlF4gW64zme7gp0VG6Cs7hQPz0ZPh_QVUYxW5FmyIj6K9EzyMxJjk5a5WQ3FpDYHFz8RJnEFk0GTUl-ULxPj6T0a_KYBRooO0WOu8AoJnmh4UXyotZaHbYr9WT_pOv81BwcpYBUyJW9fnSGVT8YzGmjknf_ujlvAPyTwiogQXeIxq3kGQrOxwVWLLPL91ODlj-qShODH-av4B6bftdux8JhxMMCnDuZwFiEMyi2c-AEy_vWuTElm9Pc7hTIyN9T3JDoSBmcO9fbjWDFOSkocRksKa1Ooz9UV&sai=AMfl-YSiNt7Jdx1cx90P_78sxYA1rCIdSu4XLmAfk0HuDqH5OW4zrGBSeCrhKbTtY_WOwTNzprR3aEDrbOMDvidBQFuEmCzMKCS1iXzQGNN5XraYoAyTdwaq5vdklG8bAE5PuBtoVRV_GGVJbKQvweBYGgcl3u-zxudtD0UYycFx-I0dp6_loIMWZIk3dqcv_kPHaONnqYARVcbdBz3uevxvZgg5wmJHTUq5_jSS3dOWJlgWuzWsVI6L1nIVO1EyUfzbD8cpGl1E53czOUNi28MH_UDS3qXNQ6JIPqgGfQ&sig=Cg0ArKJSzCjUeQS8CBBnEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=371&vt=11&dtpt=284&dett=3&cstd=86&cisv=r20231207.20895&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4577 43 B
215 B 719ms
364ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=bb3bf488-9e7e-1603-9125-44312928b392&tv=%7Bc:wH5pdy,pingTime:-2,time:103,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:566,beZ:567,mfA:569,cmA:569,inA:570,inZ:572,prA:572,prZ:575,si:580,poA:581,poZ:596,cmZ:596,mfZ:596,loA:648,loZ:650,ltA:669,ltZ:669%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:103,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B99~0%5D,as:%5B99~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C151*.1627455-73523888%7C1511%7C15121%7C1513%7C161.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:151*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:14,sinceFw:88,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6CCF 43 B
215 B 715ms
362ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=3b7907ef-b572-5fa9-16b0-dfa43cc238fe&tv=%7Bc:wH5pdA,pingTime:-2,time:72,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:564,beZ:565,mfA:567,cmA:567,inA:567,inZ:569,prA:569,prZ:572,si:576,poA:577,poZ:590,cmZ:590,mfZ:590,loA:627,loZ:629,ltA:636,ltZ:636%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:12%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:72,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B68~0%5D,as:%5B68~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141.1627455-73523880%7C1411%7C1412%7C1413%7C1414%7C151.1627455-73523888%7C1511%7C15121%7C1513%7C1514%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:161*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:13,sinceFw:59,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6CCF 0
0 58ms
58ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmWjdzjNvu-ayHc6lf5nrqqWoPUuoqs_DGNWW-Jc82jDCejMZhmVoyIS--O3G3y4FSLV7ksARB4mwp-tHHUpyFQjyydtay-iKBJyVJgbPol2nRXRn_JD61iMvi7EghSXnVs8AASgVr8kA8b7s986MkZxBmWUbb3xzeHpVrrkI53XHP0Th6w-tZ4G_mNShoQuzEQxDIUdRqSRm0EnFF6KSC5qvuufDaa1ywZOS3E9GSPqcf-71oD_Gdpl_haDGceZiBdWxwfAJQsaiymUsa7Ff0ZjIfVcPpdkLD0f6mP63l79hjl7EAbJJAzlRFqUtdojcObD4jkaF4ZfAqE3kIPqvdSkILwD2NxiPyB5O_EGJ1_yylP1DOO_fHspz3khXAp48YCzifEuhibacxO8Hf1p2uYUGPHtSCXPvu_iENeDCmua_MZLs3SBx_iAlQL21YcRD7J0Jd2Js60MK--kRU_6Ca5r83QV-2Ji6vo-fQreCBc4Fh_QJ_tTW45EkC7oi5D7Cy8VeUyGKBd3Y6HlqEHOmuKjWQP9Xrh_nVRM7UIlk92OLvXkqr31XqxM-3CqiT0jv9tEtIzPJm1p-myzbBda5IloffV80hLyjtWrSYlm4uieqyO5kxuOSlqCESywsmRGaRzMmp0sFhkEPi0dKSvhsCfxUHCb3SWOKrlaGdoD4UWxLo4yxY80Lf_dfq8NkVN6xzsYSUBFRn6XO3bPR7wqhBRtHIDBVE4s9Sh9YxqVyGbW7AfV6NrTpEASTJ5GzIeAviiFZCOKH0CvzYK7F8slQwyYgLhvLfhxsyLvkpP0jYr5c12cdAb8rnW7dh9rjPk8Bq_PY3X3ky_K_r8xnzovokyjMCnZVhljlfY0YFuVQjN-H8CcbH5VPKzSlpeEA6_uz5QAtCVAsV_RkLl_oXi-yap-gRWrMHvSek8xZ3X8VSSBPwYPMQwH_yhm9di_I6li0uhOhppICVvpIZ9zBYD2JOzrsxxNiHXXJpfItzHj4TVyOUea2wSUNNNi0pfZwcg9UTa4D4_tEQsE04_Z054EyGZw3TERUxyr5TdUx5B0rr8WQnHC7beXR_rp3bzJTuzZOLncq1OJYvveYkhIPCPtp24-tZrRUWoi51VdSK59uM4TMNJmaracFqRQtMkLfmZkrMa0Argd8C9rxyPG4QYdS5dy3PtP9W0W5LANiGJ1LiHWtbcJpLljdlOgKImVq5FtiF4ae1gdEWAbQaX0g2sfW6OHJK4-5at5EiNNbNyLxTfzsjhTrVJTBLB84rDn1ATyb6QILVPPTilVVVguxn79DD917IY3PCGStknP-A4xjlefH3j7xb&sai=AMfl-YRNwJHXzhtBi70V_gZa3epkzBkK_Pi957mLrDrk4r5GwWNozEKYZEYDIO5H3mwme3Zg9F6Arqs71bB1XHJ9YY3Nb-Hc2j04pbYBxrgyzLH1cGbsYLHmHx0YW-kibMtjst6fzELMcWs8IRWBUUMwNimqLRRnGMqyTPNqRSFSevPVnbAzAFEp-WjuyqqKpcN2UE0wUaGlPzc4n7a_q2yDS6gs8pm2Gs4mjwe_qNV20xXcLozMYA9mHETB3C0KlS4QQWjNufWZ2Kp0g-JjCk-9QkIfqU-DLRmNJUY7hg&sig=Cg0ArKJSzCv1kOONik4lEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=335&vt=11&dtpt=265&dett=3&cstd=69&cisv=r20231207.88305&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D182 0
63 B 58ms
57ms Ping
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv9FftDGHE7CZS3LjvAebqqjEicEt8d1Iah798VmSwJ4vFKkAntSWvZ4apc-VrRYHzdOvMKmE4o-LoO7fqh14fDiUQ2u-4oVBeRJw-jbhc1lucHvg9ttTC6N2YKNxRKkpL_o3k90GBfFdJUPFhA6COhzk0Q4llUpb1-qJ1gPiP7-A&sai=AMfl-YTpWKlHk-SCsY-Yd69_MUjoioXFBID3c7NLCBc8A1-vyBISb7XF7e_7iGhrG21Nd88ggCK4Rk5rxYh0TQtYMUEvr3l86F0qgylXGxQ6j3NkeCBPYWZ9_XXOgaB_Ow&sig=Cg0ArKJSzIyyQCOsExH2EAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
56ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=1098057064834304&bg=!iomlicbNAAY3kmNgF5I7ADQBe5WfOHM9DXHNt0Sy7bFbLU87c_pKT0p2OD24zYxeNPNlMivVWUzUYT9zDbel8i_8ludtAgAAADtSAAAAAmgBBwoADh_0VPw9kiJsYCM8YZlDmQMTkazStVToUHzLK1srXB6vEtVXeRMyFRWhjP9OMWJSnZZgLm8dAyzsDSpujq39I3ObVMQfIcAVgIsi_4umouWjwAeUANu9g3YEg2ylZ39aSB2scVxsisuC6ldlMqMyQDf0dKLKQs9miBd4lXX0V1R8r0dPajSR-P6oUP5wlnj8s61cw3miAsWpG-Cc3ZpHiyAfpdkzKdofcnxhv6KACBMIxqoGr8m5DEaPoHOEoVxHj2Haf4c3voauh7oQGWhTdNs-WfXRFZHzITgbRGAQdUu9GtnMRvii8Ilpb_oG4i35kycrYphVSn1h5s-zKWravgR1DM2BvSh879eRQ1EkcWj9jUFKSjP2YnYk8nMR2rq4O-Q2igpJb3SUch-2kE7nAWXJcSm5iUZKwr0L3wn-Dwk3vQk807rzbGxLlm96jYPhBVeNlJI8ONZMC8I8ZJ3IhZ0Xtm-aS8AzuAbjtSnGVDQI_MQZfzU7zf86YbXkkT_e-70NpNF9-tfn2_yMMaWV79momNHIOXNxudSBQvnGy0b7-pbielOrsjkJgj8YqhU52ZWy_VEvy9NL87GGAYJ9IYi9FA0NAjBe7TSr1e9TfXDBmpQZ4pn618GBkiwZio5-WWj3JRa6PLjZp35IQXHxY8EjNTA_VgGndN8JmgoBiUsOLr7RzFkUEvid_FA1UQyoBgMWAVO5wJbkF0h_PdwO0dkQXpSoSE4AyF81pko9Ujte-wfafDlgUX1MVJuM_wMJaN0mJowmkLq_qOcwlJXE_9blFSKhg5QFY2xFCp4T_JJym4YBzyPUo6ffXRTcv-D14qZCcCWC3-2D_1m9hXMMgUZI0nCXGtGKdjuKuNhnF57kgFGemi23ik5Hfu6YmBOofjOQOA3DE4qAHcGGkjeaTB1oIpaWldbpBC64wUkvnap3AQym94DsHz1IfjX1ECO7ji0K7m_UnG2Y2j0j1QCGDadK-QnH7NfJDPp8XLX5hj9EgR6dgHZNtCjTJuTb2Y-N7ooHrAtdfvgOotEmx_mQa7FwMhTXHARlG4mvyW1_9hweSCwIxQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ransomizer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1B41 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BeFTYicp5ZaHuDJLT9u8P_ta06A0AAAAAOAHgBAI&bg=!WVqlWhXNAAY3kmNgF5I7ADQBe5WfOANPS89z52s6IniA43BlX184MnZmcS8OlYzVWcZHomguWznvuII2VtTL34YzneCcAgAAAOlSAAAAAWgBB5kDKzfaKWbYOsxI_cXjiBzzbJCqfN5OYrJou0RNGZkw5_nrFGcn4nskns_LvoeW0jOHx7HtBVAx8T46ieFxiIABSHYZnIaADEuJ6mN2Y001RyTbJgh4ZQOEVxVmoS9Ao9bLnoJr46mRFSlcoPESWdKA6Zw6O5QEGODTz4Oo1GOrKqZVTGWnoghV4dHEJTmKB_mAALmSyI1-c-rUPNHVFw8oMIt0Ybqj4wFkc7tr1RlRzb2V9ynliw6oo5whkJ8isyIIBs8xtepDEdOhvT5ecNHutSOJlSFshTkT6VudkWkUVjh39ulFfka52j-iK-iOwIZyqMh_Z0fUWVH6WVr8adiJj7QIhgy2HvsRICIqjbDTFPFdCu8GJi-lmkLz_prKqxOV-sqCH03hx8EdickXqLgo-1Zxehgx_ODD8Kg63GjXTNxrDoUaYMN9jEekkG3P7FYcAviLrxlcXpKMaSTsuqj1MccSIyVonAoewr_TyiS_AizOHxp1LPuOcw_6au83GRS3YMZKshgBYt9fW3RDtv5NEvYfdo4KkDSxPbIWxk4ckWlUC-GmWZ4zy52raRDe4OZyBdkG3GxcgsHXbEBrat2uHF8sOmtVzzCdGErEWfweGxAc8H9LvNzNXv0dHMFr3nPRUA-_MLTtb9_WNUJbSVx-qrOhqq6BpVCamqVE6ttNRv_aUysJhgo4CmL-myU1dwKKLomNdZ7T6erouSJci411WsVSYvDVoIGSB7bEUrLS6v--NDWChpjGrLoNeM8NeULZPvW_QebLjNDaZhO2q_MDBqbT1QIHGrajWT5sBq9IBLwggR5-9UXAfPB5iBgvcP08hPZfSNe1Lo3N38rDInEBlhbomQwcVLsSaFMZJefhohidstA_1rFFTQUazGGEl0ltvKzYl-3KyxDpCUAqx4Xj-pebsBrXxTa3d_WpfHXjsiJeN-J3srFst8FpZziBj0iJW1QZbuc3YSIgq-GpBej8wwkB3SjhxzKbsU44J08N-9Rn_g12Ia-K8KbFDUlQSbCCAeQqYDmGPW7SONvafnKLId5Pucq1o-siy69woIxGX1o_4P6_4FHpxinNMOI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4577 0
26 B 58ms
58ms Ping
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuvdsnunkPfQDDkEGvI4PzN1jaoXvQiAGJH1cndWfuYe-yNztV3EAbUf8HJpZ9xrl8hPXLpvTZmbMOfD31BI2KIQdFtxeUdNsILh6ZHasFXx_9OdcK0zEpqpAfwsIS4_RrIeNYABgnrNjZryXNcouwQg17j0I_ub99TeXKz2q4P5w&sai=AMfl-YR01BMU3pPw3epQyM-CErwEY4-qKdI92EJL8yW5Ahzd0SAhnaUsxveIZ84fkAc2UaYuVjKjCxdyy3s0X-BO1t7_YSVgpX602iWm4WYL6RmwykRhDfT1-HDGOlnwWQ&sig=Cg0ArKJSzAlxshf-TGlqEAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6CCF 0
26 B 59ms
59ms Ping
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvkHdAAV6X5x5dPgRN8UdH3lwjq02NfZFTRwcGqDF9gPw9dAQEJGmvR_OUlLA0_vdgrCaG_JCOUiy_p5_NN0-fSMpgjxAZxG9ghLDz5pDYjeYUOCVqMXdHuw_lDnw22DIwiF9HCEJuzuZUStiBR8junWpL_DEry8O0KFX2m4_gfpw&sai=AMfl-YRDLkZP8I0YGrxLMYB1Anh1EVxS_Q5F2Qz2gCGnXzZu9Ijx3KTRmaOtg5supXbqZfHDuibDiAGp-v5EjJnkqIiok3AHP82fcsa2yBmGWFcrOlvsErHVpWbg88cErw&sig=Cg0ArKJSzOqBu6xcT7R6EAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: www.ransomizer.com
URL: https://www.ransomizer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D182 43 B
215 B 662ms
366ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7c787c11-c5ab-8dce-855c-ddb967557c83&tv=%7Bc:wH5pev,time:230,type:e,im:%7Bpci:%7Btdr:153%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:230,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:12,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B226~0%5D,as:%5B226~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tYkGLDH+11%7C12%7C13%7C141*.1627455-73523880%7C1411%7C1412%7C1413%7C151.1627455-73523888%7C1511%7C15121%7C1513%7C161.1627455-73523873%7C1611%7C1612%7C1613%7C17%7C18,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:12,sis:187%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt28.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4589 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BYuE6icp5ZeDVD7Ki9u8PqoaagAgAAAAAOAHgBAI&bg=!zM-lz4DNAAY3kmNgF5I7ADQBe5WfOBvbJA3_1dFtagZTuiMhC1gvFfSd3R7etc335rZY_oY4dqfCsyz_A1uDM5-P7ynlAgAAAFlSAAAAAmgBB5kDSLoqyx2RUeDWSDF_ctrf3Ag4kGHhZwniMr0AZGnKUJP-cb1p_ke4wW4ilNPtY2T2Njxq2YRKSjZF1swlm9ivt1kst8feusl0PEJ-4V3T8ut4YbxrGdMvo2awBIABIwc02nCDg1206k0_tqt_ykiVDFn_91M3EIcfDGM7UDHoC_FR8srOyX1274lK_jf5fLqaW8KaGuq5m4ETOxzLoDJulrM2snCYbbKkMuIAJUa44W-XNyEA4wkKFjMxeqOn8o0N-VsOxb33QtPXebK95vhb9IU9CFRSGxbK_3ZsskhftexWnlgD09dGUznCieGVvppK5v8VOHGBj-6kV_715SpHPTCSSaNZBdAlz4BgPLfay5wbz2LNEZwukABuqWjLQ2zxO64ZPVlVzvWlXbKBK1Cddn1dG17dsJXTHNd8RsXyewQluITO8E0ETjsQh-bnmlUpovrkggYI6Cwd8Axn1ATKb1LMuQKec6I_ioCkRcAFRnw46i0D-7YmzQ4tmfiWy1C0Z3STNwEjQKEX49_XiHHUvTn_5KRFyZfxTQZVWRM6qLO98t6ykSGJ36XJ_Gj7eHgV1pL0jBooodxmsBq0tJPrOa2nNx1dgK5eOVaqxo05lbguS45HqQtWt9SuBKJAGR5cjTObvBaKcR1jSnCLHKnug4GtzXLc8DIA5WAypZ9DoZAXEG4rEVvX6Sc0naDk8w3DJzYCm5xfzkgQ2lI56zbhabo4igtKQK3n41Ix2SD1zNQRha3XeoSZ-rbQ7S66XO2pAkfOe7cdSTZCiAE0UKEGyb0GqX_uXYIrmdzCDERQ4AbsXAm9WYFRRzJFVJ3clDA7hpfNBc6bWUb7HkFNtVMprECWjScH732YRqsM87-0P71-VvbbIIa1I9ynkHw9kJ4uqkoyBz57tOTWiiE4ZQBu1vz8ZtpnLW4rajCkE7odlZ6jOrRRhTCvD1MLlHeDW8oZE4Vly6mNKOdqrwvad4XSOkzxMWF0jLA85NU8oyryO5LF3bb3ASSPu9cim-3RPGNBlQ-vqTrYp9X6uPlkks-4xSlzri6HciT9k64W221iVdQYRKU8-EkJFPmHMeu90So2EgM6yyOoFOOpSicpjAlgh66Hs24TKaEphw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame D182 43 B
215 B 438ms
367ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7c787c11-c5ab-8dce-855c-ddb967557c83&tv=%7Bc:wH5pi7,pingTime:-10,time:454,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702480521935%7C%7C41eecd8aace6addf8a40ffdab285bc35%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7C0adfbb0f7e719dab9a8da4cc5c7fdf82%7C%7C3a3332d871de254d8b07be63bc51bddc%7C%7C242d5cd2fb1f1d2d501aceeb39d0570e%7C%7C2cf2ac13cc64d4672c76a158f24c49e3%7C%7C73ecd2399d1270253df0a932368e3caf%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt27.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 6CCF 43 B
215 B 413ms
368ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=3b7907ef-b572-5fa9-16b0-dfa43cc238fe&tv=%7Bc:wH5pix,pingTime:-10,time:379,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702480521961%7C%7C77506186cf755fe6ad0bd0a809c2f4d4%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7C4a1f1ad5ec170aeb8f771143ab77a2ab%7C%7C6d907e0cd18a4d5bb087865e2272b83c%7C%7C045f6f3a405fdbcad0fa632b32474689%7C%7Ca694544d33c76a3fb19008f6d87d0e2a%7C%7Cfaf0a82fe9917376f72da26cca31c1bc%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt26.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4577 43 B
215 B 401ms
365ms Image
image/gif 2600:1f13:800:7780:c62:c4f4:bfd5:92f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=bb3bf488-9e7e-1603-9125-44312928b392&tv=%7Bc:wH5piG,pingTime:-10,time:421,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702480521969%7C%7Cf99b8b6521b442918739cdcef2b3bd82%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7Cf89d32499919cfacd8beeaed05607dcd%7C%7Cea4f0de4934636552cbc8a4bb89ab4c1%7C%7C26dae89cd81bd48fd28d2f51b31c9ced%7C%7C2af045798f94a303d1c3829a651e82dd%7C%7C0a5a8a5be7cb39c94d8c67b3b4564445%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:c62:c4f4:bfd5:92f9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:22 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
DATA 200
OK truncated
/ Frame 4577 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ae2aa40b2f21ea15ad97c6c430c54e61601537d711c566b7bbc9bdfd6832785

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6CCF 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2515b43eaaff12970e386ae6bb62d74fef7ca5bbac6b8025ae2af228f51e7f1c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4577 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2939411092806&version=m202309260101&ct=76&x=1&cor=9737416674403009000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D182 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6384949756232&version=m202309260101&ct=76&x=1&cor=14682752037034078000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CCF 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3242258529077&version=m202309260101&ct=76&x=1&cor=5461576250965307000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4577 42 B
64 B 57ms
56ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvX1bfSo7ZiCkA1X3B_Eo-Yvt9jIjVMB692lZwwaeeD-5SEtrepYsU4oUkQ3RXsqoquvUMNW6z1XhRIpTQb20we-JMBeSeHzmGVj-VTIZM-AlGLpElOW8lucMeE-ibKXBLZkvXfn3n5V8IlSQEO-JumBDrR&sai=AMfl-YTQAvtLSitnX6Q4UPZLTFibKHah3AVLf9ChZTykjJeKnl3xYuboO9mqpkaRX5OIORMQNrSs6m8nbaswyYb5gpHdqPLYvfFWpCFQNw_9O2Rx5Hz0-UrmjxzP7FJ526WR0SngHkb67U0tUm3gPhWr&sig=Cg0ArKJSzNVg0EKdkUnXEAE&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&id=lidar2&mcvt=1006&p=0,0,600,160&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702480520983&rpt=362&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6CCF 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5o8eHEWSjEMi9vVb3h4i9JPrUWsFTbTfP0ZIIEOtgxXIiufOtQjUSDPdydBYJnoXrY9n2ZQ3I7AwZz9hwGW-DP4dvKJgpIQMq4ga3_w2Nbf3fYc8lfDN7FPTHL40blrI43jNFJhsCAke6mcFh1K1XEYKf&sai=AMfl-YSzYDaxftNL8p2rPbZG1Bh-YUGVwp8EuCBu6Gxq0PCo4jvUdiEtBafxKDSpVHsbfLA5Jh3yx1qoz2_M8PZ8pUQO1oI6TX1_racKIKQaWwCZK_y6WSGeKdDtCq3ISFGazv9bYgMnznSxPVXmYpFH&sig=Cg0ArKJSzNuY6u2ZuVGtEAE&cid=CAQSTgDICaaND_-i4y-dGPxtzOPeUpxrXZtP8LcpJ3e0D2gp-1kG9-DitCYbsTXugCNhLteMqvrQl7BFbtU7Jm3wb8l1K9QO9QGBpLT7oX7IZhgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231211&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702480521019&rpt=322&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Dec 2023 15:15:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 02:16:16	Name: IDE Value: AHWqTUlR4CwpeCdEq4Xj11XhMmbUmwgk_sG0lj-GvufyHVxYabP5VTKnEeM0ZOZ0
.doubleclick.net/	1970-01-20 21:13:52	Name: APC Value: AfxxVi5fxnKtJFcNjBxgAx0aa_cWHfUUw4Fu6H5TwLDka8zFQdvhWg
.casalemedia.com/	1970-01-20 19:04:16	Name: CMPS Value: 5236
.adnxs.com/	1970-01-20 19:04:16	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$Oj`g!1!]tbPl1M>e)ZlrFUfJ+tGXxpW:F[yuU[`noQVhWyAa8sw:9qRb^@d>$pL!<bbpRzqF1`*b_+/)xiqC
.adnxs.com/	1970-01-20 19:04:16	Name: uuid2 Value: 95842217586617800
.ransomizer.com/	1970-01-21 02:16:16	Name: __gads Value: ID=11d694c5141b0a3a:T=1702480519:RT=1702480519:S=ALNI_MargWDwtmmhBN_xH-Pznhohyjuagw
.ransomizer.com/	1970-01-21 02:16:16	Name: __gpi Value: UID=00000ce580e3e59d:T=1702480519:RT=1702480519:S=ALNI_MYA0uas7nukHNn-YiG7n0kiIrxLcg
.casalemedia.com/	1970-01-21 01:40:16	Name: CMID Value: ZXnKibGPLqUBQ4hjl2sSIAAA
.casalemedia.com/	1970-01-20 19:04:16	Name: CMPRO Value: 5226

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.imgur.com
ib.adnxs.com
pagead2.googlesyndication.com
s0.2mdn.net
static.addtoany.com
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.ransomizer.com
142.250.185.98
142.250.186.130
146.75.120.193
172.64.151.101
185.89.210.153
2600:1f13:800:7780:c62:c4f4:bfd5:92f9
2600:9000:223f:d600:8:48e:53c0:93a1
2606:4700:10::6816:47c5
2606:4700::6810:5914
2606:4700::6811:190e
2a00:1450:4001:808::2006
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
54.217.222.23
69.163.207.112
018f3858ecc7e31d12acabb171287809069a700990711bfe9c0de526e8b4e8e9
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0281a41949ff4acb0bb39178be18f4dd8f046a602d165dc39af7e83142af4929
042a9121e1c7bcdc3bfc48ed5e23b8dd1f64f375ef5872a5984e5d5096444702
06ac02ee03014393fe405754206fe7b7979d22853bc3b5aa9058489ed761ed47
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1107824fee57311554e87b7ebf3da2f518124457e2b0df8bfdd22870dfbb2548
12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0
13b9601033f6b97dece65143046c49d062a167f0e1390d7a552d788ab220ef9c
16368e9daa6a156a3955ec6f3a69b8a3366a7872f82bb40ac6a1ba6e98457bc0
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1bdab73c6a2cf2ace6638c2bd844073e6915d013a64fe1af434efd37500285ea
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2515b43eaaff12970e386ae6bb62d74fef7ca5bbac6b8025ae2af228f51e7f1c
263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123
27e2807d1a3e26f1e1c85c81b37c6ab938a8ca5275d928d58cdf7a5dc04d448a
2e3479d14727cf6b6581add352dad3c9fb8a89b1586d49dc0e606249e7abe437
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
356ec4081f8da79482e8cd8697750c6afa7e283c16047dac5175e1a9028ca9ab
35dbb75896c0d59b7858e3792cfe08539ebd1e951d08dcb706413c0c24a60618
38bddf83484d1e8c2022ae0fd0d61dad8c01a431b43c406813c7f350e90a18e4
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
390bb80c8ec894a3669df1522e5f88b9f1c2a7dc7b2a6aa39ea8a6401b1aea80
3c04eb4dcb01cfc622831f6ee979a1cf12aa0f99289250e8c1193b4fdeff7051
3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3e96e791d85d66936d032a8e4a5cf096690845489d6a72261f1019cf283552c4
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
445789b592a10dab6cda49698274740c1dccb1eada9f22d40db677aaea74e9ad
4620f86827d61968620018f8ab3a98bc53d823ba1633770d68434f189a3093c9
4a84ec6543c13bbab9450576e08a8c15cfb64c40ef82435f8730b80ee8be9271
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b87a2a7865fdf6e92ec39077b939e8e7bce5bdfc99f445eac774742e97fb4b9
4d1cbc1cc820b123c9be585105368c2b843b714ffcd2c5d1bc67c54017d22a9e
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
539cc993691ac34295a0b8e0b720aa3db63a2e80c78d49e1c4c4132bb4a5dc09
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5c22a92f965d8618e18c4c57a901f7b0f72bbd0f31ee8fc000f1904437d96743
602b74dfd9b7d822b1a557ee336f3db32e1ec09787e0a7b3caf1818dc5ae0e00
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
69e1767c60e702480b7a4604f7a71a344e3e03caa6e21f6a352a9f63908dc500
6a276d362f6e87220e6a884af95943870767643be8443eb6e42c511488ae3a93
6a75d4c4f4e85a020d754b2357673d97413e0e24d1f4c782181a1211a761f90f
6ae2aa40b2f21ea15ad97c6c430c54e61601537d711c566b7bbc9bdfd6832785
6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b
6f5b001078068b0a370dababf149ec25a09c339a71112155e2d2cdc547e49be2
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
71362177b3d8142bbeae0a44551c90ca1df028db322a218d9868bf032ccbde65
73d3b9c26a4ad28a1e6c87251dfc19962d7c0537b475d99a5d1ae6aa418864a5
74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f
77fd2e01fe7322b437084ad512b3c3df777ce7d092b975eb8b29ecb4fb612187
787dfff8d6b0bdd47278d893f53a57979266027c632cd9bc41d17bc664f5cb7c
7b40468d33d9f7509146b67a24418544b416dab528d017662c5005edc3452702
7d60255211b63ebd7ab57221ffe52ae073eab1c1c3a93c48df42b224e7f7c527
8417df100729f32b558fb35d7d76694f24354af51d5d6088a0f61ae3f5c90e44
8625646d45d00395060b97b69df84b78a1fe565ad9d7da9740fff39e2aa5d6ba
8833293f6762feb57c976e996042e2dcf201b282c034504008e2bf0a98dd3527
8954a3997bf726636d49ec096aa349538baeec15c9a52ca5c6814e42f7f3ec24
8c9029a03bdacdbeac4466dcde013ec1d100134704d07d40837935a8269d6bd7
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8dd936a87b45186800a8977d9b06fa995bceb4398b6ceef1aa475188a832800d
9129c3cb5b3b6d486d719614ef0e64508258a9d15de6c8bfab167e3da9dd87f3
939ff687e5c1b1e8f6bdcec7b917fd2798deeea1113c76b79d2d1c6f636f48c1
93e60e7fa967a263f2595e5792069ca12b52f6dff9cdf00bd52a0b2b8fb1f888
9ee1397f4da0e0c981a979bc1ea43be1d0c28bf3619636df8ab9dc09fa770aaf
9ee1c7a575a73d4933d56995cab9fc66f5118ccc6f4ba9f6e9ac37b02ca666d1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
ace6c1d1cccc4686d29e81c0821be209d2e2d8b7ba44ee24649a698a5230f6ff
aed7baf001b9a4139215678844126d1b40eca8eb31bf95e9f0d8d3e1aa2005d0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b199ed28ba39e8d3bdc0d2860b8f710808796f2c7272406178010428f509d397
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bc5844b469da436c41fb28c14d25f1b2cb6135c7dd6f3bbe9662d8842769d827
bcd3148113eb4f3ab143062d7d3bbaecfc34f8ebfc9545d453732e732dcc36ed
c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682
c3477a72ef1db732762ffb13ba55d7df867b64c2abf5f88a1fdff29e6dbe374d
c3ce6cf1f18835d40d3177b0a7d5e6f08493a0c74daa32bde4e004ea48d3cc87
c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf
ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5
ce2b61e64a17f1488f20bafee5aa20a8d8ec897b990f709634f5bd1cc620e6b0
ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1
d243c42e2acd1104b8194c6021008fdb31a04247db8a53e7befbd5998741a2e8
d530b5cff36f60202b4228917c0adf771bcc60dca25c1cb99cf9e2ec2b505bc1
d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd
de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27
e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9
e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b
eb2ab28f65de3477fa6111bf66ac0d518b474dde773b12cf228285147979aa31
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ecef4edc5ce2370c9445f97e249c56cabbe4ad36b93834caf0b16ddc73e81259
eebeb1d46efc55c9effdb14210a1f747e78fb0075ac3cd0f8b62f1313da76b15
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f383fc1dd896939cf47adaa32b807a19430e16df4e11ed434679bf127bd0c719
f430ad6611692180cc5bfba88afb989ac5cde063c2e929a28026be4c2c3e9f45
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f9f739c0d112cd2001b05245f231bf745ce850880a5005ec98605d225a5222f1
fc757f9ba6603eb9913106a4cd83c7a7c0a8a4f845a0aceb1103606bc324ad00
fd7c229ce14a5809e39275163bf9bb8c2dbc51d0eb1d79c5cb8ab7ba7b9fdcc5
fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f
ff6ea408a6f0d5eacb673cd0818d80756b1c1a83b36f890561f58821463ddd37

www.ransomizer.com Open in urlscan Pro 69.163.207.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

197 Requests

92 %HTTPS

61 %IPv6

13 Domains

18 Subdomains

19 IPs

3 Countries

3341 kBTransfer

6734 kBSize

9 Cookies

5 Outgoing links

Page URL History

Redirected requests

197 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ransomizer.com Open in urlscan Pro
69.163.207.112 Public Scan

Screenshot
Live screenshot

Full Image

197
Requests

92 %
HTTPS

61 %
IPv6

13
Domains

18
Subdomains

19
IPs

3
Countries

3341 kB
Transfer

6734 kB
Size

9
Cookies

197 HTTP transactions
4 data transactions