phativetbuo.ga Open in urlscan Pro
2606:4700:3030::6815:5912 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://phativetbuo.ga/
Submission: On March 10 via api (March 10th 2022, 2:30:17 pm UTC) from PL — Scanned from DE

Summary HTTP 145 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 24 domains to perform 145 HTTP transactions. The main IP is 2606:4700:3030::6815:5912, located in United States and belongs to CLOUDFLARENET, US. The main domain is phativetbuo.ga.

This is the only time phativetbuo.ga was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	2606:4700:303... 2606:4700:3030::6815:5912	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:f1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1 4	185.11.128.207 185.11.128.207	50599 (Autonomou...) (Autonomous System for Data Space Sp. z o.o.)
4	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	145.239.237.56 145.239.237.56	16276 (OVH) (OVH)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:d000:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3 8	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2 4	184.30.20.241 184.30.20.241	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
22	2a00:1450:400... 2a00:1450:4001:800::2006	15169 (GOOGLE) (GOOGLE)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:215... 2600:9000:2156:3200:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
145	28

40 2606:4700:3030::6815:5912 (United States)

ASN13335 (CLOUDFLARENET, US)

phativetbuo.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:f1b (United States)

ASN13335 (CLOUDFLARENET, US)

img.wprost.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.11.128.207 (Poland) 1 redirects

ASN50599 (Autonomous System for Data Space Sp. z o.o., PL)
PTR: host-185-11-128-207.dataspace.pl

advice.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.237.56 (France)

ASN16276 (OVH, FR)
PTR: ip56.ip-145-239-237.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:d000:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.212.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.30.20.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-241.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:800::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3200:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	phativetbuo.ga phativetbuo.ga	587 KB
22	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	619 KB
20	googlesyndication.com 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	100 KB
17	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	163 KB
15	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
6	gemius.pl 1 redirects advice.hit.gemius.pl — Cisco Umbrella Rank: 300202 ls.hit.gemius.pl — Cisco Umbrella Rank: 11780	19 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	4 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	197 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	150 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 346	943 B
2	google.de www.google.de — Cisco Umbrella Rank: 6433	655 B
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	64 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	315 B
2	wprost.pl img.wprost.pl — Cisco Umbrella Rank: 280591	186 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 698	443 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 18240	525 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 293	265 B
1	google.ru adservice.google.ru — Cisco Umbrella Rank: 22658	792 B
1	optad360.io get.optad360.io — Cisco Umbrella Rank: 24237	247 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	15 KB
0	netmng.com Failed google2waycm.netmng.com Failed
0	deep.bi Failed api.deep.bi Failed
145	24

	Domain	Requested by
40	phativetbuo.ga	phativetbuo.ga
22	s0.2mdn.net	phativetbuo.ga 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com s0.2mdn.net
15	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com phativetbuo.ga
11	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
8	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.com	phativetbuo.ga tpc.googlesyndication.com 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
4	connect.facebook.net	phativetbuo.ga connect.facebook.net
4	advice.hit.gemius.pl	1 redirects phativetbuo.ga advice.hit.gemius.pl
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	googleads.g.doubleclick.net	www.googleadservices.com 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com phativetbuo.ga
3	securepubads.g.doubleclick.net	phativetbuo.ga securepubads.g.doubleclick.net
3	www.googletagmanager.com	phativetbuo.ga
2	googleads4.g.doubleclick.net	phativetbuo.ga
2	eb2.3lift.com	2 redirects
2	www.google.de	phativetbuo.ga
2	3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googletagservices.com	phativetbuo.ga 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
2	www.facebook.com	phativetbuo.ga
2	ls.hit.gemius.pl	advice.hit.gemius.pl ls.hit.gemius.pl
2	img.wprost.pl	phativetbuo.ga
1	s.ad.smaato.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	match.adsrvr.org	3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ru	securepubads.g.doubleclick.net
1	get.optad360.io	phativetbuo.ga
1	www.googleadservices.com	www.googletagmanager.com
0	google2waycm.netmng.com Failed	3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
0	api.deep.bi Failed	phativetbuo.ga
145	32

This site contains links to these domains. Also see Links.

Domain
nieruchomosci.wprost.pl
www.allcon.pl
www.facebook.com
twitter.com
www.wykop.pl
www.linkedin.com
wwws.tumblr.com
pinterest.com
www.youtube.com
www.wprost.pl

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-17` - `2022-03-17`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com.ru GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh

This page contains 12 frames:

Primary Page: http://phativetbuo.ga/
Frame ID: F06DF3538D1C263778458837C3565B0E
Requests: 86 HTTP requests in this frame

Frame: http://ls.hit.gemius.pl/lsget.html
Frame ID: 61F10A287C62F2F44D714268B3E9CC91
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html?mode=new
Frame ID: A18223A68BFE205801448EE2233F2076
Requests: 1 HTTP requests in this frame

Frame: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 28017335CFC573EC424CBEB4631A7CCF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DDBD52580D9DED54BE7EC3D5F6006B74
Requests: 1 HTTP requests in this frame

Frame: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B26FEABEA2D86BFE767703B35A3A1E56
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F6A34A7248BF08C4D57904C5FD4B1D0C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 43B5AC0DDAE4F9D759D1543DDA80C29A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVcqx1DBdQprqtldFqUDp9j6vi6cipeeJ7ybe5E8d99Hnk2qSbgdb26jFtnxpf-EgqLs5zMc0E_w36HklUNqeFODjAY1pAL3nvOoEBxA8tIPBaeibhT-jeceweM1gRpBuffXTiXeUar3b15GOAep1p9lkXe9PeEuQm8HNxV8yxerfOGF5I
Frame ID: DD27C3D23E03E83271BEB84C5D06331B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8FF7D74A7F63AA05D6A21DEB30246D5C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 26FC6B4F0DCC52F2158A21373DDDBDA3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Frame ID: 15C3779E154D3DC1623E5E7C2CBB0F4D
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gdzie inwestować w Gdańsku? – Wiadomości Nieruchomości Wprost

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

145
Requests

61 %
HTTPS

63 %
IPv6

24
Domains

32
Subdomains

28
IPs

5
Countries

2372 kB
Transfer

4792 kB
Size

21
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://nieruchomosci.wprost.pl/wiadomosci
Title: Wiadomości

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/inwestowanie-w-nieruchomosci
Title: Inwestowanie w nieruchomości

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/budownictwo
Title: Budownictwo

Search URL Search Domain Scan URL

URL: https://nieruchomosci.wprost.pl/architektura
Title: Architektura

Search URL Search Domain Scan URL

URL: https://www.allcon.pl/mieszkania/apartamenty/mlyny_gdanskie/lokalizacja?utm_source=wprost&utm_medium=artykul&utm_campaign=mg&utm_term=20211029&utm_content=gdzieinwestowacwgdansku
Title: Siedlce

Search URL Search Domain Scan URL

URL: https://www.allcon.pl/mieszkania/apartamenty/mlyny_gdanskie?utm_source=wprost&utm_medium=artykul&utm_campaign=mg&utm_term=20211029&utm_content=gdzieinwestowacwgdansku
Title: Młyny Gdańskie

Search URL Search Domain Scan URL

URL: https://www.facebook.com/share.php?u=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&t=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2F10532860&text=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.wykop.pl/dodaj?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html
Title: Wykop

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&title=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Linked In

Search URL Search Domain Scan URL

URL: http://wwws.tumblr.com/share/link?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&name=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F&description=
Title: Tumblr

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fnieruchomosci.wprost.pl%2Fwiadomosci%2F10532860%2Fgdzie-inwestowac-w-gdansku.html&media=https://img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/f5/b0/2ff8f6c4e2e694b02e1d55ecdbb8.jpeg&description=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tygodnikwprost
Title: Nieruchomości Wprost - Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/TygodnikWPROST
Title: Nieruchomości Wprost - Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/AWRWprost
Title: Nieruchomości Wprost - YouTube

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/o-awr-wprost
Title: AWR Wprost

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/kontakt
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/reklama
Title: Reklama

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/regulamin
Title: Regulamin

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/polityka-prywatnosci
Title: Polityka prywatności

Search URL Search Domain Scan URL

URL: https://www.wprost.pl/
Title: Agencja Wydawniczo-Reklamowa „Wprost” Sp. z o.o.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

http://connect.facebook.net/pl_PL/sdk.js HTTP 307
https://connect.facebook.net/pl_PL/sdk.js

Request Chain 52

http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

Request Chain 59

https://advice.hit.gemius.pl/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphativetbuo.ga%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=203&lsdata=AQ27Ot2Tyrski3JF3y6NLLkJjo8k4q97C5owK_LFFkj.U7XrnoRJ52fltWaWc2RLWZqqMFwVWCKXYVwS1RusQ7_R_QOz/EaAMET4KVyf45/&fpdata=oDmwG3quudeZtF36IQXuxO.VVrGzn3HTq1HBVIl1jTv.F7&vis=1&lsadd=&fpcap= HTTP 301
https://advice.hit.gemius.pl/__/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphativetbuo.ga%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=203&lsdata=AQ27Ot2Tyrski3JF3y6NLLkJjo8k4q97C5owK_LFFkj.U7XrnoRJ52fltWaWc2RLWZqqMFwVWCKXYVwS1RusQ7_R_QOz/EaAMET4KVyf45/&fpdata=oDmwG3quudeZtF36IQXuxO.VVrGzn3HTq1HBVIl1jTv.F7&vis=1&lsadd=&fpcap=

Request Chain 98

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1

Request Chain 99

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YioLdNqCZ8DMPMy.L1N2.QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1&google_hm=2

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEKo58kEePhz3kpld2q_yao&google_cver=1

Request Chain 101

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc4MzgwNjk0NDA2MTgxNzY3MA%3D%3D

Request Chain 112

https://ads.travelaudience.com/google_pixel?google_gid=CAESECNQSnFCoLuUvMtFRXYmA0I&google_cver=1&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0dsX4TORjIz4dFYQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TEF08aSuQ7yk2wF4jURReA2&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0dsX4TORjIz4dFYQ

Request Chain 114

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAdoJPTtH14Qu8cgudLwK14&google_cver=1&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327VADYH43YejRmorQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327VADYH43YejRmorQ

Request Chain 115

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGdGDq0wpI5dMuwsmlBqFxo&google_cver=1&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG&google_gid=CAESEGdGDq0wpI5dMuwsmlBqFxo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI0NTY5NTE0NTY4MTMxNDc4NDk%3D&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG

145 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
phativetbuo.ga/ 59 KB
14 KB 544ms
530ms Document
text/html 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 35afb774f93baadbff26bddc324582f3ddb6709f1ee3ed7dca47392db7fdc981

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxd3R%2BCqEeoernHt1OeNxl4v6tV3E2L8f3GjDhgzYJXwtvSaaceGO7Qm66SmJQecVr%2BmaJakQHVPyOtirIB%2FoYXnAMnMvWfjKZh1VwSHUUz8v5kMX4H0ly9A7%2B2FdRdhSiVY1EojZKCFyG4xMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6e9cbf28cd0c9b37-FRA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cee17864dc7f5e599a89712f12c8.jpeg
img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/5b/fe/ 116 KB
116 KB 157ms
113ms Image
image/jpeg 2606:4700:20::681a:f1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/5b/fe/cee17864dc7f5e599a89712f12c8.jpeg

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:f1b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0de0e82f02cff4ee5a100bd6b64339aebc721725a70f6c298d27f92e180c5cf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=118620, status=webp_bigger
cf-ray: 6e9cbf2c7bd79112-FRA
strict-transport-security: max-age=16000000; includeSubDomains; preload;
content-length: 118301
last-modified: Fri, 29 Oct 2021 12:21:21 GMT
server: cloudflare
etag: "1e24cd32ab260adee2b23e1a78a16c2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAmLGAKA92N1kobglG%2F9dSSHJO0HU7zE6KofYlt4qFBwpdy5DvX7u1Fh3hmSn4QGRyTN%2FeDyjnTkwQzMvgQGTrakSZeC6rbB4%2FaKsxQMHi5bf7bsaBLjEWNk3ClNonI0L96WdXs8l9GCi0U%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 176443101
cache-control: public, max-age=31536000
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: imgq:100,h2pri

GET
H/1.1 200
OK OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
phativetbuo.ga/_static/ 543 KB
88 KB 37ms
30ms Stylesheet
text/css 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8b3082371bd6a0093087b633647e5a3f3ec1ef0e97e982814f86821f8512bfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1100
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: W/"6229cb74-87c93"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mJwWvipl05p%2F2R8AFNvnqSU1LmGSqL26Y%2FspHFhhg1g0U8tODdpS7IrQzD%2F2GyTd8mm7Xh06JOH51Q6tMAoU6MzaoyV%2BDZpzsexyw4IAXOsjVlDoKNXzPOFqSH0EbXRJ5%2B7Usj78pVtTPqFQ6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6e9cbf2c3f71922c-FRA

GET
H/1.1 200
OK 414f937b-ee02-4965-9ad2-498152b33573.min.js Show response
phativetbuo.ga/items/ 497 B
1 KB 175ms
175ms Script
application/javascript 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/items/414f937b-ee02-4965-9ad2-498152b33573.min.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:09 GMT
Server: cloudflare
ETag: W/"6229cb75-1f1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TNivpE1WCEMsgMcCZxJFjkaTRpfwEbfcTr7UQgmQyOlu4lqYqBT4cYrbu694WihIIAdVhUrQmuAKlMAIrhtIoixq4KCJFdMGmG6lKxSdK89KykeYylmYPtBsyXcXJmFThpgmz5S56iukWzjfJw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6e9cbf2c7fd8922c-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK gpt.js Show response
phativetbuo.ga/tag/js/ 77 KB
29 KB 301ms
25ms Script
application/javascript 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/tag/js/gpt.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 331e14f7226ecaea46e85f54db23f4e7a434969120e39c1a54a8087807ddf830

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Thu, 10 Mar 2022 09:57:09 GMT
Server: cloudflare
ETag: W/"6229cb75-135f5"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWl11cR25EB7Kz0cu%2FyFr2%2BSmosDvDvVcFzTDLAtVGelEkF41fdFPZPzkz1LxllUODlRjqEVdVfv6AEt18h4Q%2BUuR58g5TPvFLD%2FdeqA1dDGIcVEhz22q%2B4p5XUUXGwChcPtYWrhbCUWIg6StA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e9cbf2e4fb99b37-FRA

GET
H/1.1 200
OK 323699896.min.js Show response
phativetbuo.ga/tag/ 9 KB
3 KB 307ms
22ms Script
application/javascript 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/tag/323699896.min.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ea665fc0455d38b414a5a31a72f3a8e3a3054b6d3f224d73d5d9057f6b2d3db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2972
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Thu, 10 Mar 2022 09:57:09 GMT
Server: cloudflare
ETag: W/"6229cb75-2493"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFT0kVTw0q3eTJZVmUV0FoWZjj3A77sC7EJBYOjzqH2zCaMP%2Fe4yDn5WI8oAdOr7QEC8BT%2BTrLOmcmqoNzSCRfl2Q0wxiO4J0lz6DHu3QmdUxItg2%2FgvV%2B3K%2Fr6Yxz4VhJ1HQnRo8NgzsdjFAg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e9cbf2e5e2e90fa-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 132ms
47ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-8969414-2

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dac546a5443b93722ff9cebc3f80a43a5ccde481e94f7da9221507902dbf218a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
expires: Thu, 10 Mar 2022 14:30:10 GMT

GET
H/1.1 200
OK pusty.png
phativetbuo.ga/_i/ 95 B
830 B 480ms
183ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/pusty.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-5f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RB1W26KJC%2BfbBR37XEEMD%2BuNME85YgHhUx1O7hvFhTmRaNxhIIWT16UOaG1kgGG6B98MJ6JcyudGXpusb4mOqge2SquqD73o99AH3rkHmU7yKWZRfo3ClI8RVeGBQ8OXUxVmhGSRKtECF2seew%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e799f924a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 95

GET
H2 200 daecc84600673be34d903ed5b55c.jpeg
img.wprost.pl/img/mlyny-gdanskie-sa-efektem-polaczenia-inspiracji-historyczna-zabudowa-gdanska-ze-wspolczesna-architektura-oraz-nowoczesnymi-rozwiazaniami/a0/8d/ 69 KB
70 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:f1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:f1b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3932943c42751eb7007d21192da9999a6ee0bd453157a61b0083c13836875912

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
via: 1.1 varnish (Varnish/6.0)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1754
cf-polished: origSize=71328, status=webp_bigger
content-type: image/jpeg
strict-transport-security: max-age=16000000; includeSubDomains; preload;
content-length: 71098
last-modified: Fri, 29 Oct 2021 12:21:21 GMT
server: cloudflare
etag: "550bb2dd3f100afd4472844c5f9e8d36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tj98emrwz6W44gfeh%2FZ34XGfDIf9%2F5aRx1I4xVMCDLB4NOGfnDWI7ly9SHeRFgzPwIqPwGKNE1D%2F6AbVml0SMonVW5YQ8xyYcaqD2RmNUeXqTQCGEUGOWRgscqRlvBO7CSKjvOjpOaQqlzU%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 180319013 178409533
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6e9cbf2c9c039112-FRA
cf-bgj: imgq:100,h2pri

GET
H/1.1 200
OK html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js Show response
phativetbuo.ga/_static/ 365 KB
100 KB 27ms
26ms Script
application/javascript 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_static/html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4de28a05e0b438d5800c7dd1345e0ec1a63da96a9e2ad0a65d43203cd91d48ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: W/"6229cb74-5b561"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNkaEf2mch5LvSq6avkRwD0lAmJVJ9wKU6E6ffBpBulJquGEAMOj5IZEQjQvDU9F%2BfrE3QoojDgkL8fEjTWutgtXwj4U0OYFoiN34S%2Bjr9pxO0IwHrgW8LQzdyFbeX81mGaloiT0XpDOk4qMWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6e9cbf2c9c1a9b37-FRA

GET
H/1.1 200
OK xgemius.js Show response
advice.hit.gemius.pl/ 40 KB
11 KB 137ms
29ms Script
application/x-javascript 185.11.128.207
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: http://advice.hit.gemius.pl/xgemius.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: HTTP/1.1
Server: 185.11.128.207 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-207.dataspace.pl
Software: GHC /
Resource Hash: 919462eb23533d6a32db8faf732b4d7dafa39f69d32bff2a6905748fedf47bcb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Feb 2022 08:43:58 GMT
Server: GHC
Vary: Accept-Encoding,Origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Cache-Control: max-age=43200
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: none
Content-Type: application/x-javascript
Keep-Alive: timeout=10
Content-Length: 10842
Expires: Fri, 11 Mar 2022 02:30:10 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 135 KB
49 KB 141ms
57ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WC56M55

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

957266ec388dc7ffa6e940fd9bb1cf47da4fef33ca7525ae5a9d161a85634b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50349
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 10 Mar 2022 14:30:10 GMT

GET init.js
api.deep.bi/v3/ 0
0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f2649db29712c0b6bb0702c7c4b1187b10ec39f238ddee4f17a614fa64ce31f3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26291
x-xss-protection: 0
pragma: public
x-fb-debug: m10tBaxUdvIAv7zOvkDOi49tz4Aq9/lf4uqQZQhzRQ85LaEm4+w4XP9YSfR49snaGZ33XBJzJVO+iPgfeX+bng==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 10 Mar 2022 14:30:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sdk.js Show response
connect.facebook.net/pl_PL/
Redirect Chain

http://connect.facebook.net/pl_PL/sdk.js
https://connect.facebook.net/pl_PL/sdk.js

3 KB
2 KB

8ms
7ms

Script
application/x-javascript

2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pl_PL/sdk.js

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

baa6d09662c76b0fc60c27ba857a06d73dd05832482c879f241533d323c0d678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: xAsu2byO0uS9CbVupKOIbw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: 399ExBSW6MAHykgeBtK42CTTsOWIhgU5I17oclQdvGjC82zUQdChFnwI/FA4XOQN5Nl0ufmC/+AT7qPwFPAVjg==
x-fb-trip-id: 686109401
x-fb-content-md5: feecc0e65642a7e6d3830972d2e3442e
x-frame-options: DENY
date: Thu, 10 Mar 2022 14:30:10 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "7a07e2ad20a2cdb5501b8741a2684c1d"
timing-allow-origin: *
expires: Thu, 10 Mar 2022 14:41:38 GMT

Redirect headers

Location: https://connect.facebook.net/pl_PL/sdk.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK logo-wprost-header.png
phativetbuo.ga/wprost/_i/ 3 KB
3 KB 238ms
21ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/wprost/_i/logo-wprost-header.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01351f6b65ecb4efde549618c748755dec43b369bec2897260f7f4ec05aebbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2972
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 2632
Last-Modified: Thu, 10 Mar 2022 09:57:09 GMT
Server: cloudflare
ETag: "6229cb75-a48"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTxTi926AMZVPEpc4wy62Ouf%2FQ0%2BfRDHAuDZOSSfN8OujNZGGz9Z3DAyN0vGLldkOhkcCrRfUQpXnTr%2BrMOD5HwBgpiy8XPmmvn4GBx2L26I1JP8AbwIrqyo98md0qBGCIR%2FACszPAGt%2FB%2BFOA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e1a659b63-FRA

GET
H/1.1 200
OK icon-20-a-menu.png
phativetbuo.ga/_i/ 1 KB
2 KB 252ms
23ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-menu.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42b21abbca1944f3630cf12ce218a16eed50f9673faf100047ca61341e318b80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1027
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-403"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ETLSs%2B5CtqPYm8ZE6eqm2qByNu4xZlQvMPQ9XtHOSlz79tIKmI7ZWVU5cdIqESZdTJAfQg86lk022dc3Us4njrLhe%2B%2B%2BRaBLcjHqZ5jBBULqproOzV1APkpdBx%2BnFpKrTCnnoFO6nkfIQ90KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e2f829b37-FRA

GET
H/1.1 200
OK ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 15 KB
16 KB 279ms
271ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "3d68-5d9da3cc0894d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtgQKZjLNmB35JjZceEOsY8ENSaXMHK7v%2Bod0amqfu2r6j9WLDLejf%2FvzN0G1zHWijsPcwe%2Fr%2BUAnzF7Y%2BNt7GPO0WVMA1b%2BAMxfWpI4iCcX4CTUJRY9uxpFE7e9Z%2BC8xRgb8%2BkGICLq4C5ltQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2cab0e90fa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15720

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 15 KB
16 KB 296ms
287ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab106619cd53cba1c09e1b3aedcf87dc90958fef3b886f9107a0ae94f5dd7733

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "3cf4-5d9da3cc0894d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1AGaAvjTouF5KFBbaedXYwm3cdfSjWTGLco4M0jDyDwuBqtHDRdTn%2BcDGiUAgOfIPJSJygUioiCmiN3Uy0NaeFJ9a3byMepTJ5gYK7oocB6KvBFGVmkILHKWDzMxKuJgi1H1UnR%2BJ4s6Es1eg%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2caea39b9a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15604

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 15 KB
16 KB 40ms
31ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
Age: 1099
ETag: "3d18-5d9da3cc08d35"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnXRKVNuRxKZnMI6Hp0eHMYsDUZOsZrx04zvIRsECVH%2Fnp9UltL9VDM62eFU0rcJYaw7EzgO%2BC4Kk1fvS%2F3myAJaVX1b6ujkPApvhQeWZXeHWVAak7GrGaBR%2Bu32SZ7ry34XXPuDstJnjpDb4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2caf8f9b63-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15640

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu4mxK.woff2
phativetbuo.ga/_fonts/Roboto/ 15 KB
16 KB 291ms
278ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/Roboto/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "3d78-5d9da3cc09505"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dD%2Bor3kslMwpwoYIUPy4WIdNBpSeb93lQVZBfryVO5ihSFoWZA6HshGludRLKPPqxndvoPj30yGCH5uChkQVpIpjBYKKcgb2MLiRlBsSBEJlprwK0N%2FU%2By%2FQfDcVkWAoLM%2BhXp4VBJx0FXm43w%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2cbc54924a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 15736

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCoYb8td.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 12 KB
12 KB 211ms
180ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCoYb8td.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e730c5e58a487c838bda5b1a08e1b2a0d537371c08d4a01c56593ed8160ee6

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "2edc-5d9da3cc0894d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qn2zi0erUERqle1XlpnuFJ7h5Ivfr%2FsTWP3GKORuDdnANGXMZTDfNU65DiEhPlBtRpYUr4x7oQ7u5JEcS6s1dG9MjiRP0Mia0jjx8sxOaDurZ7M9arAOJQkvJr%2FGzbMM17hT4dBcEmoGT9pyMA%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2cdc769b37-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11996

GET
H/1.1 200
OK KFOmCnqEu92Fr1Mu7GxKOzY.woff2
phativetbuo.ga/_fonts/Roboto/ 12 KB
13 KB 223ms
192ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c84629456a70df1137ab4bdcddba32050a2524568912630c2538746cbbcdc51

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "2fa8-5d9da3cc0911d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgZ8UCFikH%2B2GQ2T4KFHGscD7ORLPYTm8QGLOekFP1dl0DwpgehskiQNIxtP%2BsR5k%2BB2hf%2Fixtf9QCcBpMaCz64gAzNW0Xwrw4RRVuuwfA7vPgxZjyHTKr0e%2FGFJnLluXjkYPrqq50LKvwuhag%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ce8049b63-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12200

GET
H/1.1 200
OK ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCoYb8td.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 12 KB
12 KB 150ms
12ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCoYb8td.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b019dba654b6a670ff83612cc866453fac6b389c1da4832159f340ead53081a

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
Age: 1098
ETag: "2ec0-5d9da3cc08d35"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQr7RHY87jrVZVG3uYRYaxMNaA1vA5pkZ9WAvAVBp5FX8qj7RpZ%2FcYe3sQVIxDXYPPI2Ut%2F7CDcgQMlX4aHnP8VL9vXGPXsITCyPg2ya%2BWcGwUJT7qK8Mak8aEInJahgvQ%2BqE9ppAh1XI%2B%2FqAA%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2d9990922c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 11968

GET
H/1.1 200
OK ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 12 KB
13 KB 316ms
169ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e13e58861d0d8000aa6c0b58204094359a1614ab079848ba8ba3a7f06028066

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "2f30-5d9da3cc08d35"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FRRCxieYLN5XFpnwr16VAxfWjcjNRynmQK5x4XOsUf%2B2KDusbAReT7cNS42%2FFouSdpNgzr3Fr2%2B%2BeBD8%2BqVuEg0Ctk4%2BDVSytxK6KX8BgWpoqHkbO1wDBFFRaTbNJbSvm%2FOK5pqQImthQnwbig%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2da9ac922c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 12080

GET
H/1.1 200
OK icon-30-share.png
phativetbuo.ga/_i/ 1 KB
2 KB 21ms
20ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-share.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6c3674785d0db6ea9c952d6389ad37ac07753cd0161fb0b6f7e0081153f316

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2972
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1463
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-5b7"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyPoIXUMVXYi6Ij4%2F1S0OLRKEOYvb3r4VxzAX%2FxvaYHPXHqGxZOu7JugJh14Dof85hmsjQFSp%2FVKRTW6fSaQxb6Zn%2BKd435wpwxblTo6GSu%2Frjozn390my3AZPZS88%2Fh%2BcV7kr0pZG%2BG0vJNTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e7aa79b9a-FRA

GET
H/1.1 200
OK icon-30-comment.png
phativetbuo.ga/_i/ 1 KB
2 KB 25ms
25ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-comment.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd5e88b0f2cc6fb839016d92d209e99cefce24f4ff6bca4c5ab02bc8c2b1ffe0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1232
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-4d0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GegGtn1jsFwTEIcKu6B%2Bou22Madu2DBKRk%2FeLCR8AEleO8shFsyzHaSFQ7XZtmxITFkKyoDAie5uaZ8YnpblYtIFtqgv%2BUsn%2FWGpwVqIHyhJaUzADSzMzEM3SlHzDWXG18pITOWNgrmU1fYokw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e78069b37-FRA

GET
H/1.1 200
OK header-nieruchomosci-01.jpg
phativetbuo.ga/wprost-nieruchomosci/_i/ 168 KB
169 KB 24ms
24ms Image
image/jpeg 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/wprost-nieruchomosci/_i/header-nieruchomosci-01.jpg
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c79b7506033f731f036b8c0da54494d539ddb31a06a0266c6189a4990f1d13cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2972
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 171862
Last-Modified: Thu, 10 Mar 2022 09:57:09 GMT
Server: cloudflare
ETag: "6229cb75-29f56"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzQnOFFHU1LRfdDyexUXKGZ7bMbOCQzOJX7Fk6LXdeBmeqAxYCgYK93vHX4nNyaHV%2FgxktNNNbfEGAeCBewmfeNLMloNvbpLCdx%2FoiZyDdntj%2FMwHenwLxCwPZfz%2BjrF7WiOsm%2BAItnAxJmtJg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e8e6f90fa-FRA

GET
H/1.1 200
OK icon-20-c-check.png
phativetbuo.ga/_i/ 360 B
1 KB 20ms
20ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-c-check.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42029e6774581c9691e7a855bab8e412602160a2592cb13574e6a9b9e0f390a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2972
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 360
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-168"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCWO%2BKX12dpnyNYH%2BhJUHwre4eGucko9J%2BYrdvC9EPOMvW7S6JZSMnWDwsXcYz0fMRD23QWNMkWROG8OUif0q2QW81Ui0tpv1Msz%2Ft1lI%2BWdQVN4SU5E1OdUwLvoymS7B4e06HyCfdWWeOwp%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2e9aef9b9a-FRA

GET
H/1.1 200
OK icon-20-a-soc-facebook.png
phativetbuo.ga/_i/ 1 KB
2 KB 23ms
22ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-soc-facebook.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc6aa291217a39c090896ceca42dde661767f883062d581a6074b3c27b72d6af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1110
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-456"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XiRaLNyNtseE7nHbkLUFg55Y4UQvvQXcn7KBynC47hAbgXxq5bCep3kg3HZHNTPnbcnAsS6z%2BEckRGeI4uOQV4gTNX4LxuHn%2Bf%2FtWzj1KFtpISFhoYVd9M5nUZCC8XNvStyisrOI1lk1YS38Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ea85e9b37-FRA

GET
H/1.1 200
OK icon-20-a-soc-twitter.png
phativetbuo.ga/_i/ 1 KB
2 KB 168ms
167ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-soc-twitter.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f416547d36ab9ef1af8bd30eb509bd63c961ffe240096d7bc6e4a9162eb10df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: MISS
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-501"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqjkEKixDgLyHTwINiAUVi0G9ygm7oAU%2BxUBymofjg1SNlgq6RF837rupsvibOWf5Gj%2BZMODRxaNI1z2bbQDPPDjxUTVPzFa8O7N1X0fL4n8gV8PwlS8Q91XIim5O1dpjr6SInK6oVBbCZq3AA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ebb65922c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1281

GET
H/1.1 200
OK icon-20-a-soc-you-tube.png
phativetbuo.ga/_i/ 1 KB
2 KB 31ms
30ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-soc-you-tube.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4231e6435e26e6cbd926387d7d59bd67745bae47173ffc868631c4138d80f55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2973
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1201
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-4b1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tN%2FRhNNjOU1VaGgxMkSKpssDvuU4koxytVpxvBhhpUTIdjOmZSc4bhDIlSFiL0G9fdBAPPzxjJWKALLHfBsclzvIn0gJS3mTkrpvtoCpwu1NIZnNlUFmC4RwoMA3LP186TEUdgDvaTzC68apmw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ebb3f9b9a-FRA

GET
H/1.1 200
OK icon-20-a-arrow-left.png
phativetbuo.ga/_i/ 1 KB
2 KB 20ms
20ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-arrow-left.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 779de053872046185bd650f7e2ffb8b4f1e0ee5f9b2bc73711dbf00f2abc6b28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2744
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1134
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-46e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sw%2BKKiDVyMHGVue2oRr738s4Rzowis0kPF04EE5tXhsURlcL0u4l6l%2FDefOfBfACMQfIXqQLmqatQZ8s%2FFoliYXI5Ar50C%2F4Psy31IfxyxuppjaZPfjPqqnisHCXvszXBdIKVs8vodxZDO3Zlg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ec8a89b37-FRA

GET
H/1.1 200
OK icon-20-a-arrow-top.png
phativetbuo.ga/_i/ 1 KB
2 KB 27ms
27ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-a-arrow-top.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24fa35573d7e0db487ed379dc1ce2d72776d89129804568e1e5d1dccdfd3a27d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2973
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1117
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-45d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSfBcO8x%2F%2FggKGO2TCbbEXQlnIOMp2OpxIB1UO%2BEBkpRtf1HVPWhySyWkjTvwQS2mjammOFo0Dxoae40lO6OcnBHsZIFnEtL85gG39xzMoIolUC5xv0bWRLRMVKWmPEzqm0SezZOnRtTj%2B5VvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2edf0990fa-FRA

GET
H/1.1 200
OK icon-30-a-soc-facebook.png
phativetbuo.ga/_i/ 1 KB
2 KB 21ms
21ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-a-soc-facebook.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d23c6c35e02d267d4ce46c0e9b197720d883ac35a6f608393c9964ff5831d603

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2744
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1161
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-489"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Whp71RW69ZwKtgcI6WL%2BXbGVPginiTySt%2B%2FXe1o1%2BXC8E6AMM21IysGR2QnVs3v5n5M0VdQ5lmzJ4znO8IG26wO58rlKGyEhe7ZXG2GOGxwuay%2BzZpe0EKIPAAfz3U1lPguuccVKhdpWg9h7Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2ee8f79b37-FRA

GET
H/1.1 200
OK icon-30-a-soc-twitter.png
phativetbuo.ga/_i/ 1 KB
2 KB 22ms
22ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-a-soc-twitter.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef6bc03a26bf3dbb80a22a2eaf54523f07a7aebac158bcd69d58bd5a13cc9351

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2973
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1443
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-5a3"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSn6M966N%2FVZQumyVJ7A1ZiOnVobs72uF3LT1JyOY%2B5ckfnezOWbWzUXjh3L09ylEtIjGJ7KY8Aj6S%2FecMvAjeyPq5fIMdBbBM5wd%2BC9F39AWSO8j4sARjBQi7F5T%2B42OqA2ZPqe5qXO90IXbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2eebc09b9a-FRA

GET
H/1.1 200
OK icon-30-a-soc-you-tube.png
phativetbuo.ga/_i/ 1 KB
2 KB 19ms
19ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-a-soc-you-tube.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc450ca6f3818ff2ad8eae3a10277a1018c541e862cb5b9a34466a813e544bd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2973
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1328
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-530"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pnd8OMR%2Fr34oeHymapuJzl8kJksxk0PHt0j4DsVKYk3Lq7RMziwvm9BIQaWIyM8IwDla19LvmhFxzSsCNI4ywE%2FM2CZzNxnUpKceZvHJ0ixMSV%2BJSv1JqHpyaEiRowvol87WJp5CKl18YSXtOg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f0f6b90fa-FRA

GET
H/1.1 200
OK icon-30-a-soc-rss.png
phativetbuo.ga/_i/ 1 KB
2 KB 23ms
22ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-30-a-soc-rss.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5becbc936c15ff90857967205040c247e0f8a58b4fcbac94763ed3a61e059210

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2744
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1440
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-5a0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bvh%2BKwgY6DlIYxHDTyBusMpX8QNuc%2BJ0tNz%2BAbqf1Pa5l5EEeuoEw%2FmBCcSdlOqzFLQjZG%2BnXU2OWKSP8vsNmJRh6z5OHhyF3dGc9v7UXjEgfP92BX2f0YF0psISUJyFVeoy3EI24%2Bf5Z%2B%2F7uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f093d9b37-FRA

GET
H/1.1 200
OK ieVg2ZhZI2eCN5jzbjEETS9weq8-19eDpCEobdNZ.woff2
phativetbuo.ga/_fonts/RobotoCondensed/ 17 KB
18 KB 206ms
29ms Font
application/octet-stream 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/_fonts/RobotoCondensed/ieVg2ZhZI2eCN5jzbjEETS9weq8-19eDpCEobdNZ.woff2
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7c4b870733c836a4e6688f1d748901c9b766f678418dd321a4af64de93e20ec

Request headers

Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
CF-Cache-Status: HIT
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
Age: 927
ETag: "4380-5d9da3cc08d35"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BSXdOhv8E46eBj2u%2FVVXtHzLUpXY9Dw9k4zhi868pRp14WBfC2ucicqa8Feg4rL7AFmCT1GHgyJWncBsHOcqqVQnSN%2FvG30TVQYO26a7vf1cGMVwxdB9iF%2FOW6MX%2BM7dcpMghs6IyZ%2BeyXvPVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6e9cbf2dff049b37-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 17280

GET
H/1.1 200
OK icon-100-arrow-left.png
phativetbuo.ga/_i/ 1 KB
2 KB 23ms
23ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-100-arrow-left.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c7543f17ece99c6b9fc15cd93856cf12e5f8945284a5dbeb926bbb4ac81be73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1406
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-57e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=INIJCvF7KwRlBMj4j9dhi8QZPkBhfHjfNiwomfrUOcZY1SMsaekdPQA1wB7hawvC%2F2zGedTuj5xQeZS2%2FvOWVMASHEPYTfp49leYdg%2FK4jsQMLYUIABHLgoXBRXrz2kVCmYq8JCxDjVtlk84FA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f1c0c9b9a-FRA

GET
H/1.1 200
OK icon-100-arrow-right.png
phativetbuo.ga/_i/ 1 KB
2 KB 24ms
24ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-100-arrow-right.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e8da9c93695d9066c06a0ff4ad814559e5c186cb7fc93e31a499183e14cdc92

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1395
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-573"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGFFZBdhpddh9Ld58KKyHLqL7OzEAldgwT2xrbc25kfMPMSPMoR2XoA5PQ%2B8Ve0TEj21a53w9BpISOdHBGh5usqy6rG%2BbcJXx4M7ycMCjcwHkeswjj6GMuNGV8Gbot%2B4GLOMoDE7NyYg%2F1uDrg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f2fad90fa-FRA

GET
H/1.1 200
OK icon-20-c-arrow-bottom.png
phativetbuo.ga/_i/ 1 KB
2 KB 22ms
21ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-c-arrow-bottom.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0643484d67311199055be01407f32b3310fec6a59fe9e85107ba5f41f19a2cf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2742
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1177
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-499"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hb9uy0nIBgL7WgqyKD9X5Qh1MX3F8lTvAmoOOtDgdeg1oEHzf%2FPuHMJ5Ler5%2FUgBwvMX4gaX3dkaUXLqJ%2B3RdJ4gOR13KjHExKsIyamPtVkzw2mPyLhOiG7zDFU6miEB9M7ahai3%2Bi%2BdrEeYzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f397d9b37-FRA

GET
H/1.1 200
OK icon-20-c-arrow-right.png
phativetbuo.ga/_i/ 1 KB
2 KB 22ms
21ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_i/icon-20-c-arrow-right.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d16c6bf2e25e475f0971bc6e839faa49e350a764a9e760053b613a0aab1d5f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1171
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-493"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GL%2BCR6M9ctM%2BTkFi6rV6FT4Mla%2FpSGcE7Av7r78buAIWFyAA2AagTt2rSioy2bFMlsYRn5cGf0FeNMYR8YZaetsrPyd9I%2F7wkBuKkPbEzdXZjj7H6DFonYPLcWa2BM%2Bb0IntYWk1Cm4cHEFF3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f3c5d9b9a-FRA

POST
H/1.1 404
Not Found hits.php Show response
phativetbuo.ga/ 206 B
856 B 355ms
196ms XHR
text/html 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://phativetbuo.ga/hits.php
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/html5-jquery-3.5.1-lightbox-2.6.min-main-nieruchomosci-ads-deep.bi-98094d358c56483135314a865a0dd1f1-content.js
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 813d68061248785859a089791ba33f25cf9e90e565fa62e5848d88224fc00e9d

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://phativetbuo.ga/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2Xm2y1ZZLxZT28unDAaVROPMTNO3HDoMTYRVpETb5OXalgj7ypz%2Bqa8J2GzIQt9T%2FLyiZlIGxgQzpab7SRysAgrh3IQtFPTYiMJC%2FjHvaB29zc2UImqRbeKhaBZ5p1svn%2FMRLHJKOeXAodHNw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
CF-RAY: 6e9cbf2e3aa79b63-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 534361764150757 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/534361764150757?v=2.9.55&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

66d40d6d50a3a93dffb20255fecae710778d487d96aca96983fe32033309e72d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 89131
x-xss-protection: 0
pragma: public
x-fb-debug: pykigV5HWpZojlqqrxm2SSk6HmfAHAOIlTUzSl1H5TVLNC4TLqeP0FWuost6xaxViBJJ3uzTF/+fGUfFhWLLBg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 10 Mar 2022 14:30:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/pl_PL/ 285 KB
81 KB 17ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pl_PL/sdk.js?hash=407b5fd7d394a1a44929f8fd44fa54ce

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/pl_PL/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

44f55fc4cdf17da0734753647e761e6ffb58847efb5a91f6d460147abe38b471

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://phativetbuo.ga/
Origin: http://phativetbuo.ga
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 6OflYzvBKkQyKQEVf+UHKw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 83061
x-fb-rlafr: 0
x-fb-debug: nrOHqU1+IBD/MsSmknusSXADjhkHBXg8E/S1DeGbz9tbyM7xJFevJylKUqbSiO5A93cJO+6Wsu3zYySWat+JNA==
x-fb-content-md5: 10552526ce668446109245d5caa58fb5
x-frame-options: DENY
date: Thu, 10 Mar 2022 14:30:10 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "2ea3a3bed9da88e04cd083dc183d8299"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 10 Mar 2023 13:07:56 GMT

GET
H/1.1 200
OK prev.png
phativetbuo.ga/_js/jquery/lightbox/css/img/ 1 KB
2 KB 25ms
24ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_js/jquery/lightbox/css/img/prev.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1360
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-550"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhp5ogzs6ylcWokrWCcSdskSivt9i%2FbmVWVzjWw2XHBGC%2BtvNpBe6Iq4M0rtImT31FBSzvWcEROqkwzXNZ1LotgOC0F2Dk%2BF171EXka4T6G3TJqpM2G8p%2BA3JLwFdVnsIsIHJJx%2BQPjjDbdvmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f580990fa-FRA

GET
H/1.1 200
OK next.png
phativetbuo.ga/_js/jquery/lightbox/css/img/ 1 KB
2 KB 25ms
25ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_js/jquery/lightbox/css/img/next.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2743
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1350
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-546"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljr8W866fpiPOMpqCXDbhhCqlA7ys63LaxfZEThryJvqUQ7h6IBKjNXyz952kmyvRaQ%2FbcbT%2FqAZmx6wL%2FBB0Qz0zwYo2R1N8FkDYKhrRihkJszAu%2FU51rf0PKY7MUy38i937eOYR3a24gEeIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f59c09b37-FRA

GET
H/1.1 200
OK loading.gif
phativetbuo.ga/_js/jquery/lightbox/css/img/ 8 KB
9 KB 20ms
19ms Image
image/gif 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_js/jquery/lightbox/css/img/loading.gif
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 8476
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-211c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Br7KUIejM3QgfhN3sXA9mq7ARK7EAaWvC1Uehn0OumTAawSjj4kj5EJGwlCoqxiJ82deatRq1gSu1LlS7j8N%2BE0aw%2F6XasWQL0IE0ACTGVbGhYozS6C3%2Fj8SJs26t8QOzqPbheq6V%2Fh%2BQ1bI9w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f5cb49b9a-FRA

GET
H/1.1 200
OK close.png
phativetbuo.ga/_js/jquery/lightbox/css/img/ 280 B
1 KB 25ms
24ms Image
image/png 2606:4700:3030::6815:5912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://phativetbuo.ga/_js/jquery/lightbox/css/img/close.png
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:5912 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/_static/OpenSans-Roboto-RobotoCondensed-define-layout-forms-header-menu-lightbox-nieruchomosci-paywall-message-1bc0e998e299128c73ed5100c28b2951-content.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2961
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 280
Last-Modified: Thu, 10 Mar 2022 09:57:08 GMT
Server: cloudflare
ETag: "6229cb74-118"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5pkq6pclmNaVCWjq28CgiC8exIfDmcF2%2Blaa5kvzUtspGCwlbvLeM2CI8ydnt1Vnj2o5k9dIsu0VdA9TSnI8IYoaakxuKCLM1mVN6H5ThrXelGeOLNllDQ2Z06g8oxW58olOAZwzzLb3OM8sw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6e9cbf2f784490fa-FRA

GET
H2 200 fpdata.js Show response
advice.hit.gemius.pl/ 283 B
514 B 118ms
57ms Script
application/x-javascript 185.11.128.207
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://advice.hit.gemius.pl/fpdata.js?href=phativetbuo.ga
Requested by: Host: advice.hit.gemius.pl
URL: http://advice.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.11.128.207 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-207.dataspace.pl
Software: GHC /
Resource Hash: d0f0e05388d35c2e201d645933f5b2b7e53fde8630bdfb59f514fa1e80885f45

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 283
expires: Sat, 09 Apr 2022 14:30:10 GMT

GET
H/1.1 200
OK lsget.html Show response
ls.hit.gemius.pl/ Frame 61F1 5 KB
3 KB 58ms
26ms Document
text/html 145.239.237.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://ls.hit.gemius.pl/lsget.html
Requested by: Host: advice.hit.gemius.pl
URL: http://advice.hit.gemius.pl/xgemius.js
Protocol: HTTP/1.1
Server: 145.239.237.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-145-239-237.eu
Software: GHC /
Resource Hash: e9bb01299987dc27fcd7e93156f24b6a0ec18c614dd3541fcd522946920400dc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

Date: Thu, 10 Mar 2022 14:30:10 GMT
Expires: Sat, 09 Apr 2022 14:30:10 GMT
Server: GHC
Accept-Ranges: none
Cache-Control: private, max-age=2592000
Last-Modified: Mon, 16 Jul 2012 10:03:40 GMT
ETag: PRIVATE7520710249
Vary: Accept-Encoding,Origin,User-Agent
Cross-Origin-Resource-Policy: cross-origin
P3P: CP="NOI DSP COR NID PSAo OUR IND"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Type: text/html;charset=utf-8
Content-Length: 2719
Content-Encoding: gzip

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 25ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=534361764150757&ev=PageView&dl=http%3A%2F%2Fphativetbuo.ga%2F&rl=&if=false&ts=1646922610831&sw=1600&sh=1200&v=2.9.55&r=stable&ec=0&o=30&fbp=fb.1.1646922610830.1337493375&it=1646922610772&coo=false&exp=p1&rqm=GET

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 10 Mar 2022 14:30:10 GMT

GET
H3

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

171 KB
63 KB

97ms
49ms

Script
application/javascript

2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf2e03274c8ff5dd0d49b6d89cb80871d704020afded1027c7242d12e8ecbd29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64530
x-xss-protection: 0
expires: Thu, 10 Mar 2022 14:30:10 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 163ms
76ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WC56M55

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b872b4ad2e649961fbf3cdc43966716bd820301634adebaf5329c1aa22a1f7ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14889
x-xss-protection: 0
server: cafe
etag: 11178597599353190569
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 10 Mar 2022 14:30:11 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame A182 5 KB
3 KB 84ms
27ms Document
text/html 145.239.237.56
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html?mode=new
Requested by: Host: ls.hit.gemius.pl
URL: http://ls.hit.gemius.pl/lsget.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 145.239.237.56 , France, ASN16276 (OVH, FR),
Reverse DNS: ip56.ip-145-239-237.eu
Software: GHC /
Resource Hash: 378b5bfbc7db6b4e2e8fda7f47142b3dfe517c24b722bffea025fd2a7037b91a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://ls.hit.gemius.pl/

Response headers

date: Thu, 10 Mar 2022 14:30:10 GMT
expires: Sat, 09 Apr 2022 14:30:10 GMT
server: GHC
accept-ranges: none
cache-control: private, max-age=2592000
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
etag: PRIVATE7520710249
vary: Accept-Encoding,Origin,User-Agent
cross-origin-resource-policy: cross-origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: text/html;charset=utf-8
content-length: 2721
content-encoding: gzip

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 85ms
47ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/tag/323699896.min.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2aedd5bda1681ba0b370f3cdc24fc9f81a05c16f1c1b675a042e25c029c35b34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 10 Mar 2022 14:30:11 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1154 / 880 of 1000 / last-modified: 1646914169"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 27749
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Thu, 10 Mar 2022 14:30:11 GMT

GET
H/1.1 200
OK prebid3.16.2.BC.js Show response
get.optad360.io/sf/ 246 KB
247 KB 33ms
8ms Script
application/javascript 2600:9000:2156:d000:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://get.optad360.io/sf/prebid3.16.2.BC.js
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/tag/323699896.min.js
Protocol: HTTP/1.1
Server: 2600:9000:2156:d000:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8067ebedbe560e9197bd73675a916a0c8608c981bce15196838492731565bcbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 05:28:20 GMT
Via: 1.1 b44e2902bb3501d47514e51618f1bda4.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 11 Aug 2020 07:44:16 GMT
Server: AmazonS3
Age: 378111
ETag: "4dff781498624c4d6a8a35ebcda07b4c"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: public, max-age=360000000
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 252405
X-Amz-Cf-Id: z2ErTC-HN0pjYuU6WsUrDPABKDi5k-Si8n4_O76Yi5Up6L8JDV8jqQ==

GET
H2 200 pubads_impl_2021111701.js Show response
securepubads.g.doubleclick.net/gpt/ 345 KB
116 KB 123ms
38ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 10:04:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188744
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118578
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:34:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 08 Mar 2023 10:04:27 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 36 B
686 B 132ms
48ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=phativetbuo.ga

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4b11e672019da3b17bf5c57d6033e55d8a9de737f46dcc9faf137b0a34d68666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50
x-xss-protection: 0
expires: Thu, 10 Mar 2022 14:30:11 GMT

GET
H2

200

rexdot.js Show response
advice.hit.gemius.pl/__/_1646922611001/
Redirect Chain

https://advice.hit.gemius.pl/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphativetbu...
https://advice.hit.gemius.pl/__/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphative...

452 B
709 B

68ms
68ms

Script
application/x-javascript

185.11.128.207
Autonomous System...

General

Check archive.org

Show headers Download Go to

Full URL: https://advice.hit.gemius.pl/__/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphativetbuo.ga%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=203&lsdata=AQ27Ot2Tyrski3JF3y6NLLkJjo8k4q97C5owK_LFFkj.U7XrnoRJ52fltWaWc2RLWZqqMFwVWCKXYVwS1RusQ7_R_QOz/EaAMET4KVyf45/&fpdata=oDmwG3quudeZtF36IQXuxO.VVrGzn3HTq1HBVIl1jTv.F7&vis=1&lsadd=&fpcap=
Requested by: Host: phativetbuo.ga
URL: http://phativetbuo.ga/
Protocol: H2
Server: 185.11.128.207 , Poland, ASN50599 (Autonomous System for Data Space Sp. z o.o., PL),
Reverse DNS: host-185-11-128-207.dataspace.pl
Software: GHC /
Resource Hash: 41f10427ad792c9c8fc94c5296cc54f9bea7f5d92f4772256bc4c8d31d0b1f7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 452
expires: Wed, 09 Mar 2022 14:30:11 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1646922611001/rexdot.js?l=100&id=bPo70ouuVF6BwErIBuw7vsQM7KSWflChLqi.FWhl1jr.m7&et=view&hsrc=1&initsonar=1&extra=&eventid=0&fr=1&tz=0&fv=-&href=http%3A%2F%2Fphativetbuo.ga%2F&ref=&screen=1600x1200r1000&col=24&window=1600x1200&ltime=203&lsdata=AQ27Ot2Tyrski3JF3y6NLLkJjo8k4q97C5owK_LFFkj.U7XrnoRJ52fltWaWc2RLWZqqMFwVWCKXYVwS1RusQ7_R_QOz/EaAMET4KVyf45/&fpdata=oDmwG3quudeZtF36IQXuxO.VVrGzn3HTq1HBVIl1jTv.F7&vis=1&lsadd=&fpcap=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 09 Mar 2022 14:30:11 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
169 B 135ms
52ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-76JW1KVZM8&gtm=2oe370&_p=2108353917&sr=1600x1200&ul=en-us&cid=224180869.1646922611&_s=1&dl=http%3A%2F%2Fphativetbuo.ga%2F&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sid=1646922610&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://phativetbuo.ga
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 121ms
39ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-8969414-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3318
date: Thu, 10 Mar 2022 13:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 10 Mar 2022 15:34:53 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/854368221/ 2 KB
2 KB 133ms
50ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/854368221/?random=1646922611083&cv=9&fst=1646922611083&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg370&sendb=1&ig=1&frm=0&url=http%3A%2F%2Fphativetbuo.ga%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

caa81f1533a82fc6e6c5e7384fba20b5c482c4679872d3765e396c3190cda627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1066
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 95ms
48ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2108353917&t=pageview&_s=1&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=1224814934&gjid=958351319&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&_r=1&gtm=2ou370&z=1506071038

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://phativetbuo.ga/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://phativetbuo.ga
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 81ms
42ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=2&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=88787183

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 81ms
42ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=3&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20IDMnet%20Cascade%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1030040915

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 77ms
39ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=4&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1911195906

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 79ms
41ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=5&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1325262962

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 77ms
39ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=6&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=535882984

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 79ms
41ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=7&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1683676309

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 77ms
40ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=8&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1156097591

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 76ms
38ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=9&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1494010819

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 80ms
42ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=10&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20optad360%20Slot%20Created&_u=YADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1462584966

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ru/adsid/ 107 B
792 B 224ms
48ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ru/adsid/integrator.js?domain=phativetbuo.ga

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 216ms
46ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=phativetbuo.ga

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 498ms
453ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3192052688802293&correlator=4488032379389769&output=ldjh&impl=fifs&eid=31063812%2C31063246&vrg=2021111701&ptt=17&sc=0&sfv=1-0-38&ecs=20220310&iu_parts=60089353%2CWprost%2Cart_rec_szpalta_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=360x600%7C336x280%7C360x300%7C300x250%7C320x100%7C160x600%7C120x600&eri=1&cust_params=Wprost_sekcja%3Dnieruchomosci%26exp%3DP&cookie_enabled=1&bc=23&abxe=1&lmt=1646922611&dt=1646922611247&dlt=1646922610570&idt=629&frm=20&biw=1600&bih=1200&oid=2&adxs=1027&adys=983&adks=2053822233&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphativetbuo.ga%2F&vis=1&stss=1&scr_x=0&scr_y=0&psz=386x1&msz=360x-1&ga_vid=224180869.1646922611&ga_sid=1646922611&ga_hid=2108353917&ga_fc=true&fws=4&ohw=1600&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

cc90c72ea9e4538b030bfb70b79ed634db778d4691895317515d6bd9b874fff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9240
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://phativetbuo.ga
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2801 6 KB
4 KB 207ms
45ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Mar 2022 14:30:11 GMT
expires: Fri, 10 Mar 2023 14:30:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.google.com/pagead/1p-user-list/854368221/ 42 B
548 B 213ms
52ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/854368221/?random=1646922611083&cv=9&fst=1646920800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg370&sendb=1&frm=0&url=http%3A%2F%2Fphativetbuo.ga%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&async=1&fmt=3&is_vtc=1&random=750477819&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/854368221/ 42 B
548 B 210ms
49ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/854368221/?random=1646922611083&cv=9&fst=1646920800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg370&sendb=1&frm=0&url=http%3A%2F%2Fphativetbuo.ga%2F&tiba=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&async=1&fmt=3&is_vtc=1&random=750477819&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
440 B 74ms
18ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-8969414-2&cid=224180869.1646922611&jid=1224814934&gjid=958351319&_gid=366963580.1646922611&_u=YADAAUAAAAAAAC~&z=366237131

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://phativetbuo.ga/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Mar 2022 14:30:11 GMT
content-type: text/plain
access-control-allow-origin: http://phativetbuo.ga
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame DDBD 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: http://phativetbuo.ga
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

content-type: text/plain
access-control-allow-origin: http://phativetbuo.ga
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0
date: Thu, 10 Mar 2022 14:30:11 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 74ms
74ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8969414-2&cid=224180869.1646922611&jid=1224814934&_u=YADAAUAAAAAAAC~&z=681748233

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 74ms
74ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8969414-2&cid=224180869.1646922611&jid=1224814934&_u=YADAAUAAAAAAAC~&z=681748233

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 139ms
55ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfd232c074ebf651fa2233a2b8a04a4210a691fdf1e6e829539817c176d257b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10509
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 146ms
58ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 10 Mar 2022 14:30:11 GMT

GET
H3 200 container.html Show response
3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B26F 6 KB
3 KB 81ms
37ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Mar 2022 14:30:11 GMT
expires: Fri, 10 Mar 2023 14:30:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&_s=11&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=genesis_ads&ea=AD%20GAM%20Rectangle%20Displayed&_u=aADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=471093687

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38859
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F6A3 13 KB
5 KB 89ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Mar 2022 14:24:48 GMT
expires: Fri, 10 Mar 2023 14:24:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 43B5 783 B
536 B 95ms
47ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f4908ec3978695cebf3b35e59ddd7f8c8137bd9e9013aae2ff2a460f46de999

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Au1VQkI0swX/u6O9vHflZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 10 Mar 2022 14:30:11 GMT
date: Thu, 10 Mar 2022 14:30:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Au1VQkI0swX/u6O9vHflZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DD27 624 B
297 B 99ms
51ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVcqx1DBdQprqtldFqUDp9j6vi6cipeeJ7ybe5E8d99Hnk2qSbgdb26jFtnxpf-EgqLs5zMc0E_w36HklUNqeFODjAY1pAL3nvOoEBxA8tIPBaeibhT-jeceweM1gRpBuffXTiXeUar3b15GOAep1p9lkXe9PeEuQm8HNxV8yxerfOGF5I

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Mar 2022 14:30:11 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B26F 77 KB
32 KB 132ms
86ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B41gOVMf5cqQZj03qPE6LTZMNSVD1rEWUzMNsBmEwG10uLblwCpmzbGqjx2A3r8Hio6_NFg-XFIRAq41lJqTagZu8Tj9iLPsMvySGcvUdlVTK2PDPqvFwE-Ruxk8_6nz-Qk5tMezkK-ZCO6CucMcBbahDHVQ&dbm_d=AKAmf-CzR5RAbw7tmi-j_Z7BPy33i0coOtOsh0Jz4L3PgteyXuOKLq9XOeCtR6NWYEhgCBa5P5H50UkhQnG9U1EgokUDP2SWdHiVuAYWitm4jW2GCKTm6bNDmIstnhYVAZg01d_rqcwOiDxTvjtsX0eNln5DG9GSLBBTvL4Mk9C9-mgrDhNViYE6y0-3ixZhG-NEJW5NT6zJ9ssQ5BrcfKzDXDkTyyHzf79ILXszQF3jMXMQu3C-K1mL37EwFLCXVW5YH5A9RHKm1X39kj-gTbd5fTNeDIHwN7b_2sGTGBCIaWblXTYv-x1rc4uDwFumeuuzMAlHRPmXSvtuouYeSZaHpVYIZCfr14Iz_pA5pU96oD6_QWEW-jcb01ur3djPH_iDb58_h6z5VeuV66nZhBXz2rkoNSUpZj1IDAKHd5cfL6afcGfKDwy50Nj1jgSF8dBibU2G1K3Wm078LptZO2M4iEhlC3Ee1AegKJI6D5PBlosSrQO05PlZjfEqnsNLziqvSidOnR-Sbw4i9uFsxSzqHyTztWX4gdJT4UyD_xxKsgXCqTI6zXijkZlrqSfuhYZfltDbdHrbpANv-Q_-cG-wIxHlevgx0oyOEXz3W8lRiW5GdvT0kD3p8uq44RWIT9_2z5zeU2K8_qsGDH8jw_Mt5DFHSYMDMO3ptZwkDH6dIwjTbPiEV-M0eG-TQ9AfCTRS2GTXhnbE7o0Fkv6iXywKFCC22Jb7Pe1idYXVnvFH7ROcvLGFHbL8FsacuBEIxMBLJsDNBN1a4ffNqSE1cud9Wo8MTFMFScGkV_BiWkFnn9Ede0pPrgQi9TUGd1vujmuO1dGOC6V6h7CSydhuaGWkrzNvgWBKcqUSr4AtlDYriDTjHRxhTtuwe8rhc5vDMO1FM5G_TfQm6eWsJLjHgPFZCxQaPlAbhNps4w8T6-Zb-YUJcHUi7B2RPIlJ4bKMR2vJQ2gZe6dow7G2-TbLWxuNxLtxU2A_T2SKHQoEjPfo3oD-y0vbbUHXILZlxzO9MWvz5y8Cjf3uHA-WiQXpY3syITSWzBAeaUmxQMb1oULksxvKDLeHHLulrFjV8s6supgTFEB8PDos906tKjHJRbqPmpZy8haSxNnCAigIGIGcR8FozxxTcisQBjiFfSqyG4yjfnPXsrGiPxPbySgnsPIuaXkLwvI6PZQFeWkCAF8FVdSELSMhVTNjzheSOBhvolxA0HkBwtOfzddQxLS5N4YvVga091Kek0UOQhYRd1eBqdPIpuJLs1Vc43ygVilkH3cFV-fZMPzQ0DiuFabGEQfzP0nqrr1c0xhFg42Um8QFMIJmPGfIDhAqpBHqcqsdgNIfSJs1s3NG1Cgbd_qLQFSDi5cZelq20Xu4hD8I-dK5eXAHXBeGV07JfvfYuWqFivhpB372TyOMEwwk6JUSIosfunAlEZ13d-OanXvM6TRBmFyvhwP89SPjmDBTBwsF9MrFYs1FGlwhaBxXcvWjn4k4k5krgPeVohUzJX-uZtMelr8gH-L1nZonk71oEU2PGyH7JdpedeNnpoCDWGHnWeAX_hIXVSKwaDP3zg4KbMVMYXM0lsZhSD9fFRwUuWaLalQ_8yufPfcWtQuri_3fG1kqJ1XC4DdinMSZWbJMfPkDZ39yVLWMfK2zsNOowkUvz7qJx1q3Pob-GiKf8_LwUnddGY7Xauxdd8BKo0xbKDa9zABFXRyxvD0Ewev9wOzIEckN_e6WIHPAjodzEZyJM71Tx4WCngT8JfkRdbTuWdcd1if2w9ZLOCtfeXHsIFlay--l55SRQxDvgu_8dUBm-23q6XqV_PV15Rb0sc3G3bYFD9VoI6qLYaae7N_AMTdVIoVwzC02chTzsH6HzTBgRAlrpBoZXDjJoHn8PwvQ63cAG88OImBM_lEdCI_Yqkg1Kalk_DTR3RAs6UNj1YQ9P1Z4GaVQHqsPZ-OArQnmwLa74xRTYvHpkBi-YxuxMon45mnnXXI2_7CAqJhW36_7K45msZXJMmV1VSDPLxyGStkcmz6CBgVtEFmy1O5IHE7ROvgq9dcKCiZdEcyCm_OFORCuKo3_WhN24t7PWTC5i9pI_yjuP8vrqilZUqEzFTJQluv4yAlZWFOTwvb06FTsFe2SgVNcRIthlzzcdvFUVAJCF73U8wphihnnr_eofML25RTnVOINWlVivCdcXc9Tk1LN7fGfH8S8nYwr9byKI1UboF8gETT4dODh32g0waoV6Wg5oIdyevohMrmlMgoaUCd2mIjdez-8CnvwyRVghjKdhceKPYV4yFEDfnc875Qe8z69Opxnd2UPaKoVHmiK-jBihQzB6B1F0Bzi1_GjDh6sDj1ZAQNx0ZxSDEeYgoCxvaInJxzCw2eJAs7rc7LoIw0OOcQkl10Y4eG3xhrQGMB5ahmy7FOjobuuVgdQkkNpBcWQQYIls7YLOvn8L9HOoBUkG6usUDVCw01b72IEd4o9xNjMlWx9lu1fuH5YQMSTKaQbMKfzZ2O_HSuJ3AnHuZs1i430z_agHes8RFr3FK7eHi6Y9YWRSisDsihq0P8QUY8zbMrbQbV_0JGWUJzCbT2PgN6TZsIAPXQ39T3rndVKiR-2BOt6kaqmgPB-oE40kfuwm4qBBamW07ad7BPdFYBtBokXRPehlDqNOL9iiVRkOxSgEZgc9I2s8az_XXV_gyxWcLO52oHm0OB2j5l9nNGyfncnCVMltKkgzrdMdsMUHD7W0YqHRZeMI2OzDMlLsXaKEqpL1ssQPsMv7VvZLJBOmsAQOuUwRlv9A0HqH27K_fhBy9kDdTa48FD6zn3Lw3oWRb1CT6vOVdKAVL3bYRn6EW_jaegN2Jp324gpS9Wg0ok75gXdgSU7IHCXYEEnwPTgc81DHyCYJJFYqDbl4MH0cEkZF10onU6krWld5iqTB8g2vGjTh-P256W-UAEdXiqR-zDJ4KkVeOKyanWvNvOUwiJNyOiHTim2Aiu48uXA2sbCluCBeNJLGLzCvkvJ7elsXk0LZpVef2LSVxS4Sn7McDmAxafUZBPo30TCLf-z6zGafjptNUt8DMK7-fxDzhp-ttN2qs28&cid=CAASJeRoI3QDGMCFFGHZPFp1_eOPc1ESCsuQdnB_MEjVF9evr2827YU&rfl=1%2Chttp%253A%252F%252Fphativetbuo.ga%252F%240

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a27b4b2b32cbf52d489b471a6a59b03dc337d66ae6d8f69e2077eaa551279c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32673
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B26F 42 B
63 B 107ms
60ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZ6xQZF71zAR1yKxLa23zgcv1bhRa2iPkbym1oqsPWje6B6Z6I1Izo_Yg1TZXTRxybHkCrmZu3mshsc9ZynqDAxt3AFAjxf-OXyDXU4u421O6uuao

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame B26F 2 KB
1 KB 55ms
45ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 14:28:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B26F 117 KB
36 KB 142ms
54ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 10 Mar 2022 14:30:11 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame B26F 15 KB
6 KB 48ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:28:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 14:28:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B26F 0
0 54ms
44ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTiSIXWMQKoB0U8yseFiT6cg6xf3VDFmcmKTZnJrWlop_7xzLNnKv71inHOCIaUyhLVcQ9QNYpK2KoBa_BexKW9AllTQA
Requested by: Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 43B5 0
0 92ms
91ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021111701&jk=3192052688802293&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame F6A3 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 11:16:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11642
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Mar 2023 11:16:09 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DD27
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1

43 B
894 B

30ms
16ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVcqx1DBdQprqtldFqUDp9j6vi6cipeeJ7ybe5E8d99Hnk2qSbgdb26jFtnxpf-EgqLs5zMc0E_w36HklUNqeFODjAY1pAL3nvOoEBxA8tIPBaeibhT-jeceweM1gRpBuffXTiXeUar3b15GOAep1p9lkXe9PeEuQm8HNxV8yxerfOGF5I
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Mar 2022 14:30:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Mar 2022 14:30:12 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DD27
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YioLdNqCZ8DMPMy.L1N2.QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1&google_hm=2

43 B
894 B

18ms
18ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVcqx1DBdQprqtldFqUDp9j6vi6cipeeJ7ybe5E8d99Hnk2qSbgdb26jFtnxpf-EgqLs5zMc0E_w36HklUNqeFODjAY1pAL3nvOoEBxA8tIPBaeibhT-jeceweM1gRpBuffXTiXeUar3b15GOAep1p9lkXe9PeEuQm8HNxV8yxerfOGF5I
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Mar 2022 14:30:12 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Mar 2022 14:30:12 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHILR7Fua-66KU3YRycNS7Y&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame DD27
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEKo58kEePhz3kpld2q_yao&google_cver=1

43 B
1020 B

22ms
22ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEKo58kEePhz3kpld2q_yao&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVcqx1DBdQprqtldFqUDp9j6vi6cipeeJ7ybe5E8d99Hnk2qSbgdb26jFtnxpf-EgqLs5zMc0E_w36HklUNqeFODjAY1pAL3nvOoEBxA8tIPBaeibhT-jeceweM1gRpBuffXTiXeUar3b15GOAep1p9lkXe9PeEuQm8HNxV8yxerfOGF5I

Protocol

HTTP/1.1

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Mar 2022 14:30:12 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 64a2c835-fea1-45d4-ab2a-af338acf9bd5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEKo58kEePhz3kpld2q_yao&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DD27
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc4MzgwNjk0NDA2MTgxNzY3MA%3D%3D

170 B
243 B

84ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc4MzgwNjk0NDA2MTgxNzY3MA%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Mar 2022 14:30:12 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 605299bd-739d-4187-a557-51f32acc85f8
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc4MzgwNjk0NDA2MTgxNzY3MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame B26F 106 KB
38 KB 165ms
39ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
Origin: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 16:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80534
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 16:07:58 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame B26F 8 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B41gOVMf5cqQZj03qPE6LTZMNSVD1rEWUzMNsBmEwG10uLblwCpmzbGqjx2A3r8Hio6_NFg-XFIRAq41lJqTagZu8Tj9iLPsMvySGcvUdlVTK2PDPqvFwE-Ruxk8_6nz-Qk5tMezkK-ZCO6CucMcBbahDHVQ&dbm_d=AKAmf-CzR5RAbw7tmi-j_Z7BPy33i0coOtOsh0Jz4L3PgteyXuOKLq9XOeCtR6NWYEhgCBa5P5H50UkhQnG9U1EgokUDP2SWdHiVuAYWitm4jW2GCKTm6bNDmIstnhYVAZg01d_rqcwOiDxTvjtsX0eNln5DG9GSLBBTvL4Mk9C9-mgrDhNViYE6y0-3ixZhG-NEJW5NT6zJ9ssQ5BrcfKzDXDkTyyHzf79ILXszQF3jMXMQu3C-K1mL37EwFLCXVW5YH5A9RHKm1X39kj-gTbd5fTNeDIHwN7b_2sGTGBCIaWblXTYv-x1rc4uDwFumeuuzMAlHRPmXSvtuouYeSZaHpVYIZCfr14Iz_pA5pU96oD6_QWEW-jcb01ur3djPH_iDb58_h6z5VeuV66nZhBXz2rkoNSUpZj1IDAKHd5cfL6afcGfKDwy50Nj1jgSF8dBibU2G1K3Wm078LptZO2M4iEhlC3Ee1AegKJI6D5PBlosSrQO05PlZjfEqnsNLziqvSidOnR-Sbw4i9uFsxSzqHyTztWX4gdJT4UyD_xxKsgXCqTI6zXijkZlrqSfuhYZfltDbdHrbpANv-Q_-cG-wIxHlevgx0oyOEXz3W8lRiW5GdvT0kD3p8uq44RWIT9_2z5zeU2K8_qsGDH8jw_Mt5DFHSYMDMO3ptZwkDH6dIwjTbPiEV-M0eG-TQ9AfCTRS2GTXhnbE7o0Fkv6iXywKFCC22Jb7Pe1idYXVnvFH7ROcvLGFHbL8FsacuBEIxMBLJsDNBN1a4ffNqSE1cud9Wo8MTFMFScGkV_BiWkFnn9Ede0pPrgQi9TUGd1vujmuO1dGOC6V6h7CSydhuaGWkrzNvgWBKcqUSr4AtlDYriDTjHRxhTtuwe8rhc5vDMO1FM5G_TfQm6eWsJLjHgPFZCxQaPlAbhNps4w8T6-Zb-YUJcHUi7B2RPIlJ4bKMR2vJQ2gZe6dow7G2-TbLWxuNxLtxU2A_T2SKHQoEjPfo3oD-y0vbbUHXILZlxzO9MWvz5y8Cjf3uHA-WiQXpY3syITSWzBAeaUmxQMb1oULksxvKDLeHHLulrFjV8s6supgTFEB8PDos906tKjHJRbqPmpZy8haSxNnCAigIGIGcR8FozxxTcisQBjiFfSqyG4yjfnPXsrGiPxPbySgnsPIuaXkLwvI6PZQFeWkCAF8FVdSELSMhVTNjzheSOBhvolxA0HkBwtOfzddQxLS5N4YvVga091Kek0UOQhYRd1eBqdPIpuJLs1Vc43ygVilkH3cFV-fZMPzQ0DiuFabGEQfzP0nqrr1c0xhFg42Um8QFMIJmPGfIDhAqpBHqcqsdgNIfSJs1s3NG1Cgbd_qLQFSDi5cZelq20Xu4hD8I-dK5eXAHXBeGV07JfvfYuWqFivhpB372TyOMEwwk6JUSIosfunAlEZ13d-OanXvM6TRBmFyvhwP89SPjmDBTBwsF9MrFYs1FGlwhaBxXcvWjn4k4k5krgPeVohUzJX-uZtMelr8gH-L1nZonk71oEU2PGyH7JdpedeNnpoCDWGHnWeAX_hIXVSKwaDP3zg4KbMVMYXM0lsZhSD9fFRwUuWaLalQ_8yufPfcWtQuri_3fG1kqJ1XC4DdinMSZWbJMfPkDZ39yVLWMfK2zsNOowkUvz7qJx1q3Pob-GiKf8_LwUnddGY7Xauxdd8BKo0xbKDa9zABFXRyxvD0Ewev9wOzIEckN_e6WIHPAjodzEZyJM71Tx4WCngT8JfkRdbTuWdcd1if2w9ZLOCtfeXHsIFlay--l55SRQxDvgu_8dUBm-23q6XqV_PV15Rb0sc3G3bYFD9VoI6qLYaae7N_AMTdVIoVwzC02chTzsH6HzTBgRAlrpBoZXDjJoHn8PwvQ63cAG88OImBM_lEdCI_Yqkg1Kalk_DTR3RAs6UNj1YQ9P1Z4GaVQHqsPZ-OArQnmwLa74xRTYvHpkBi-YxuxMon45mnnXXI2_7CAqJhW36_7K45msZXJMmV1VSDPLxyGStkcmz6CBgVtEFmy1O5IHE7ROvgq9dcKCiZdEcyCm_OFORCuKo3_WhN24t7PWTC5i9pI_yjuP8vrqilZUqEzFTJQluv4yAlZWFOTwvb06FTsFe2SgVNcRIthlzzcdvFUVAJCF73U8wphihnnr_eofML25RTnVOINWlVivCdcXc9Tk1LN7fGfH8S8nYwr9byKI1UboF8gETT4dODh32g0waoV6Wg5oIdyevohMrmlMgoaUCd2mIjdez-8CnvwyRVghjKdhceKPYV4yFEDfnc875Qe8z69Opxnd2UPaKoVHmiK-jBihQzB6B1F0Bzi1_GjDh6sDj1ZAQNx0ZxSDEeYgoCxvaInJxzCw2eJAs7rc7LoIw0OOcQkl10Y4eG3xhrQGMB5ahmy7FOjobuuVgdQkkNpBcWQQYIls7YLOvn8L9HOoBUkG6usUDVCw01b72IEd4o9xNjMlWx9lu1fuH5YQMSTKaQbMKfzZ2O_HSuJ3AnHuZs1i430z_agHes8RFr3FK7eHi6Y9YWRSisDsihq0P8QUY8zbMrbQbV_0JGWUJzCbT2PgN6TZsIAPXQ39T3rndVKiR-2BOt6kaqmgPB-oE40kfuwm4qBBamW07ad7BPdFYBtBokXRPehlDqNOL9iiVRkOxSgEZgc9I2s8az_XXV_gyxWcLO52oHm0OB2j5l9nNGyfncnCVMltKkgzrdMdsMUHD7W0YqHRZeMI2OzDMlLsXaKEqpL1ssQPsMv7VvZLJBOmsAQOuUwRlv9A0HqH27K_fhBy9kDdTa48FD6zn3Lw3oWRb1CT6vOVdKAVL3bYRn6EW_jaegN2Jp324gpS9Wg0ok75gXdgSU7IHCXYEEnwPTgc81DHyCYJJFYqDbl4MH0cEkZF10onU6krWld5iqTB8g2vGjTh-P256W-UAEdXiqR-zDJ4KkVeOKyanWvNvOUwiJNyOiHTim2Aiu48uXA2sbCluCBeNJLGLzCvkvJ7elsXk0LZpVef2LSVxS4Sn7McDmAxafUZBPo30TCLf-z6zGafjptNUt8DMK7-fxDzhp-ttN2qs28&cid=CAASJeRoI3QDGMCFFGHZPFp1_eOPc1ESCsuQdnB_MEjVF9evr2827YU&rfl=1%2Chttp%253A%252F%252Fphativetbuo.ga%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 14:29:18 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame B26F 25 KB
9 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 14:29:11 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F6A3 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?JuVKXA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B26F 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 17:11:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163095
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Mar 2023 17:11:57 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8FF7 1 KB
749 B 40ms
39ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 10 Mar 2022 13:26:12 GMT
expires: Fri, 11 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 3840
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B26F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f915c4be56a1b574437ab72eab9b2620bdd40648a2ff73cc584016b4526b738c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 26FC 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Mar 2022 17:11:58 GMT
expires: Wed, 08 Mar 2023 17:11:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 163094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame 8FF7 0
0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 8FF7 70 B
265 B 106ms
40ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEDXW9hPyXDaRimaFI6dFJs&google_cver=1&google_push=AYg5qPLM7WRc8mms-jhpXJDmdI1X3mCQAxVN5KRlLbzAgSAQXrXRtbJhHI1SD8VzC9wfEbh9Fvz9z7YRtVjljcGd6Pxl_UJ0AB_i9A
Requested by: Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8FF7
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESECNQSnFCoLuUvMtFRXYmA0I&google_cver=1&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0d...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TEF08aSuQ7yk2wF4jURReA2&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0dsX4TORjIz4dFYQ

170 B
188 B

51ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TEF08aSuQ7yk2wF4jURReA2&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0dsX4TORjIz4dFYQ

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Mar 2022 14:30:12 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TEF08aSuQ7yk2wF4jURReA2&google_push=AYg5qPLzDteKnMsAsGvBFTpXXqtJQKnLBettI2-oyQTbq1FC9c8TIEStag-kPO5OKoqP6ZLrNzUOhG8IJqUyKT0dsX4TORjIz4dFYQ
x-host: tde-deliveryengine-production-6b8798558c-tbd2p
alt-svc: clear
content-length: 0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 8FF7 43 B
577 B 129ms
45ms Image
image/gif 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEMI9D1w5_0uX-uVrPKNl96s&google_cver=1&google_push=AYg5qPKNE-__vGqbJQ26WDggR-Ol2iJBB_rAI-r0TuduVOUPTq7VPG_Pxo4tjFMO58wzXHKtj1kUMHH5sJM3lr4S5KNvGqgClysx

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 11 Mar 2022 14:30:12 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8FF7
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEAdoJPTtH14Qu8cgudLwK14&google_cver=1&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327V...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327VADYH43YejRmorQ

170 B
188 B

62ms
54ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327VADYH43YejRmorQ

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Mar 2022 14:30:12 GMT
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPI_3x0870zwukAcgzLjUDwOUe-uaKQCs9NBeOYLs6Xwy-eZnhLCVOOYEFxRI5JH8rxHTU4O6fPCxs_Y327VADYH43YejRmorQ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: zcPFos5eMAocvOnY5ofC9swmpZTerGQ1K-OWY7yiIhzE5-zOnQjvwg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8FF7
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGdGDq0wpI5dMuwsmlBqFxo&google_cver=1&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI0NTY5NTE0NTY4MTMxNDc4NDk%3D&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2N...

170 B
188 B

66ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI0NTY5NTE0NTY4MTMxNDc4NDk%3D&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NzI0NTY5NTE0NTY4MTMxNDc4NDk%3D&google_push=AYg5qPK2X_ETYFqLsu7mcgW4lm2RRoKFPyUl4j1v8dX-n2cmlQ00ms-knRld2NkrPSHOrPuH1MXEQtgubWX9PDYhvSig0GS6R2BG
date: Thu, 10 Mar 2022 14:30:12 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 8FF7 43 B
101 B 129ms
45ms Image
image/gif 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEK0cw-_xVoHyIj_8U9afR_Q&google_cver=1&google_push=AYg5qPL2bm_y1v-uZDVG-53ilvBieQMeyJ_TEKYf4wRWnL5CKLM3vt3RKB1nlyk2xANBdEc4THa__LT076ebmdzIyrDMDl8826Dqq8Q

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 11 Mar 2022 14:30:12 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8FF7 0
12 B 96ms
48ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IznKHX2nTNQm7n_MdGsT4G2nWczrRok3yAJEIGo75D8KjtJbITj2a1s9x1aeRI_dcIULJG2A

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:12 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 26FC 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 11:16:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Mar 2023 11:16:09 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/ Frame 15C3 15 KB
6 KB 88ms
40ms Document
text/html 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0919849cbc3e870384df1fc4e72312ee8f272205f80bec14d29551cc8b44c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 5861
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 09 Mar 2022 06:42:09 GMT
expires: Thu, 09 Mar 2023 06:42:09 GMT
cache-control: public, max-age=31536000
age: 114483
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B26F 0
571 B 172ms
72ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyE5GgCnjGihm4b8s71z9g668-uH5Xp4S2wuD-KJrCaTm6A07KdoXGhlm2X4fvlxZO4gKwp_lo4D8Gt-n4pXcBSRcWiyZCf6Ncr39yXUielCWhKk6ZA_xv8sqkYshNtgnAlGP2I_LN4SxKEv_t5ew0DGmGNgsEnfDGkxZ65CgwomMEWcW5aKBRn6a_TjPROdeeDZz0haMUqgSCWnEtb51ML-p9cK_D7obUUYULjmMynyq7NMptr1oVdk24Kd8KMc98ZuveGCwhpSpnNac-Smum8tClb_G8inKw1uzwoTgQUBRP_PrTaZqOQhiVZ8GDCbPjdS12TJhv-l-YdHTz5PASDxigEiadWhTgqQKkUeoSv-TOYSPsDX37te-I3bCN4OV8Zrdh0N0XtgBlOkgPVFihS14Kli0rOJW8BYvzgCuok4VJra34EOevFoOxNkGBqFiz8sB_w1qkaawwVWpOpr3a0uc903QMpH6CcHVEeRl9kxbOd3PJ91UkMakBVoDjwp-8IFmt-pVTwTLdQtlzJp_YyHkKi9g92WWP7r4vTgLLohA59fIti9_cx2KjL-aFgBiVC6uD5e7_La28dPyt2n2EZYjzBQ0mZLRA7p00wjtYRYyYYsnwNjhpgG-oNdBqaecaQ-ibid4ES0Cn51VT_Q8zTe6SpOjdCL7muGt8qkRsjLJvYNFeyUIAb8YF1BEaKhgq-zjE18_Z6BWRjQjYKk8LaRTp6EK0njLzP1vbYRkkZpDS3ts5SJ1CiIywoBEzrjrJaD9ukkGfJPU9K2HUKU1Uib9IBIIlXUph6QURcZrclUuEJVMqNbb34TAUtKZhFb1NOAcd_ODtR8RoYRSAgyL6-6KxyJLgSjrGO3cQ6so5vyNmm_wyQpblwQ3B0ixqAuW6nlEcDnaCXhEvb1xCtIje1Crbz9QmISqYM7LFY-VyCQpb8rBRegeRicOtx-kLH_qkyNYNwGAvIrQtEPGt7TM7WbKnKRxE1IqG4mCXZSKaOXu-27i_pSmBHZEGkumpKMgDcNWyFrrgTRU0lcFvhiKh7Vf6Srdn3I3UvD6ijyzsVo4TVqnM31YBQmqkL_3Cqp9nzG-EE1Ebg60NkivZBQDxZj7clrF48xQafLir2FOj-jDiMtvVWMfIBYLKIEIJUZylpVxfjsQbQpWvHxI9eNCBWXcioqjB6rLzYCh4nINy9gbZVgRyTx12WkOlTkePOw&sai=AMfl-YQ15T1jMpWI0gp1tA4OuXbFlZjuovIA7acPxbLU4LX8yE13P_dfFvaXpYEZRgCTyJmtkYTM3hs07iQc_DRY47IddRZmlSsK-JGxc-ktm2gt3HSAcD1jWO62NAsbZqmOy94ts97jLBgepYs72HuVdXAhBbjxr1ycJf3n48FfY53iqYUxb4ViWRQDF3HeLC2g9VAccgab0Tk8VtAFsxlGgCkr&sig=Cg0ArKJSzGcJlw4D3dflEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=221&cbvp=1&cstd=219&cisv=r20220308.31321&adurl=

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 10 Mar 2022 14:30:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 style.css
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/css/ Frame 15C3 7 KB
1 KB 41ms
40ms Stylesheet
text/css 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

544e825b2f929afaf5d84354bed769874fa5e375e07815c7d0a2675f7df3420b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1427
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:19:59 GMT

GET
H3 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame 15C3 134 KB
45 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:28:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46435
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:47:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 14:43:24 GMT

GET
H3 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 15C3 54 KB
22 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:30:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 14:30:12 GMT

GET
H3 200 preload.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 2 KB
598 B 58ms
57ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/preload.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a064b735b498e6721dc8bdd21a0a5efbcbcbe9df3b8ebb2a5ff7cd359536117

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 569
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:10 GMT

GET
H3 200 dynamicload.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 7 KB
1 KB 59ms
58ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/dynamicload.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4acbd290943ec69e1f0f1af0d3a7c799ce09c0a89a0bfe953fb3503a1320355f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1216
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:19:59 GMT

GET
H3 200 CustomWiggle.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 2 KB
1 KB 58ms
57ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/CustomWiggle.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c49825547fd709c80e5e3dcc0258b6de3b7465d27f5af3d4af76a049cffc685c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1222
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:19:59 GMT

GET
H3 200 CustomEase.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 7 KB
4 KB 63ms
62ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f558a9a6eeef180607677837bb37b6fbc068d907b89e35f694665e96eb816c81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3561
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:10 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 15 KB
5 KB 60ms
59ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6418e7fe77ab785ac95beceec33fc8bfd67470a00a161240460e231d5c719062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5125
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:10 GMT

GET
H3 200 textFit.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 4 KB
2 KB 69ms
68ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/textFit.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52477aa6aed89e60ae9aa05f9d5ad89c87d39eef6f50ae0844ec2955b9d540ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1536
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:19:59 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 15C3 21 KB
4 KB 67ms
66ms Script
application/x-javascript 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e00f75870cb800fca43f3eb0ee2921b596508ab55b3827c94f4a99f560de755

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4324
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 26FC 0
20 B 62ms
62ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7ZqCcwsqYrnCOLOZrASmqZtoAAAAADgB4AQC&bg=!9vWl9bHNAAb7UztL-1M7ACkAdvg8WinzIVPxRiLFsa6_JMa23mEcky1TB-SUFPGmYb3TPH_WI-g8VAIAAABhUgAAAAJoAQeZAy8RJBcfVYHyGDBXmV7NSJPqm3PLOaB1DccMeHz03mHh8SE6Y_vXmuKX2Na91OCrFkMEnVteZzL9pTvnPqB3S-uKtSwr3zUrsFV8IooSegkUmsjuNz4v37MvG7G217jm1YIVV7cfKnAiy17UfC4HG2_E22s7PYUaA46TMl1umpxbwtRm9n6tdnPeU9RxTsH3PlRPRH34cXTMcXkzP28T0tk8piXnx7eNB9m2rDS8YD7W3zmgtXB-fyruidvrPOfkwaOWRYplbi6U90HbBtlg_p4vswYTTor3LpuVjoHVwG0BVjEzpahdyThNzDRy8A1vQuih0uteEKWTo42MKFkiA6FMyNYQ0ZvTzFra5mli0y5v0UvcYlq_ZrgcUKNyUv_j_OUOh8cisJfflC1FcQebIDk1rilKjafWHJ89B5wT1O2Qweg56SoHLIkQp5PcJOoA1dQYYe2neKVxGzf6VYTQ_4pUPv7uUW4kapL9N9t9v3HCj-pptIuoQ8hxRFqlIlnmPbGVmr6zmn_wU0suGNZRP93O_gwKL2n6xwW1j3nPfVSPof1gJW-60qKU7FTar_z3SEsAUEw33uxdkeNPyf_kfr8GtR60ffKyTOpD9lnSA2PitKq6b5ZeSPfzKg_Ruy3IEYKeL29J5-XZFC-wUEoLjpQSCpyERWHzg2WcsqxaDuLFpat614nZ2KypVnyGxgyHRGGunk1xoFjKVpZOQexzrhvcrVevmF-d56U4CHi4hEOhz4FQQPsj5KSmah-7A4Ii5Dlj2ert_gZcgCJ94wWjf1JfktlGu36wLk6VbjK0NVOmZAqw4gwl5EBInI8A6rM26lGDByghXx13PVgWGNSLNkGYq-1B8oi-QGPoVAXUUCfamgsTF2g9rb_gQGtfkESGL_gNQQJkmElAzLBpUDVAAXYjKS9dLuUpB2U0ksshMiO_lMotdTEye2rz4kdoNMbbSdqQJBOcnFJdIbHmnHHRVbkPqU5g1324gv3rVc8bYD9-4kbbPUgiIzQNTfBJ3cnJ1UNNNKG376ELiZaiodeUfkjENn_px9TYVez95pMSfUyrLcSIYJTy9nTiRUEOQKnL2A

Requested by

Host: 3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
URL: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B26F 0
23 B 110ms
63ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: phativetbuo.ga
URL: http://phativetbuo.ga/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Mar 2022 14:30:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
63ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021111701&jk=3192052688802293&bg=!3t2l3ZnNAAb7UztL-1M7ACkAdvg8WuIkjtAlDZRd1YKBOye1-136IU9D5A-pRU68JoUIApsgTl91rQIAAACAUgAAAAJoAQcKAFENsRp-YwlAkcZw0ZK_TZbsKg-IGUoiGENqp7zFzVEfXch6VhQOP-CXaT9f9qvRyHfWHeO0VMMd4JuSok4SYmL3fS0iFSrMVySHZ2F1l-C9fcGZAr69PQp4H7Ifexr4IEx25NyDw73oXbPOnbvPxQ5gQrZ-HiTzzwvKSKGtOOmftCB2g-pExK3sJJbecv1Q6WlpyOYoh6Mo2-4B8tOGkgynqokqjFxmUISrESwfpAmh17wdSpy_kFETAOIaIqVBRXthmrs2HXr-rHKaEM0jhZD8nTbpwS1hGrBHWpDemiISICt5yJKftxG09JmjfyDDqQ01R6fV6Zw4XzRo8O-M_xyUH28d5GsRjU7knjF9WP2lJ86cPerW1NJ4VA-9S96XEYJWDVsEFjJBRpeAVZJgVrrZBLav28b9-QV0xQQGIPb_HmFfcNhxBbAWm5O8EJ_rDFHq1IndP4-1YCgSaCd4snlU6uYg_2pEuvZkN1Fzq_eyYoTsgu340Xtm-iakrpKCcFfZKoWZ8_ez_GA45J73HSRV8uS4t9uEUwrI3YCFZTrTdAM5hJtTPYli0Pp29iGul0cVcjjk4V40VBFsLikccv9QeMm3XmZ-kIIW9_dmL2ZnRBxErz9rCLZiqFHYDczfryMEDZeURxYaabFynNB82K8BLN0hIHnBIhORAtyCOKV2eN0pLLsT5j04ZrkUovW0EzLB40HJZtL2YQDEhInAwSdv_EhOdAW2kkVE7jTZk9GrOfJGNyheC3tYpq-bJKjomYIxe1CIVf82nJXmPfWeggS-nFLEnMEBApscLVrhdRRMgE_X57aCqfEU72h5KuK2pwlnBCpGC53EFDWG7lPIuAMLRNJ-FKa_THNa5rc58QzETZObU4GfhVx_i3uW57wvrC3FkBGe5fX5A2gzyWsX9wgboMLOzHKlJYU3Xn1mnUUACTZRLOlF07pVcAO49lB67JqV0PcGhbon6IdLKfMelixs6fsCBSZd-08bSdJVDnbUy4CRcwtPsUnFvDHCuubBFMyatBz30L9x3WCWOrgS2mNBUdM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B26F 42 B
64 B 112ms
68ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst534LpKa7qXCJgLj-g-6AhoJ_1JBRAYntQrS5Xgzvt_R_UHrbHUguxvj_gWOLDjxYsh6Pxk44x_xJl08vNNHr9bz_QP9jtX9eisZispzWeLBurVOQv7Q&sai=AMfl-YQO-16_XpGlITfs7K7QC8Gmn64-wD6NB13TDueo8AMEFx02wFq5af1R_booe4CZRuYNort1PeeJ7YGaRjn7vDssZp_YG7wFshlgU7S_Efn503MTslzeX25nZ04m&sig=Cg0ArKJSzBchM3h4OSydEAE&cid=CAASJeRoI3QDGMCFFGHZPFp1_eOPc1ESCsuQdnB_MEjVF9evr2827YU&id=lidar2&mcvt=1000&p=983,1316,1023,1357&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2053822233&rs=4&la=0&cr=0&vs=4&r=v&rst=1646922611762&rpt=343&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 StenaSans-BoldCondensed.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 15C3 36 KB
36 KB 49ms
48ms Font
font/woff 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-BoldCondensed.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

402255b20b4b0f135e6e6fce45c65b8e5834d844c1a7a477869d9cdc8d659b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:25:22 GMT
x-content-type-options: nosniff
age: 291
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37336
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 14:40:22 GMT

GET
H3 200 StenaSans-Regular.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 15C3 36 KB
36 KB 39ms
39ms Font
font/woff 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bd8b222126e1ce1d7523b80a44c48834a64dbe1d9e9bd6a681dea5fc984d6c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:18:22 GMT
x-content-type-options: nosniff
age: 711
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36956
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 14:33:22 GMT

GET
H3 200 StenaSans-Light.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 15C3 35 KB
35 KB 43ms
42ms Font
font/woff 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-Light.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15c6681347badf59c693dc0c6a5b00178276d749eb98ec1f6cb28ab0578b1e4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 14:16:13 GMT
x-content-type-options: nosniff
age: 840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35760
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 10 Mar 2022 14:31:13 GMT

GET
H3 200 300x600_GSH_F1.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 15C3 101 KB
101 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:04 GMT
x-content-type-options: nosniff
age: 114490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103654
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:04 GMT

GET
H3 200 300x600_GSH_F1.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 15C3 101 KB
101 KB 39ms
38ms Image
image/jpeg 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/logic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 06:42:04 GMT
x-content-type-options: nosniff
age: 114490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103654
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 06:42:04 GMT

GET
H3 200 300x600_GSH_F2.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 15C3 90 KB
90 KB 43ms
43ms Image
image/jpeg 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ea17f5a25189f1f44733a56e0647428ac7f6649ae4510913da362892f591b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:20:05 GMT
x-content-type-options: nosniff
age: 108609
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92118
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:20:05 GMT

GET
H3 200 300x600_GSH_F3.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 15C3 32 KB
32 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c17653e2697cf613a91b201ad77591722e6524aa383004b55f697aecd7674bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:20:05 GMT
x-content-type-options: nosniff
age: 108609
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33211
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:20:05 GMT

GET
H3 200 300x600_GSH_F4.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 15C3 56 KB
56 KB 46ms
46ms Image
image/jpeg 2a00:1450:4001:800::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F4.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4c71058570b7caf1144c2d3b228abe1d3678a482a78e0a6c0509e0c2848d1d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 08:20:05 GMT
x-content-type-options: nosniff
age: 108609
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57660
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 08:20:05 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2108353917&t=event&ni=1&_s=12&dl=http%3A%2F%2Fphativetbuo.ga%2F&ul=en-us&de=UTF-8&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitTime&ea=Timer&el=%3E%205%20sec&_u=aADAAUABAAAAAC~&jid=&gjid=&cid=224180869.1646922611&tid=UA-8969414-2&_gid=366963580.1646922611&gtm=2ou370&z=1163353685

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://phativetbuo.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 03:42:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 38863
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 46ms
46ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-76JW1KVZM8&gtm=2oe370&_p=2108353917&sr=1600x1200&ul=en-us&cid=224180869.1646922611&dl=http%3A%2F%2Fphativetbuo.ga%2F&dt=Gdzie%20inwestowa%C4%87%20w%20Gda%C5%84sku%3F%20%E2%80%93%20Wiadomo%C5%9Bci%20Nieruchomo%C5%9Bci%20Wprost&sid=1646922610&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=G-76JW1KVZM8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://phativetbuo.ga/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 10 Mar 2022 14:30:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://phativetbuo.ga
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.deep.bi
URL: http://api.deep.bi/v3/init.js

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEIo7Dje61qRPIuiQ8OWsT4I&google_cver=1&google_push=AYg5qPLYhQLR2xrc22LLVvA4_iO-yvla_h9gDIqtSdNl9Tlu58WACqv9KyrEXvjf80PiU59gOcEfGbLAFR6fllyOjv4DOZ2uS0gg

Verdicts & Comments Add Verdict or Comment

339 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.phativetbuo.ga/	1970-01-20 03:38:18	Name: _fbp Value: fb.1.1646922610830.1337493375
phativetbuo.ga/	1970-01-20 01:38:47	Name: __oagr Value: true
.phativetbuo.ga/	1970-01-20 03:38:18	Name: _gcl_au Value: 1.1.1196063126.1646922611
.phativetbuo.ga/	1970-01-20 10:57:30	Name: __gfp_64b Value: oDmwG3quudeZtF36IQXuxO.VVrGzn3HTq1HBVIl1jTv.F7\|1646922610
.hit.gemius.pl/	1970-01-20 01:38:47	Name: Gtest Value: KlQUBMGGQMGGE-UFTUmw8aRissGMXP8c25nSGLsOjiMAgp1isG..
.hit.gemius.pl/	1970-01-20 10:57:30	Name: Gdyn Value: KlxSQMGGQMGGE-UFTUmw8aRissGMXP8c25nSGLsOjiMAgpMiGsRPIQlGvGQpjFg8SLS8RgTSFsCBI8l8MG..
.phativetbuo.ga/	1970-01-20 18:59:54	Name: _ga Value: GA1.2.224180869.1646922611
.phativetbuo.ga/	1970-01-20 01:30:09	Name: _gid Value: GA1.2.366963580.1646922611
.phativetbuo.ga/	1970-01-20 01:28:42	Name: _gat_gtag_UA_8969414_2 Value: 1
.doubleclick.net/	1970-01-20 10:50:18	Name: IDE Value: AHWqTUlMImREDQ4Wamp6rCe5pPxkNiPTQ_8RWp_odfmcdJqUi01dUqssfJeGQRrXOZA
.phativetbuo.ga/	1970-01-20 10:50:18	Name: __gads Value: ID=fe43a4ea45f00f22:T=1646922611:S=ALNI_MaOgp09OLA854Nst_CLRdmDfbTRGw
.phativetbuo.ga/	1970-01-20 18:59:54	Name: _ga_76JW1KVZM8 Value: GS1.1.1646922610.1.0.1646922611.0
.adnxs.com/	1970-01-20 03:38:18	Name: uuid2 Value: 4783806944061817670
.casalemedia.com/	1970-01-20 10:14:18	Name: CMID Value: YioLdNqCZ8DMPMy.L1N2.QAA
.casalemedia.com/	1970-01-20 03:38:18	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-20 03:38:18	Name: CMPRO Value: 1184
.casalemedia.com/	1970-01-20 01:30:09	Name: CMST Value: YioLdGIqC3QA
.casalemedia.com/	1970-01-20 10:14:18	Name: CMRUM3 Value: 2d622a0b742760CAESEHILR7Fua-66KU3YRycNS7Y
.adnxs.com/	1970-01-20 03:38:18	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il_rAiyp!]tbPl1M>e)ZlrFUfJ+tGXxpCKN>'J`ZOZG:`:y>8z-?:DA5[vc?0*P1omTs3If)y3KL9D3I?+QZa`KY
.3lift.com/	1970-01-20 03:38:18	Name: tluid Value: 72456951456813147849
.travelaudience.com/	1970-01-20 10:58:57	Name: _tracker Value: %7B%22UUID%22%3A%224C4174F1-A4AE-43BC-A4DB-01788D445178%22%7D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://phativetbuo.ga/(Line 814) Message: Access to script at 'http://api.deep.bi/v3/init.js' from origin 'http://phativetbuo.ga' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: http://api.deep.bi/v3/init.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://phativetbuo.ga/hits.php Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3773badde4fb7669c2c8efc2f83a15a4.safeframe.googlesyndication.com
ads.travelaudience.com
adservice.google.com
adservice.google.ru
advice.hit.gemius.pl
api.deep.bi
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
eb2.3lift.com
get.optad360.io
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.wprost.pl
ls.hit.gemius.pl
match.adsrvr.org
pagead2.googlesyndication.com
phativetbuo.ga
s.ad.smaato.net
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
api.deep.bi
google2waycm.netmng.com
13.248.245.213
142.250.181.226
142.250.186.130
142.250.186.34
145.239.237.56
184.30.20.241
185.11.128.207
216.58.212.130
2600:9000:2156:3200:1b:5138:8a40:93a1
2600:9000:2156:d000:11:a4de:2580:93a1
2606:4700:20::681a:f1b
2606:4700:3030::6815:5912
2a00:1450:4001:800::2006
2a00:1450:4001:802::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2001
2a00:1450:4001:810::2004
2a00:1450:4001:810::2008
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:400c:c06::9a
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
35.190.0.66
35.71.131.137
37.252.173.215
0643484d67311199055be01407f32b3310fec6a59fe9e85107ba5f41f19a2cf2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0de0e82f02cff4ee5a100bd6b64339aebc721725a70f6c298d27f92e180c5cf9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11ea17f5a25189f1f44733a56e0647428ac7f6649ae4510913da362892f591b1
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a
15c6681347badf59c693dc0c6a5b00178276d749eb98ec1f6cb28ab0578b1e4d
1a064b735b498e6721dc8bdd21a0a5efbcbcbe9df3b8ebb2a5ff7cd359536117
1b019dba654b6a670ff83612cc866453fac6b389c1da4832159f340ead53081a
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed
22e730c5e58a487c838bda5b1a08e1b2a0d537371c08d4a01c56593ed8160ee6
24fa35573d7e0db487ed379dc1ce2d72776d89129804568e1e5d1dccdfd3a27d
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2aedd5bda1681ba0b370f3cdc24fc9f81a05c16f1c1b675a042e25c029c35b34
2d16c6bf2e25e475f0971bc6e839faa49e350a764a9e760053b613a0aab1d5f6
2ea665fc0455d38b414a5a31a72f3a8e3a3054b6d3f224d73d5d9057f6b2d3db
331e14f7226ecaea46e85f54db23f4e7a434969120e39c1a54a8087807ddf830
35afb774f93baadbff26bddc324582f3ddb6709f1ee3ed7dca47392db7fdc981
3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241
378b5bfbc7db6b4e2e8fda7f47142b3dfe517c24b722bffea025fd2a7037b91a
3932943c42751eb7007d21192da9999a6ee0bd453157a61b0083c13836875912
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
402255b20b4b0f135e6e6fce45c65b8e5834d844c1a7a477869d9cdc8d659b5c
41f10427ad792c9c8fc94c5296cc54f9bea7f5d92f4772256bc4c8d31d0b1f7e
42029e6774581c9691e7a855bab8e412602160a2592cb13574e6a9b9e0f390a8
42b21abbca1944f3630cf12ce218a16eed50f9673faf100047ca61341e318b80
44f55fc4cdf17da0734753647e761e6ffb58847efb5a91f6d460147abe38b471
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
4a27b4b2b32cbf52d489b471a6a59b03dc337d66ae6d8f69e2077eaa551279c3
4acbd290943ec69e1f0f1af0d3a7c799ce09c0a89a0bfe953fb3503a1320355f
4b11e672019da3b17bf5c57d6033e55d8a9de737f46dcc9faf137b0a34d68666
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c84629456a70df1137ab4bdcddba32050a2524568912630c2538746cbbcdc51
4de28a05e0b438d5800c7dd1345e0ec1a63da96a9e2ad0a65d43203cd91d48ed
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52477aa6aed89e60ae9aa05f9d5ad89c87d39eef6f50ae0844ec2955b9d540ed
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
544e825b2f929afaf5d84354bed769874fa5e375e07815c7d0a2675f7df3420b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c
5becbc936c15ff90857967205040c247e0f8a58b4fcbac94763ed3a61e059210
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c
5f416547d36ab9ef1af8bd30eb509bd63c961ffe240096d7bc6e4a9162eb10df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6418e7fe77ab785ac95beceec33fc8bfd67470a00a161240460e231d5c719062
66d40d6d50a3a93dffb20255fecae710778d487d96aca96983fe32033309e72d
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6e13e58861d0d8000aa6c0b58204094359a1614ab079848ba8ba3a7f06028066
6e8da9c93695d9066c06a0ff4ad814559e5c186cb7fc93e31a499183e14cdc92
7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31
779de053872046185bd650f7e2ffb8b4f1e0ee5f9b2bc73711dbf00f2abc6b28
7c17653e2697cf613a91b201ad77591722e6524aa383004b55f697aecd7674bd
7d6c3674785d0db6ea9c952d6389ad37ac07753cd0161fb0b6f7e0081153f316
7e00f75870cb800fca43f3eb0ee2921b596508ab55b3827c94f4a99f560de755
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2
8067ebedbe560e9197bd73675a916a0c8608c981bce15196838492731565bcbb
813d68061248785859a089791ba33f25cf9e90e565fa62e5848d88224fc00e9d
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8bd8b222126e1ce1d7523b80a44c48834a64dbe1d9e9bd6a681dea5fc984d6c9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d8aa9c2c3798099cba43890c7808bfb34b70dbc853177ef287b50bc28161911
8f4908ec3978695cebf3b35e59ddd7f8c8137bd9e9013aae2ff2a460f46de999
919462eb23533d6a32db8faf732b4d7dafa39f69d32bff2a6905748fedf47bcb
947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769
957266ec388dc7ffa6e940fd9bb1cf47da4fef33ca7525ae5a9d161a85634b2f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c7543f17ece99c6b9fc15cd93856cf12e5f8945284a5dbeb926bbb4ac81be73
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ab106619cd53cba1c09e1b3aedcf87dc90958fef3b886f9107a0ae94f5dd7733
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4c71058570b7caf1144c2d3b228abe1d3678a482a78e0a6c0509e0c2848d1d0
b872b4ad2e649961fbf3cdc43966716bd820301634adebaf5329c1aa22a1f7ee
baa6d09662c76b0fc60c27ba857a06d73dd05832482c879f241533d323c0d678
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
c01351f6b65ecb4efde549618c748755dec43b369bec2897260f7f4ec05aebbe
c49825547fd709c80e5e3dcc0258b6de3b7465d27f5af3d4af76a049cffc685c
c79b7506033f731f036b8c0da54494d539ddb31a06a0266c6189a4990f1d13cc
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
caa81f1533a82fc6e6c5e7384fba20b5c482c4679872d3765e396c3190cda627
cc450ca6f3818ff2ad8eae3a10277a1018c541e862cb5b9a34466a813e544bd0
cc90c72ea9e4538b030bfb70b79ed634db778d4691895317515d6bd9b874fff2
cf2e03274c8ff5dd0d49b6d89cb80871d704020afded1027c7242d12e8ecbd29
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0919849cbc3e870384df1fc4e72312ee8f272205f80bec14d29551cc8b44c95
d0f0e05388d35c2e201d645933f5b2b7e53fde8630bdfb59f514fa1e80885f45
d23c6c35e02d267d4ce46c0e9b197720d883ac35a6f608393c9964ff5831d603
d7c4b870733c836a4e6688f1d748901c9b766f678418dd321a4af64de93e20ec
dac546a5443b93722ff9cebc3f80a43a5ccde481e94f7da9221507902dbf218a
dc6aa291217a39c090896ceca42dde661767f883062d581a6074b3c27b72d6af
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfd232c074ebf651fa2233a2b8a04a4210a691fdf1e6e829539817c176d257b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9bb01299987dc27fcd7e93156f24b6a0ec18c614dd3541fcd522946920400dc
ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6bc03a26bf3dbb80a22a2eaf54523f07a7aebac158bcd69d58bd5a13cc9351
f2649db29712c0b6bb0702c7c4b1187b10ec39f238ddee4f17a614fa64ce31f3
f4231e6435e26e6cbd926387d7d59bd67745bae47173ffc868631c4138d80f55
f558a9a6eeef180607677837bb37b6fbc068d907b89e35f694665e96eb816c81
f8b3082371bd6a0093087b633647e5a3f3ec1ef0e97e982814f86821f8512bfc
f915c4be56a1b574437ab72eab9b2620bdd40648a2ff73cc584016b4526b738c
fd5e88b0f2cc6fb839016d92d209e99cefce24f4ff6bca4c5ab02bc8c2b1ffe0
fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

phativetbuo.ga Open in urlscan Pro 2606:4700:3030::6815:5912 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

145 Requests

61 %HTTPS

63 %IPv6

24 Domains

32 Subdomains

28 IPs

5 Countries

2372 kBTransfer

4792 kBSize

21 Cookies

21 Outgoing links

Redirected requests

145 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

phativetbuo.ga Open in urlscan Pro
2606:4700:3030::6815:5912 Public Scan

Screenshot
Live screenshot

Full Image

145
Requests

61 %
HTTPS

63 %
IPv6

24
Domains

32
Subdomains

28
IPs

5
Countries

2372 kB
Transfer

4792 kB
Size

21
Cookies

145 HTTP transactions
1 data transactions