elcorito.chat Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://photo.hdd3.one/VIEW-PHOTO_txux21z7k
Effective URL:
https://elcorito.chat/
Submission: On November 27 via api (November 27th 2023, 11:25:57 am UTC) from US — Scanned from DE

Summary HTTP 157 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 34 IPs in 4 countries across 22 domains to perform 157 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is elcorito.chat.
TLS certificate: Issued by GTS CA 1P5 on October 4th 2023. Valid for: 3 months.

This is the only time elcorito.chat was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	170.10.160.83 170.10.160.83	32748 (STEADFAST) (STEADFAST)
1	2606:4700:303... 2606:4700:3032::6815:487f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:1e0... 2400:52e0:1e00::1082:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2606:4700:20:... 2606:4700:20::681a:407	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1 12	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1 1	52.51.176.114 52.51.176.114	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:d200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
6 8	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
4 8	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 2	52.50.106.246 52.50.106.246	16509 (AMAZON-02) (AMAZON-02)
1	85.14.248.71 85.14.248.71	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
2	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
4	108.177.127.94 108.177.127.94	15169 (GOOGLE) (GOOGLE)
1	74.125.133.155 74.125.133.155	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:28::a	15169 (GOOGLE) (GOOGLE)
157	34

1 170.10.160.83 (United States)

ASN32748 (STEADFAST, US)
PTR: serverchat24.com

photo.hdd3.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:487f (United States)

ASN13335 (CLOUDFLARENET, US)

huevopollito.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

elcorito.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1082:1 (Germany)

ASN200325 (BUNNYCDN, SI)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:407 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:88d (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.176.114 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-176-114.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:d200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.101 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.106.246 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-106-246.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.71 (Neukirchen-Vluyn, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.177.127.94 (United States)

ASN15169 (GOOGLE, US)
PTR: el-in-f94.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:28::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r5---sn-4g5lznl6.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	546 KB
27	elcorito.chat elcorito.chat	734 KB
25	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 ad.doubleclick.net — Cisco Umbrella Rank: 154 bid.g.doubleclick.net — Cisco Umbrella Rank: 802	191 KB
11	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 300 gcdn.2mdn.net — Cisco Umbrella Rank: 1173 r5---sn-4g5lznl6.c.2mdn.net — Cisco Umbrella Rank: 494470	289 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	84 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	5 KB
8	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31 imasdk.googleapis.com — Cisco Umbrella Rank: 447	230 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	5 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	361 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	191 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 131194	1 KB
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 736 static.adsafeprotected.com — Cisco Umbrella Rank: 587	706 B
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 14674	3 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3035	49 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11905	60 B
1	amung.us whos.amung.us — Cisco Umbrella Rank: 16137	183 B
1	waust.at waust.at — Cisco Umbrella Rank: 39728	4 KB
1	huevopollito.com huevopollito.com	652 B
1	hdd3.one photo.hdd3.one	591 B
157	22

	Domain	Requested by
30	pagead2.googlesyndication.com	elcorito.chat pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com photo.hdd3.one www.googletagservices.com
27	elcorito.chat	huevopollito.com elcorito.chat
21	tpc.googlesyndication.com	googleads.g.doubleclick.net photo.hdd3.one tpc.googlesyndication.com imasdk.googleapis.com pagead2.googlesyndication.com
12	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net photo.hdd3.one
8	s0.2mdn.net	photo.hdd3.one s0.2mdn.net googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
5	www.googletagmanager.com	elcorito.chat www.googletagmanager.com
4	csi.gstatic.com	imasdk.googleapis.com
4	fonts.googleapis.com	elcorito.chat googleads.g.doubleclick.net photo.hdd3.one
3	www.gstatic.com	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net photo.hdd3.one
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
2	r5---sn-4g5lznl6.c.2mdn.net
2	www.googleadservices.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	ad.doubleclick.net	photo.hdd3.one
2	imasdk.googleapis.com	photo.hdd3.one
2	skydeutschland.demdex.net	1 redirects googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	photo.hdd3.one
2	region1.google-analytics.com	www.googletagmanager.com
2	images.dmca.com	elcorito.chat
2	netdna.bootstrapcdn.com	elcorito.chat netdna.bootstrapcdn.com
2	ajax.googleapis.com	elcorito.chat
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	m.exactag.com	googleads.g.doubleclick.net
1	static.adsafeprotected.com	googleads.g.doubleclick.net
1	pixel.adsafeprotected.com	1 redirects
1	whos.amung.us	waust.at
1	waust.at	elcorito.chat
1	huevopollito.com	photo.hdd3.one
1	photo.hdd3.one
157	35

This site contains links to these domains. Also see Links.

Domain
radio.elcorito.chat
www.dmca.com
www.google.com

Subject Issuer	Validity	Valid
photo.hdd3.one cPanel, Inc. Certification Authority	`2023-10-02` - `2023-12-31`	3 months	crt.sh
huevopollito.com GTS CA 1P5	`2023-11-18` - `2024-02-16`	3 months	crt.sh
elcorito.chat GTS CA 1P5	`2023-10-04` - `2024-01-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
images.dmca.com R3	`2023-10-26` - `2024-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2023-08-22` - `2024-09-15`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-11-14` - `2024-01-23`	2 months	crt.sh

This page contains 20 frames:

Primary Page: https://elcorito.chat/
Frame ID: 7CCF32025A03AE5F7D9C711290EEDC97
Requests: 58 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_inhead_fy2021.html?hello=world
Frame ID: 66FEAF72D59189912D40F52FCC2F9285
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&adk=1812271804&adf=3025194257&lmt=1679708750&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Felcorito.chat%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~6&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352113&bpp=4&bdt=366&idt=379&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3172985720591&frm=20&pv=2&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=402
Frame ID: 3FE98623287C2CEF299FEBB459907B8D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410
Frame ID: 6E985420690C49BBE069159404740C9B
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414
Frame ID: F7C9471B75AF1163B40E19DA8D427E79
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGLjHnv0BMAE&v=APEucNWqkuRTxkK2wjfNGFqLVS3kLpVEfzoKxxGeHf95G-MYO9nPqceBHMyTm3qq3r4JbALDIebcuDKi8gFyWuq4FdRdonJAs6K5YlAtRU1_Nz9vD98YRwvI0esHKDoolNCrDLiC2684OTnIHIKIi0D6NKAfGoGkKyQzczKZCVH8nj5GZl6Jnlo
Frame ID: 37A6D42CC15DF5504BC3189D98622467
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: C9EB8324FD09840312033446D9894170
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8161E8FFE52E13C77E594EF286147E21
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
Frame ID: 18BF62C972971C03BE3EDBCC3CCBDCB9
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1
Frame ID: F0A2C030AE1AC370B9DEC1C89B23F3B3
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1
Frame ID: E47A1D1CD51DB35D3875F3151E05E73F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: D9D0B09C149E8733E7FEB18FFA1F94EA
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B05555362967EACFEAB7837BB6F78E05
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COKX54oFEJva0bIFGJuYtf0BMAE&v=APEucNWiQwmlRO2epZDCQIuWIhf_EjFk7SIv4wE30que-xBqdXNK3QZ0E1GGoXoeLoQ3Vdi7xlMlfzbzMmWAHuYmkZ00Als4rDl1tJMfOx0qVioRsY2GqYIYP8pzemPpYCnRCS2tFYBi7OsGsKj9-GpDmOScPm_32Y12NSKv4F6Pk5n-euELtwI
Frame ID: 42386C41E14CCA259B4B2721644B8D67
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: 67F94C666B18BAFA71C4CAC45CC04345
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 57974C8D6C50AF0A77E3FBE18B086984
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Frame ID: 8CD8CDF77757CBAAF9E877B662522773
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 2570A28009D4A1121B629D307BEA7F7A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36E48375BDC02C01CFACDEA549B1B522
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 91844957F6FC84E4A33E48776027CF76
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Elcorito ▷ Una Vaina Bien! |CHAT DOMINICO-BORICUA|

Page URL History Show full URLs

https://photo.hdd3.one/VIEW-PHOTO_txux21z7k Page URL
https://elcorito.chat/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

157
Requests

92 %
HTTPS

66 %
IPv6

22
Domains

35
Subdomains

34
IPs

4
Countries

2709 kB
Transfer

6607 kB
Size

22
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://radio.elcorito.chat/
Title: ¡Chat y Radio Dispositivos Mobiles!

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=b79b6e7d-3d96-4b3b-8f80-3c7363e77180&refurl=https://elcorito.chat/

Search URL Search Domain Scan URL

URL: https://www.google.com/intl/en/chrome/browser/
Title: Chrome Browser!

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://photo.hdd3.one/VIEW-PHOTO_txux21z7k Page URL
https://elcorito.chat/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://pixel.adsafeprotected.com/rfw/st/1676726/76430573/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014760199&ias_pubId=pub-4896375881595114&ias_chanId=1&ias_placementId=20761493732&bidurl=https://elcorito.chat/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gSP2zs0ZRF-AsN1Gq0yYRs HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

Request Chain 65

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1&C=1

Request Chain 66

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWR8weWYzLyiEJP-Mf5C7AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

Request Chain 67

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMKFU11dS-6oWJPymhruj7M%26google_cver%3D1

Request Chain 68

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDI2MzAzNTMyMDY0OTAwODcwMA%3D%3D

Request Chain 90

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_consent=

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

Request Chain 119

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWR8wQE2cHucARbXonT5aAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1

Request Chain 121

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4NTE4MjMzMDE4MDMxNDQ4Nw%3D%3D

Request Chain 127

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 131

https://googleads.g.doubleclick.net/pagead/adview?ai=ChKLFwHxkZfyxIceXgQeH1q_YA7PHsKNuvdDk_YAM2tkeEAEgv568IWCV-vCBjAegAa6YiqICyAEBqQJ-8f9UZ12yPqgDAcgDywSqBMgBT9BkcXWgnpanXbP9AZW4r4-eU3PAZaXg3_PsTVUHr6Y1zVFuh9JS6etw4XQp1ULMQ58aOasmkVqS0BSiQiPZqkYQbHUKLhCNmVHLsWGY-TP83I4jnQ8dNpZy0m-LAr8BHMtI6ge3PTCOSstVnCDqfT-Sb31nAO-_Xu4fHpo4J0t3n99EZcf9SEMYUDYI5lpAhQ9tbwvx_ZhH8lTPCUDh-e8lC8gF9KDINMQBpJp8aLk1s_65QCMJYMZiYzoyfgsph2CvZ2PhiLfABNnPv5qIA4gFk_r5jCiSBQQIBBgBkgUECAUYBIAHuuf13QGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBD8tivSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkgaHR0cHM6Ly94Y3JhZnQubmV0L3JlZ2lzdHJhdGlvbi-ACgHICwGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQLYEwyIFALQFQGAFwGyFxwKGggAEhRwdWItNDg5NjM3NTg4MTU5NTExNBgA&sigh=KQ7_FIRfFK8&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaN3IDPm5I5TRP4pIeIWltH1FXnbdmtI9IvHqhzRg83QqVqSqrESFfc3d_iv544OnZUAnuTCIh9wL3uuonyxJy27ticuLDp6akT_BgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212313530094972327403%22,%22debug_reporting%22:true,%22destination%22:%22https://xcraft.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22608341038%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223185333925843657793%22}&andc=true

Request Chain 137

https://gcdn.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/9EFB82BE01BAEDC2680EA91347F84577FD285C3D.38881840F3115B3B2633D601B0B6BD3A81DA6B39/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0F268DFA9BC8EA937D5441B4D9090115A7B70ADA.735CD1B0F46C09D5485A4E35E110F5B75D989FAF/key/cms1/cms_redirect/yes/mh/sm/mip/2001:1b60:2:240:3247::9/mm/42/mn/sn-4g5lznl6/ms/onc/mt/1701083399/mv/u/mvi/5/pl/29/file/file.mp4

157 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VIEW-PHOTO_txux21z7k Show response
photo.hdd3.one/ 768 B
591 B 412ms
121ms Document
text/html 170.10.160.83
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 170.10.160.83 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: serverchat24.com
Software: LiteSpeed /
Resource Hash: 9a0493c889c58b96e508431fc9eac773683d9839bcaf3c0feef44afec85b2733

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 347
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 11:25:51 GMT
server: LiteSpeed
vary: Accept-Encoding

GET
H2 200 /
huevopollito.com/ 40 B
652 B 477ms
394ms Script
text/html 2606:4700:3032::6815:487f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://huevopollito.com/?api=1&lan=teampara3&ht=1
Requested by: Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:487f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.0.33
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://photo.hdd3.one/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.0.33
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2F5LZF8zH%2BJfm7eR1qTQA7QX9glyxQCfP%2Fz1aVISq1J4aESqnzaSncJP1grGrfW%2FpmPN1K1XQtCoGZUjpTVFB98QyX1QjluEnt5i9jB%2BVntlMs%2FPw%2BY3niMksnzEEf8%2F%2BfT%2Fd3%2BoAmP8%2F0zWTfKX"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 82ca034afe589a41-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 Primary Request / Show response
elcorito.chat/ 22 KB
6 KB 158ms
71ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/
Requested by: Host: huevopollito.com
URL: https://huevopollito.com/?api=1&lan=teampara3&ht=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66625453601bcbcc54e1d678eb76162f1b117ea1d26c8bb2ad1aa8598d59d886

Request headers

Referer: https://photo.hdd3.one/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82ca034dfe6f37d4-FRA
content-encoding: br
content-type: text/html
date: Mon, 27 Nov 2023 11:25:51 GMT
last-modified: Sat, 25 Mar 2023 01:45:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGVpTZFCFAMEDBP5OCw83cp%2FV9CBrHYPw0iWu7lL%2BIlWqWjWBcLcZzMIIjfiWkMa3V959i4UBMFuevW88mSymD0x2emu7Do2Pir8%2FLp5VPh7KVnmpGSWR6Lz8ADOAlJ7XguF4uD6sPX8ZPTm"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 audio8_html5.css
elcorito.chat/ 37 KB
5 KB 32ms
29ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/audio8_html5.css
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1d4cdd9e85ef7e00db8d1c1ef6fe8e352628e3b528a2e247dd1b779444a6087

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 Oct 2018 02:02:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"938b-5bb18030-448c080;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGoAyeJezieNU8xxduGCGIiIh1nCeI%2FxpbaAMRAwh2vMAApFtW%2BhYJsqmnk4W31J7wJOjRubhWwWTWuLIDxfY%2BpBJbICFKmtrRGUSo7iA3856cjxCrjeZdzCKQserUSTTz3nHtZPaLwHVwY7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 82ca034e7f1c37d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.1/ 82 KB
29 KB 80ms
21ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.1/jquery.min.js

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e1354fc542b617c58cbba3aeb5116a528cf08bb1299f5dc7f3bc77a3b902b68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 01:26:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29443
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 01:26:19 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/ 233 KB
62 KB 101ms
41ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/jquery-ui.min.js

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 11:52:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84792
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63865
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2024 11:52:39 GMT

GET
H2 404 lastfm.api.md5.js
elcorito.chat/js/ 0
0 97ms
94ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/lastfm.api.md5.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GitW4e%2B6bHPjc0d1VFLOEsqbQU69fUW9caFUy29U898lIjk9J7Uz8neEQW1GDZLxVC4XpBZGHIosgKOzO52JR3j9IDQsLTu9xLHCv0OgoOVrHGW%2BrwgRL4WSOr5yPEgVQkDPu3eFdZC82v07"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 82ca034e7f1d37d4-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 404 lastfm.api.js
elcorito.chat/js/ 0
0 75ms
73ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/lastfm.api.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7mqA%2BVs4lcGMPsJGllNKbuYzYIs5tKnPpBkPRmLesNpvg12KQNZCu%2BQnTAAyrkkW%2FUCXdqrZzcTuO0QnjHfMV5v2L5NiyuKhsoVW06eVWVn1BA8VCex7w1BZXxIwq0cgbMHM74EUndprF2x"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 82ca034e7f1f37d4-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 404 lastfm.api.cache.js
elcorito.chat/js/ 0
0 79ms
77ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/lastfm.api.cache.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mar%2Fqjy6m1am79gjL%2Bl5s5PSpVVFFbbmv%2BZpwHvCx500epl04uWjs7uehqJ63cLiWxICJfmwhi74wW5k4fZ4kItcr0%2F8pUPq8LthMPBo5vraCAkc3YirymROpA9cT2KL6VlEkZ1I752AWIRg"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 82ca034e7f2137d4-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 swfobject.js Show response
elcorito.chat/js/ 10 KB
4 KB 34ms
32ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/swfobject.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Jun 2009 04:14:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"27ec-4a308488-17e1680;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBNPj8yiAmLl5P4RDPujpQ7r2jeMRdk9PTEJflk70gb4wkacvbkmHdaAAgV4EctdIZF6Cy5N2fraZr6ftYn0kYVhGrOYKoJ6FjZ%2BMppkkqSo2u2j9%2FqwANmGwXJ%2FDGZRnRJKvPB3DXIhkV9m"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2737d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
elcorito.chat/js/ 1 KB
1015 B 35ms
33ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/jquery.mousewheel.min.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8104390115f92b27003b1e4e503ef59343ccfef4ac19751093544e8cfaeae26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 26 Jun 2014 07:11:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"570-53abc7b6-17d1bb6;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6LI8d2Tf40lrwAJk46rQWdKZiaZEMqTGTkfZpxLpSog1bfg97AvXcDlYg4MGb4X%2FGsSkYUgD1%2BqSZTCu1zItVYq8w170%2BuTDqTfm4uIDf4UIPP0rpAbUHkZg%2BSWxZlAw1mM9AhAIVFa7FFC"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2837d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 jquery.touchSwipe.min.js Show response
elcorito.chat/js/ 11 KB
4 KB 39ms
37ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/jquery.touchSwipe.min.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ab340987711378e8cb5582b1f97f6938037712213396d8e7c7f8fa7b1ab4e5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 04 Jun 2014 05:05:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"2c99-538ea91a-17d1bbc;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YtkDouxk5JYIC47nIxBdCvaHPTlSl6lMV2EPyu%2FTGFYI9vwrliNE3ZrAyL7%2B8zBLdljImNgWq5mHTeVi%2FIkWOKoX4X0ecabqejiOMmL5NzCVo4%2FAW2bcPFrcNAYDYx7KoYEZ5W2VSJwxAcbP"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2a37d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 audio8_html5.js Show response
elcorito.chat/js/ 57 KB
13 KB 74ms
72ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/js/audio8_html5.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3039294d93ec76b04b90caa559cfb3e21a2aea6707455068d28e23c9530c522b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 28 Feb 2020 10:35:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"e43a-5e58ece0-17dd81f;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lGPGIMw%2BXgyE%2FcccfSoroSIPR1%2FZPzay%2BaTWXl0IeWUYkSbTGEHkunTKAVJXdbdBsI7R4T%2Fhk1sVLHO7VGwOwJxnsG5Vwder20YosVrs5gUXnA0V5NJvg94iSusqpNlFdA%2BjRF%2F6qiwZYwi"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034e9f4c37d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 bootstrap.min.css
elcorito.chat/scripts/bootstrap/css/ 97 KB
17 KB 37ms
35ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/bootstrap/css/bootstrap.min.css
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"184dc-5e736f78-286312d;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CKbGNmK0%2FSYHfdJCW3Uh1WkG316PLQ1hnIx9HQqIizE3ihZglpaSEzKOmjHq1VmTI5%2B30Bb3pkxeanLO9EmADOQdmpOGX8D4pNNMD4bgElORhAKEba2LZF%2BFJmUZ09ob7EfQo8X6Y%2FBdrl0N"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2337d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 font-awesome.css
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/ 21 KB
5 KB 92ms
28ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3083e8d3b21ddc3f0e6d65ec3580aa6edfaadca5d9737d9caa27e6a233e1ccf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 756
age: 1504503
cdn-cachedat: 09/09/2023 15:04:09
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"1f9e9d1a5a1d347d945ef4b7727f2ea0"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 712ee4b3c17826367971d61ec7639739
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 82ca034ede4a049b-FRA
cdn-requestpullsuccess: True

GET
H2 200 stylesheet.css
elcorito.chat/assets/ 22 KB
6 KB 34ms
32ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/assets/stylesheet.css
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 263e0ef22df06639af1fa219ae0ab49beff0ea390f9094ec777565f7256f86db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 355081
etag: W/"56e5-5e736f78-8c2f84;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kYT8qs1QrCnr%2BelqjaGRtkDaG1UF2UgOca4iH9z0gGigktPtXxJSFJA%2BINFSDySAyzAR7ljXCKdWkzPAD%2FpJkTbg5BalZO6UDkiTQo5Pp5RPDcuBkqTHhr7siON3CAe1XUKF91aiYIm9c7eX"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2537d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 08:47:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 86ms
28ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Archivo+Narrow|Source+Sans+Pro:200

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4a19e0ee3e786d1c1edc160a4e6255b0096d70e9b0585d4b1a3b91ed09149a4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 11:25:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 11:25:51 GMT

GET
H2 200 simpleparallax.css
elcorito.chat/scripts/parallax/ 749 B
630 B 32ms
31ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/parallax/simpleparallax.css
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a29a4c0bb4e5f3a765e711bf3463e29253bc45137107b05bfac1f5436c803da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 264029
etag: W/"2ed-5e736f78-4461d93;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nffbrm7g1Dm2kdejEiShZFUp92XZ%2F8xaUcug8q8HodrnV34JHJ5Fcx0UbZGusk6TfGg92OcGuXyJLYgAwiqD9IaZ4ftx3akoO%2FaGruB1X%2BJR%2FOIVkTp0rgRqzUexlmmvDNGs0wjgSRSDvNUG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 82ca034e7f2637d4-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 108ms
32ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-144973325-1

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

274953991926d3365a516cef237a4e64028fb4026b1797c48c164eb0dd12ba3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68717
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 27 Nov 2023 11:25:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
52 KB 165ms
87ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f18bd6987c0e1bfcb7f35d652081661af092513d992929f108617f10dea97fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52924
x-xss-protection: 0
server: cafe
etag: 250544860516120486
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:52 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 133ms
58ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-156928160-1

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

39b426bb29c085d4a324a01713205766e9da309c4d430b12a546e561d8d911a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68712
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 27 Nov 2023 11:25:51 GMT

GET
H2 200 todosconwebcam.jpg
elcorito.chat/images/ 173 KB
174 KB 53ms
52ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/todosconwebcam.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9779d8159d328d842f63cac031444d411a42c8dadfae9f2313e6e4369485274b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 264029
alt-svc: h3=":443"; ma=86400
content-length: 177626
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "2b5da-5e736f78-dd356c;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irIlULrp2aiW50o1f7Sj%2BwhE6%2FVxQhEBAmNhWpw3ufkb%2Fa8FJHEFh3UpSZinfWshv1itYL3Dj4nYCDPI10cVcg1ExHr9PnmJAnehxcKET6hDgQKlO4q%2Bl3tHksSMXcYvB0aEOYBNYjIR6R%2B0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034e9f4e37d4-FRA
expires: Fri, 01 Dec 2023 10:05:22 GMT

GET
H2 200 webcam.png
elcorito.chat/images/ 4 KB
4 KB 49ms
48ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/webcam.png
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49883b2ff34194c5fbf2ed8a87a378de086a67334253d63d77ee02488c9d3f10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 364893
alt-svc: h3=":443"; ma=86400
content-length: 4082
last-modified: Sat, 20 Feb 2021 20:14:30 GMT
server: cloudflare
etag: "ff2-60316da6-dd356d;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjWeOe0AaIGyIBef0hyZEXeQyyk2h0bYg0hTzGsQa1zhAb1XNmkq4Z476BmMBYUuOeGWoF%2FuePYMvDbW7YAAyJntnTnlWP3zHrP2VCMgw%2F7aMn4tu95XxISRPMjSpQiX8PASyoDYNqY03pp2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034e9f5137d4-FRA
expires: Thu, 30 Nov 2023 06:04:18 GMT

GET
H3 200 dj.jpg
elcorito.chat/images/ 45 KB
46 KB 34ms
31ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/dj.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a77ea5147173c42b23e754663635f044a9fc9cae895aa1487e7cbe4a46ae156

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 46248
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "b4a8-5e736f78-dd1d17;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6BSd9dMsJLXH7nPg92U6BNtQ9qI9mFgp5HS6JWQWcFVeK7q5qoJDz37rn6QDsbNiRasufIQZlM%2BOuWVEW7rzwqgGHhFJxocwesKZ6QvAf%2FSoJdKWeTSKp4bGr%2F1CSMvmeaH%2B7Z1Plv6vJw0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034ecec9bc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 salas.png
elcorito.chat/images/ 37 KB
37 KB 50ms
50ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/salas.png
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b302f3162063054c6c6a18ac90cc62e69a395912cd157dacd2d53e1d4b06597e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 37779
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "9393-5e736f78-dd3566;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8ytgYze4kWF9Rt9wqnNhcOsITxKJ1bIN3BVYJM5fl711KHQ9nMyuP5Fh8sYj8RnpiOI7ByyNRjQat4JBCTJ3lcI6BBuuzZhwLT%2FZXj0641DVV8EkS8V73RVJ6klIckw5z6NlhZeiBpB%2FugA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034efefcbc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 amistad.jpg
elcorito.chat/images/ 23 KB
23 KB 36ms
35ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/amistad.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 287441d6ca926bac6b7e4e50b48412faf12fa3654c80d3abd0f20dc420632eee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 23445
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "5b95-5e736f78-dd1d0f;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FxHuehJoB4BrL1y0oWuOsJcTtm%2FCUq%2Fhcsl%2FLr1bmMrqf8vii%2BvcO7lHl0gRcoDE6B6eruCEWwdCe47%2F3L6PiSI%2BEMwW19%2FFPlyKZOQebq%2BZBOjcgsPLCRvmN20i2YPmBsS%2BI%2B2J4JpHNkOB"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f5f59bc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 contacto.png
elcorito.chat/images/ 13 KB
14 KB 79ms
77ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/contacto.png
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc2a934d09315618cc7d670f748958a584c14cb54a8619b455b71ec9f62fc887

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: MISS
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "351e-5e736f78-dd1d14;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kc9KsbaYOqqK1aS0yoxp%2BW06PzaLUHHCGRVsQ8j%2FlvGvR3N5SRj%2B6Waf1yM1T8URUhM0GhgDfGvbjMElg%2BlMCtxkeUwvK%2F9tzR5xF%2FGzAzpJoVdU3FVgco3KWha9T%2BRbjqIagcmuEzQqmkU7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f78bc03-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13598
expires: Mon, 04 Dec 2023 11:25:51 GMT

GET
H3 200 ligar.jpg
elcorito.chat/images/ 20 KB
20 KB 69ms
67ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/ligar.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e38ca9bffa82d9df246392811cb84323aae578099752e322751189cd897ab0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 20434
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "4fd2-5e736f78-c95bda;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqKQQ4tlwocVVLSWujFyUTzCHjkbTwap5N1hs7EZmdfB5EHx2Z7WzxygBu7AuAjsBv44ME0ZYbC35XhrzikGT11BTTUCFxTQch5zQmyrPfN56PfqOaXYK%2BBUGvQmdPrRr0%2Byxi7Oeiczs%2B%2Fi"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f7abc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 madura.jpg
elcorito.chat/images/ 30 KB
31 KB 84ms
83ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/madura.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5dba68d705ba20baa1e8133d51261af4897d351c3d861704aa280eabd710480

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: MISS
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "7862-5e736f78-dd3564;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0SDb9bwwMjCiqtoNJ8oyGBMr5oqmpMiQvu6XigvWfv7iHNAXWTGhWqBiLRK%2FyUFAvEXlBgOKsBbPr%2FHaUmba%2Fp5Ce7RKfSNkZcKxMKT72PDiYnwXY4%2BCnVQBBFzTw51R64P3y2OepXZwKH1M"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f7bbc03-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30818
expires: Mon, 04 Dec 2023 11:25:51 GMT

GET
H3 200 18-30.jpg
elcorito.chat/images/ 28 KB
29 KB 69ms
68ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/images/18-30.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b894ff327ab4f945741b16af437bfe9d6b5e89d0726181528b60b8c2ddc017e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 28742
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "7046-5e736f78-dd1d0b;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=na6KngAzftMvh4qP3UUMu%2BF2AKZ4jzuf60gFcq1HSalqG6epJW4d8x2srhPvHs%2Bc1zyu%2FdB4o6vqZ4BITDpLNiMWQlPwnVzPuhPtWLPpz8yHjjvONvwMwok70iHWWksp4owJ39SH4Hv3ZSL2"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f7cbc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H2 200 dmca_protected_sml_120l.png
images.dmca.com/Badges/ 2 KB
3 KB 99ms
23ms Image
image/png 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/dmca_protected_sml_120l.png?ID=b79b6e7d-3d96-4b3b-8f80-3c7363e77180
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: 619f522608653b3074b1161f407de89e5806804729edacadd3accc0e1bf97a94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cdn-edgestorageid: 1081
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 18:08:03
cdn-pullzone: 1574055
content-length: 2122
last-modified: Tue, 04 May 2010 23:19:10 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "26b76633e0ebca1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 66aac7936d072d7727e08cd911e30b3e
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://dmca-images.azurewebsites.net/Badges/dmca_protected_sml_120l.png?ID=b88f7bbe-b8ed-4c2a-a7fd-2a2d7f465699>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ 465 B
844 B 100ms
20ms Script
application/javascript 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:40
cdn-pullzone: 1574055
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"26b181f16d28d51:0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 82aa2920c50385b51605ab8350ec9bb6
cdn-requestcountrycode: DE
link: <https://dmca-images.azurewebsites.net/Badges/DMCABadgeHelper.min.js>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 s.js Show response
waust.at/ 8 KB
4 KB 110ms
35ms Script
application/x-javascript 2606:4700:20::681a:407
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://waust.at/s.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:407 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 17:19:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3273
etag: W/"63c04115-2170"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fuso%2B%2BXIn7LdHb1FlEvoLAJY0eQD6iDPq6IGLtdPfLoygOkZ4RM6MQ540bITe29LvFPeEy%2BV7OviooNbIL94WxOTGCRCg9MvORHc36tWCkcAOeZTJd9pX0J4%2F%2BEAP%2BKSeaAouSmx"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 82ca034fd80c6ae7-FRA
expires: Tue, 28 Nov 2023 10:31:18 GMT

GET
H3 200 jquery-1.10.2.min.js Show response
elcorito.chat/scripts/ 91 KB
34 KB 48ms
47ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/jquery-1.10.2.min.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 386472
etag: W/"16bb3-5e736f78-18013c6;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Bc93vI6ztfSvOYVhoRxIHMjFktHnfpSDVOb9rNT5VGvf2pmwTOnxROOHazA%2BJJACq67zMKpP4IkFSTD6Q5qIOMPMUtEb1w89ILOvtvts%2FrJHsD5r2O2pMDU7GxM7PH6Yv2q82ERH3RU7rZa"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034f6f6bbc03-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 bootstrap.min.js Show response
elcorito.chat/scripts/bootstrap/js/ 27 KB
8 KB 70ms
67ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/bootstrap/js/bootstrap.min.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc1d94f50dd3822e1e53cb96af4f040d2ad8b5c7b984bae5e84efc7641acfada

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 386472
etag: W/"6cae-5e736f78-3093870;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TNabrGTo5DNntJVHPhGLx6Qo%2Bvy2fgI%2BiSc2FbaYGbmINlKismiIWKgFE1fwiPqDdAz0tQp8odp1RBb2yxUO3A461LHh5TwrKl1XYWUMYfmWq1%2BFmG0tUFZNw5VF%2BxKC%2BHkZuhJkoRFl%2BIjy"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034f6f6fbc03-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 landscape-bg.jpg
elcorito.chat/assets/ 130 KB
131 KB 106ms
104ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/assets/landscape-bg.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4fb502ca1cb75eab89973f7726007591fb388ebfdea4216faddca45118213c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: MISS
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "209b8-5e736f78-8c2f83;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZjURtcrSubcFIDWl5QkYqG%2B4NnZWuEf7feFtpUGneopGwSiBZ5UTgnFViFOiddEk4kt8N1s66i6rL5nNMSwTNfeEP9vzlnHzAKJOF7lYzrmw8vwrcxhHww%2BAUiwEqdgus7JKKH38NNE4Q1F"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f7ebc03-FRA
alt-svc: h3=":443"; ma=86400
content-length: 133560
expires: Mon, 04 Dec 2023 11:25:51 GMT

GET
H3 200 default.js Show response
elcorito.chat/scripts/ 3 KB
1 KB 36ms
32ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/default.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c23dc6d33756a70efed4e2d27fd9314b2dca3ee7e0243fd552c041a61c6c5e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 386472
etag: W/"c3d-5e736f78-18013c3;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BoIp3yTU1sWBcsC1TPEBYNNjW%2Bm9YNCT4pgMhUmbbcze%2FBgoAy%2B72dSoCMZT2pk%2B4eXalFL%2Fbz208nASmVfb0pu9C%2BbCAPE%2Fkkfy0PxLf6KdYTtiB8JHQQM1GcJPngii6jYFXDMJ%2FhB4Qnte"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034f6f74bc03-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 simpleparallax.js Show response
elcorito.chat/scripts/parallax/ 319 B
705 B 71ms
67ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elcorito.chat/scripts/parallax/simpleparallax.js
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd7fb85167ed50ef6b6e19d89b2f5dea7b32a133b02ec15744b5921f72e9751

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 386472
etag: W/"13f-5e736f78-4461d94;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tJUPxQ%2FyD%2F4I0bGRwHPoMrYEVvu94vEFmw%2BdZMOUXkOJUeQ8pGrr6XfJKpY6pFnmyXF%2BNfRvlIzr6%2B5it7nH3zwQRq%2BcwX0bL4ixsggPN6w00qyiGCdxA7Sf19T9HjKKj04GmLNbd3cBRmJ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 82ca034f6f77bc03-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H3 200 2383_z3y7qw.jpg
elcorito.chat/assets/ 125 KB
125 KB 32ms
31ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elcorito.chat/assets/2383_z3y7qw.jpg
Requested by: Host: elcorito.chat
URL: https://elcorito.chat/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54ad56988bf78090ce07a5897636fcf8f1f4209a244c8ec03aa45d16f6309375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 386472
alt-svc: h3=":443"; ma=86400
content-length: 127665
last-modified: Thu, 19 Mar 2020 13:11:20 GMT
server: cloudflare
etag: "1f2b1-5e736f78-8c2f81;;;"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ze5WUwh4hvDHU3p8trvIWEuWo9qGsI28FXU2ExnXD0XPDNkApZKbGEa%2FAAA%2FvIU7uC34o2XFQLntG4Laf0BX8JugEoG0Aagzu%2F%2FFsemkPWgbKVs%2BHgmPwEYJ4LpESYqorR%2Fv0CginXh1ihlv"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 82ca034f6f7fbc03-FRA
expires: Thu, 30 Nov 2023 00:04:39 GMT

GET
H2 200 tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
fonts.gstatic.com/s/archivonarrow/v30/ 12 KB
12 KB 95ms
24ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow|Source+Sans+Pro:200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c3ba3bf6bf1617ee7e82251b6d4193082545eeedc60979b031d772ffb5a878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://elcorito.chat
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 20:44:08 GMT
x-content-type-options: nosniff
age: 312103
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11808
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:27:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2024 20:44:08 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
15 KB 91ms
21ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo+Narrow|Source+Sans+Pro:200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec190e2f6ca2b272958e593e24827f3e51d2352733b509cbe1e30868b875bb7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://elcorito.chat
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:23 GMT
x-content-type-options: nosniff
age: 225328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14428
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:23 GMT

GET
H3 200 fontawesome-webfont.woff
netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/ 43 KB
44 KB 67ms
40ms Font
font/woff 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.0.3/fonts/fontawesome-webfont.woff?v=4.0.3

Requested by

Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
Origin: https://elcorito.chat
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1076
age: 383065
cdn-cachedat: 10/31/2023 18:59:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 44432
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: "3293616ec0c605c7c2db25829a0a509e"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 1342a49139a623ead9599ef2b8868367
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 82ca034f9b1c3a9e-FRA
cdn-requestpullsuccess: True

GET
H2 200 / Show response
whos.amung.us/pingjs/ 29 B
183 B 197ms
144ms Script
text/javascript 2606:4700:10::ac43:88d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://whos.amung.us/pingjs/?k=8lruh7yuwp&t=Elcorito%20%E2%96%B7%20Una%20Vaina%20Bien!%20%7CCHAT%20DOMINICO-BORICUA%7C&c=s&x=https%3A%2F%2Felcorito.chat%2F&y=https%3A%2F%2Fphoto.hdd3.one%2F&a=0&d=0.431&v=27&r=7373
Requested by: Host: waust.at
URL: https://waust.at/s.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6596b8610483551a3c0111f59bcdd1049728e496618181de90a9928f0e79d3df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82ca0350bb301b93-FRA
content-type: text/javascript;charset=UTF-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 43ms
42ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2QGFJD0WL7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-144973325-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24544d80ef459a015494fe5c641102f3d2ef680568dc4524c2eb16c5b8482d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81045
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Nov 2023 11:25:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-144973325-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 09:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5774
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 27 Nov 2023 11:49:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-156928160-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-144973325-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e99839b2a7caa30386a961a259a09e6c888800626290c2d35dda7276f73c1c10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68768
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 27 Nov 2023 11:25:52 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
79 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7QBYH7SFLV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-156928160-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0ef7e516132288a14d8cdedce364d421e3a1f2a024845c558a340a8439a232c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81052
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Nov 2023 11:25:52 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 397 KB
134 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4896375881595114&plah=elcorito.chat&bust=31079699

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5bc3116d1336864426ab3de833b2382f7bc057f265a592a448c75ae0a6ecd177

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137288
x-xss-protection: 0
server: cafe
etag: 1647457604868214710
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:52 GMT

GET
H2 200 zrt_lookup_inhead_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 66FE 9 KB
4 KB 71ms
20ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_inhead_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4111
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 09:36:58 GMT
etag: 13268084621564590274
expires: Mon, 11 Dec 2023 09:36:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
204 B 28ms
28ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1684467240&t=pageview&_s=1&dl=https%3A%2F%2Felcorito.chat%2F&dr=https%3A%2F%2Fphoto.hdd3.one%2F&ul=en-us&de=UTF-8&dt=Elcorito%20%E2%96%B7%20Una%20Vaina%20Bien!%20%7CCHAT%20DOMINICO-BORICUA%7C&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1586513943&gjid=1131673075&cid=1187110127.1701084352&tid=UA-144973325-1&_gid=908868018.1701084352&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1352646531

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://elcorito.chat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://elcorito.chat
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
66 B 27ms
27ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1684467240&t=pageview&_s=1&dl=https%3A%2F%2Felcorito.chat%2F&dr=https%3A%2F%2Fphoto.hdd3.one%2F&ul=en-us&de=UTF-8&dt=Elcorito%20%E2%96%B7%20Una%20Vaina%20Bien!%20%7CCHAT%20DOMINICO-BORICUA%7C&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=836553861&gjid=13080575&cid=1187110127.1701084352&tid=UA-156928160-1&_gid=908868018.1701084352&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=317303489

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://elcorito.chat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://elcorito.chat
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 77ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2QGFJD0WL7&gtm=45je3b81v9114622262&_p=1701084351893&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1187110127.1701084352&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1701084352&sct=1&seg=0&dl=https%3A%2F%2Felcorito.chat%2F&dr=https%3A%2F%2Fphoto.hdd3.one%2F&dt=Elcorito%20%E2%96%B7%20Una%20Vaina%20Bien!%20%7CCHAT%20DOMINICO-BORICUA%7C&en=page_view&_fv=1&_ss=1&tfd=629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2QGFJD0WL7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://elcorito.chat
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 54ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7QBYH7SFLV&gtm=45je3b81v9114753470&_p=1701084351893&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1187110127.1701084352&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1701084352&sct=1&seg=0&dl=https%3A%2F%2Felcorito.chat%2F&dr=https%3A%2F%2Fphoto.hdd3.one%2F&dt=Elcorito%20%E2%96%B7%20Una%20Vaina%20Bien!%20%7CCHAT%20DOMINICO-BORICUA%7C&en=page_view&_fv=1&_ss=1&tfd=654
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7QBYH7SFLV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://elcorito.chat
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 439 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3FE9 237 KB
68 KB 678ms
677ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&adk=1812271804&adf=3025194257&lmt=1679708750&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Felcorito.chat%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~6&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352113&bpp=4&bdt=366&idt=379&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3172985720591&frm=20&pv=2&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=402

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4896375881595114&plah=elcorito.chat&bust=31079699

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbe8fa329ee129f7d866a51e4e38e0ff31a3bf6b000ee7502b2e46d05e3bdac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 69182
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
expires: Mon, 27 Nov 2023 11:25:53 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=HEADER&cls=navbar%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: elcorito.chat
URL: https://elcorito.chat/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6E98 131 KB
43 KB 724ms
723ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0372d6ab0ab808f88875a1dd12d9f771c2486fcfd44fa48d5a3a688f74c60d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43930
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
expires: Mon, 27 Nov 2023 11:25:53 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F7C9 26 KB
11 KB 480ms
479ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dab4d1e1e1409fbc22698a9e54df6c2322954cb11b486fb6ecf835efb9481657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10719
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:52 GMT
expires: Mon, 27 Nov 2023 11:25:52 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 37A6 624 B
246 B 66ms
63ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGLjHnv0BMAE&v=APEucNWqkuRTxkK2wjfNGFqLVS3kLpVEfzoKxxGeHf95G-MYO9nPqceBHMyTm3qq3r4JbALDIebcuDKi8gFyWuq4FdRdonJAs6K5YlAtRU1_Nz9vD98YRwvI0esHKDoolNCrDLiC2684OTnIHIKIi0D6NKAfGoGkKyQzczKZCVH8nj5GZl6Jnlo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
expires: Mon, 27 Nov 2023 11:25:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C9EB 89 KB
31 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame C9EB
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1676726/76430573/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014760199&ias_pubId=pub-4896375881595114&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

43 B
483 B

74ms
20ms

Image
image/gif

2600:9000:223f:d200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414
Protocol: H2
Server: 2600:9000:223f:d200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 28 May 2023 02:26:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 63505de36d604e79a77328b302a7d4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15843535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: nK9Bd4Htsdo0Iq-AUNlYPupHJY6e5lZcIA9qvV4DGbCGqxcuedevFA==

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: nginx
x-server-name: app19.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C9EB 3 KB
1 KB 86ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C9EB 20 KB
9 KB 81ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C9EB 202 KB
64 KB 162ms
100ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9EB 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A9CRwMMBBL9xb533aVXwaCdKOsCsBy_n2zDJTI2m_WOdt434JvxDzkhROS3_oEVS2vL_1851Eb6YCVL44PLjJ7A6p44Sb8oO_fEedfyZ_gALwTUj4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9EB 0
20 B 54ms
52ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6326060395985222990&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 37A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1&C=1

43 B
340 B

35ms
34ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGLjHnv0BMAE&v=APEucNWqkuRTxkK2wjfNGFqLVS3kLpVEfzoKxxGeHf95G-MYO9nPqceBHMyTm3qq3r4JbALDIebcuDKi8gFyWuq4FdRdonJAs6K5YlAtRU1_Nz9vD98YRwvI0esHKDoolNCrDLiC2684OTnIHIKIi0D6NKAfGoGkKyQzczKZCVH8nj5GZl6Jnlo
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ep%2B3%2Fz4vpQvcP1NZZTRcZ7EoB2rj5zOEs1SRYd224ZPjvBTKfGn%2FrxYIcoZQQpHXqweua6BVqMO6f8Zgaq9WbArIKHi8D2jcaAiL%2BHQXJ2FYTSpzmvnA3IQVrLBY1P1cC8tQnJ3%2B9d8fyw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ca0357ae1a368a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5T5wCkbV3aAHrHQiRv5U1DYJKDegZnRsfakOnW3%2FP6Njk534lD%2Bctl9%2FNsZ%2FTgPNNuXb736uRSl6lcddJ2CpnjEPBgmJ%2B8yQ%2BtsFUttztHjHxVK%2Fir7sOWe%2BEhJLpiDwHNuNr0v9St%2F%2FTw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82ca03577dd7368a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 37A6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWR8weWYzLyiEJP-Mf5C7AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

43 B
772 B

34ms
33ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGLjHnv0BMAE&v=APEucNWqkuRTxkK2wjfNGFqLVS3kLpVEfzoKxxGeHf95G-MYO9nPqceBHMyTm3qq3r4JbALDIebcuDKi8gFyWuq4FdRdonJAs6K5YlAtRU1_Nz9vD98YRwvI0esHKDoolNCrDLiC2684OTnIHIKIi0D6NKAfGoGkKyQzczKZCVH8nj5GZl6Jnlo
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wOo9jP3084FHoVr9OC%2BMttz%2BgUhbLBK7zq8Kp%2Bn3lrGrM%2BWsShmQjDXn2iBKiTD8SphtG1iYI%2BtuSLkQQa%2Ff2LoT7l98mmGBtqo20Kl%2BNakynDfryDSdlitXu9uL7zGQk4BnbhZ9A4iUNg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ca03583c934db1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 37A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMKFU11dS-6oWJPymhruj7M%26google_cver%3D1

43 B
893 B

36ms
35ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMKFU11dS-6oWJPymhruj7M%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGLjHnv0BMAE&v=APEucNWqkuRTxkK2wjfNGFqLVS3kLpVEfzoKxxGeHf95G-MYO9nPqceBHMyTm3qq3r4JbALDIebcuDKi8gFyWuq4FdRdonJAs6K5YlAtRU1_Nz9vD98YRwvI0esHKDoolNCrDLiC2684OTnIHIKIi0D6NKAfGoGkKyQzczKZCVH8nj5GZl6Jnlo

Protocol

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
an-x-request-uuid: e8478ea5-3102-42c7-aa0b-ac64d9d22cbf
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.22; 217.114.218.22; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
an-x-request-uuid: 09918268-62ed-44a9-8529-65bc9a68366e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMKFU11dS-6oWJPymhruj7M%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.22; 217.114.218.22; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 37A6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDI2MzAzNTMyMDY0OTAwODcwMA%3D%3D

170 B
243 B

30ms
29ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDI2MzAzNTMyMDY0OTAwODcwMA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
an-x-request-uuid: ada93d1d-8f80-4227-b43a-fe8795b4ab81
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDI2MzAzNTMyMDY0OTAwODcwMA%3D%3D
x-proxy-origin: 217.114.218.22; 217.114.218.22; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9EB 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6611084392406&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9EB 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6611084392406&version=m202309260101&ct=76&x=1&cor=6326060395985223000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C9EB 91 KB
38 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcIiOGtYjOKCwzx8N-VDnODP164VVMdvkXMv7ny3WqUdxu2msXA-1Z7oia3Hyz9wY28XmaC1nmgDLvGGj_77DqMATlPv-D_mMN5XTN--Imr4_PwjfPSbDXIgxVEJI45igKkRJhokcR8sfzmPU6xaPD2wTP8HADazxcRG0auEoKv45JlPQ&dbm_d=AKAmf-DMUUemiGi373_ybSS-0ftkDGrZr2W-Lr3lmTWux3nhA8CLaIy4_ZqpJd-vwkckm1nnMgb2yleE06Ilsq9dQSa8Z3wwT2_7Vd5qaRA7bYRBMb4W9u6xyF8DnHntf4CCChBSCi5mKFis7GuGLq3OC5xBzqVhCCt4vWdY71yB4v8s6sizf0t2QavDMZ5_jtuUen6LAYzvsfog2BwRsO-OjxtCltI-PI28GyC52SDUldVeC7vxzPF8fN1G_Qab50FNuli1uuXTc0zDfeeKOSei1dPQi2vbqPW1-r18z3ZZ1jxM-khEficmq-2oEC9KxuSoF6l2HjfanpZaqXEHjnsCWEr_C6N5YD1TNoB5EN6OrRVw5y2uWrPNNeiQgnKKdtryAOV-Ysh9eIlJYxdC5aLm2D7KuXjRJrcIa5qVsr8gThvUF1-cUFu0QLc-ZiwtQ6Q6cWdZyTQMeGRMeTWLmzhrpwY_E4EO-MAyuLtSMUfQe6_eQIz5RuGDqh0Ql49_F7yEg6rEJhHaylalBAa79q2F6hUBG1E97z0pCwpzi16xi1BTMkUpbXuAGZ9VR1qxlCRu84f1Gg-tuf68Bdt9LirdEpDPqRBJyjtaXV85AeWUEfAbLaIkSUBWbOMYiWeXJYUgkAye1XG91hOnoiaM7vcPGLPcvnTAEHFWHmNB7UZ8-iXi3tlrIZxMkCMvuW3SVwkgVOBZoZPk7zcxLFa1MQNxe2Vudyb0bD8cQASmp-8yYcmkE-PbabzUtBt2C70TT9Sd4H6YbKndP4UMLjvz67ZbSY6sB-ptKyM3tV5Ya-1PpHCo7otLUZvZqXbN01Ny0MnPL4Izf92oPMGDc7-DKF4v2cE-qcxYm6FF-nxfYZMHi6wLZdUXDLUGUdaFOEZyDmC04Tb4Im_oECiDsRUYIwUwq4IzZhvR3FTpjCfRP8hDnv-cSGoYPf_qKBiN85lFBJA9sZ0xbd98y4BFW0MxXxmc-50HPcr-bG6kYIFnUFD-P-Sx7nDkdwXBLdFoDDpyQ4bI3LH0P7pmvAfNBpi6F7KD4h5pjzM8OVX2bO6M1v2g9fnmAJ-dRKaQCdYGVrPm4KmfkVfc5xx43aojLwHM4zjMkNWlN249LHuucl7l1AGCUdPUnnnLk4h76MOwhA1Re3XnGPSWSVlC5Q1ULHHmkuCi8WCadXCzKtqbJwla6WF1NeUnB7Jsl1VW2qPMqq9ZDFzegGMaONove-7YEoOUkt3xMvOlTAWLHRocMmGZIttuTEUppDDc_Gu441FaCdQa2WGE_SkhVneyjd4z_sAf_o461U4Ai_4VRREGLN4LjGbFOmrL1vMWYXlz115_LHjXA-vahsfeYH0VhXylg00_Dva3o0lO_oDKaULJu8RlUYF6gZ63Mk8WyJnntfL4BzpMi_WaGLS_9F0JBbFvy54ThJZ1aWCzZbqNkvKXLiOarNRnyTR4RHr39UHllx0JfyDkqcJuxPijOZDVlo2fx6kKtxXeVQofh6qSUGqzqkM7Ptaha2yNzBVJhtr2DKicFQC3dLzTF8KwE3wLKuKtiDNSQ67xE-VNueJTegsK296eMF5t4ZwM76N5wOU2XTgl4E9pq7e_6aXyRUgsSiPPRlm8EFqZVzJyuzp6WEX-oS2367c-mPbPwtOR3DwLeNyJ9ci9oqg4fTFja3SPGJeiBAbK4b9BU_UIm58Qb5Mnu1Or6b0zdYuk42uCw840hfFOsuMNaMxyr7D1WGVQO6LJWQL65AKkV5SLNsx_UVde4tkN96yYLNaq-UNVjIxpXa6OcSfNVCVLD7bxLP_boWkY7ojP6DepkLk0mI1FZlrd3AmVgD3fAXUjfWqAUIRxWfRmJud8cZq-21AV-gwOTBl7ilI7XrYCZ8fhsNy3TsRa0Xik_Nd_Pvoyr_onuYsmSbrOTwcB3a8bVdwEna8cpbe9XnEQDTdBWQBc2r6CieVAS1UtsNaOqGpfZxRC0quVU2vnI0MdmyCF3Th20sKVVA1QJGrGO7AcrYL2iydc1cLCVYROrfESSpfHXVY79MkydVT9cAwT7Gv7pzA-cJ89nFJ8-BT0X3ZwRjQ8rNCTwb_ey4HZ-CKFYe6uHJ0wxGYlErE1mkenO6BEjQPURLZep9oNhtRUB1gj6LrjBlz4R_2t-IvNR8NYRO74_yhCRpuxHdjId4XPeEBxugJwcqDw3nrJx-lushp9c9ZhBFvKffvz1L_DTskQtC-V7Mad6RNlwLMDz7I2puzdNf3EwOGElj81Hn-XWSJMp8V5Noi1Bsw_XYgJE7BFJSuO1lWz8Jl6hmKwgDZ9WGT3FpbaH6L2OCNbR0UPaZ6k20bt_Sm9l9cz3xM5U_ICt8B9OKjZctexmqrhDQoLPpfb5RKvGDrRO2MDAW2UK2ecVrIpboycCZD3MSFbjcUUeJreofOfXLJggkhZjx8JeLmsLTeSEIyzR1SGZ9TqSX4J6ufsTz2Tw2JA9Fe885mlbkBVi1Csm2ZCu3UV5r9_aWT8rkucZTJtUrgVgrLIEfnDjHe4I839Z1lyJZcwIpcieiAhAhGA75LmXwmMR85zWpWGdIlJcqRgjLA4uEArcK0CSDUprqTNUNT25KXddWJBweQX3eA1mnwOXf8ewny9vOirUPOpo_p6dZQFTMVUYwJde58Et6MnWvbD5qRPZ3wOL1EkM9DMsOJlMWd5vLC3MKsQ7go_x5W-UFPN5iO0M3qJi98zTHlISJb43iG9z8NufdIKuXCClstR89F9Lr8UFLEODQncgqcXH8gedGZQ5EMtOI9cFRTpf-D6X_FSEZMmQPtWSL9sQwgHx80xruOoYOQpxQqz9ynZZWc6mymrCgcAPsBSGx__XPSJYUbCluut9vERAMSUqYgcMiA_5NTpQ4olanBINT12RzYS8_WYecZyK8ErU7A4nNZVe-6D2uFyip66NXNRHXOoBlXlwSaZZb2z6nSBNoEVJc9P3LHblwLrKxdYcVtaXVrlqr3qtjZ9lEE2yoKWA0Pq76pax3ld-YrfNGM4WZIgMf4dDRlSc_usmOcoohwQjaUfWyyftXwmOz9dvvjIaz9YmdPCf2h_ngV5ifh2kq4Ez0O-rRgFQrqeW7mO04LwG3b3iQiNpB5O55XSrfKufBw-5CAPvshHv0QDJjk8YXVd0GySYTMfOnq72x6Ghl2iKg4eDAok6xOKDqvwwMcRuCvoUpxnZjeIiHbvv0tsvSWYHIgVNOvmLbyxsAzWnhI0vzgKNU60YrwgYePyRKv1qsjn64TZGcz6OvnJZGBRfZgaSfWoDbwjFd7DmHgpXN1VXz_jMVFBIHjLx8A0ajfRsw0y4O-ye3N07qmUgPNKuAS5LIf9jSLD29ngLX_SnLAfPi-97FA4JQRSAShQG36n6lj7h00PpqMNpfEGqgVIlaae8bAj31adChMubTkSquIFIj8lt3WpZkW-6UaRUwLmeN3otZtnvw_kf8vr-gAVMC72lY3nCXMrUGfSEltq-gQcLSA1k4gdKCeokcKr1CnF9qX4JuLNese7cacGaUPWQTCFEEXm_lfNIIhUPwI0opioYJ7BGZyMF18cf4nvRg_5m0RhKeRbYWAUXh7MXfJkoPqL&cid=CAQSTgDICaaNbUWfH30q18oO8tA-sR_TwY1SV01hcSzyuNBT76G_sGPvwYc0c-arfKdly8Xvu_FrRvsAmWGSwUnrFnZDtlj6XpLHmfpdvDzqIxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Felcorito.chat%2F&ds=l&xdt=1&iif=1&cor=6326060395985223000&adk=497053795&idt=81&cac=0&dtd=22

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ae6ae880ff4711b5e901a9e0f0684969c9ed8434c434cab5e16151d17371278

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=2005281337&adf=2296579135&pi=t.ma~as.8294562186&w=504&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=504x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352119&bpp=1&bdt=372&idt=411&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C930x280&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=357&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=414
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38975
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C9EB 111 KB
39 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 06:30:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17742
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 06:30:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame C9EB 11 KB
4 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcIiOGtYjOKCwzx8N-VDnODP164VVMdvkXMv7ny3WqUdxu2msXA-1Z7oia3Hyz9wY28XmaC1nmgDLvGGj_77DqMATlPv-D_mMN5XTN--Imr4_PwjfPSbDXIgxVEJI45igKkRJhokcR8sfzmPU6xaPD2wTP8HADazxcRG0auEoKv45JlPQ&dbm_d=AKAmf-DMUUemiGi373_ybSS-0ftkDGrZr2W-Lr3lmTWux3nhA8CLaIy4_ZqpJd-vwkckm1nnMgb2yleE06Ilsq9dQSa8Z3wwT2_7Vd5qaRA7bYRBMb4W9u6xyF8DnHntf4CCChBSCi5mKFis7GuGLq3OC5xBzqVhCCt4vWdY71yB4v8s6sizf0t2QavDMZ5_jtuUen6LAYzvsfog2BwRsO-OjxtCltI-PI28GyC52SDUldVeC7vxzPF8fN1G_Qab50FNuli1uuXTc0zDfeeKOSei1dPQi2vbqPW1-r18z3ZZ1jxM-khEficmq-2oEC9KxuSoF6l2HjfanpZaqXEHjnsCWEr_C6N5YD1TNoB5EN6OrRVw5y2uWrPNNeiQgnKKdtryAOV-Ysh9eIlJYxdC5aLm2D7KuXjRJrcIa5qVsr8gThvUF1-cUFu0QLc-ZiwtQ6Q6cWdZyTQMeGRMeTWLmzhrpwY_E4EO-MAyuLtSMUfQe6_eQIz5RuGDqh0Ql49_F7yEg6rEJhHaylalBAa79q2F6hUBG1E97z0pCwpzi16xi1BTMkUpbXuAGZ9VR1qxlCRu84f1Gg-tuf68Bdt9LirdEpDPqRBJyjtaXV85AeWUEfAbLaIkSUBWbOMYiWeXJYUgkAye1XG91hOnoiaM7vcPGLPcvnTAEHFWHmNB7UZ8-iXi3tlrIZxMkCMvuW3SVwkgVOBZoZPk7zcxLFa1MQNxe2Vudyb0bD8cQASmp-8yYcmkE-PbabzUtBt2C70TT9Sd4H6YbKndP4UMLjvz67ZbSY6sB-ptKyM3tV5Ya-1PpHCo7otLUZvZqXbN01Ny0MnPL4Izf92oPMGDc7-DKF4v2cE-qcxYm6FF-nxfYZMHi6wLZdUXDLUGUdaFOEZyDmC04Tb4Im_oECiDsRUYIwUwq4IzZhvR3FTpjCfRP8hDnv-cSGoYPf_qKBiN85lFBJA9sZ0xbd98y4BFW0MxXxmc-50HPcr-bG6kYIFnUFD-P-Sx7nDkdwXBLdFoDDpyQ4bI3LH0P7pmvAfNBpi6F7KD4h5pjzM8OVX2bO6M1v2g9fnmAJ-dRKaQCdYGVrPm4KmfkVfc5xx43aojLwHM4zjMkNWlN249LHuucl7l1AGCUdPUnnnLk4h76MOwhA1Re3XnGPSWSVlC5Q1ULHHmkuCi8WCadXCzKtqbJwla6WF1NeUnB7Jsl1VW2qPMqq9ZDFzegGMaONove-7YEoOUkt3xMvOlTAWLHRocMmGZIttuTEUppDDc_Gu441FaCdQa2WGE_SkhVneyjd4z_sAf_o461U4Ai_4VRREGLN4LjGbFOmrL1vMWYXlz115_LHjXA-vahsfeYH0VhXylg00_Dva3o0lO_oDKaULJu8RlUYF6gZ63Mk8WyJnntfL4BzpMi_WaGLS_9F0JBbFvy54ThJZ1aWCzZbqNkvKXLiOarNRnyTR4RHr39UHllx0JfyDkqcJuxPijOZDVlo2fx6kKtxXeVQofh6qSUGqzqkM7Ptaha2yNzBVJhtr2DKicFQC3dLzTF8KwE3wLKuKtiDNSQ67xE-VNueJTegsK296eMF5t4ZwM76N5wOU2XTgl4E9pq7e_6aXyRUgsSiPPRlm8EFqZVzJyuzp6WEX-oS2367c-mPbPwtOR3DwLeNyJ9ci9oqg4fTFja3SPGJeiBAbK4b9BU_UIm58Qb5Mnu1Or6b0zdYuk42uCw840hfFOsuMNaMxyr7D1WGVQO6LJWQL65AKkV5SLNsx_UVde4tkN96yYLNaq-UNVjIxpXa6OcSfNVCVLD7bxLP_boWkY7ojP6DepkLk0mI1FZlrd3AmVgD3fAXUjfWqAUIRxWfRmJud8cZq-21AV-gwOTBl7ilI7XrYCZ8fhsNy3TsRa0Xik_Nd_Pvoyr_onuYsmSbrOTwcB3a8bVdwEna8cpbe9XnEQDTdBWQBc2r6CieVAS1UtsNaOqGpfZxRC0quVU2vnI0MdmyCF3Th20sKVVA1QJGrGO7AcrYL2iydc1cLCVYROrfESSpfHXVY79MkydVT9cAwT7Gv7pzA-cJ89nFJ8-BT0X3ZwRjQ8rNCTwb_ey4HZ-CKFYe6uHJ0wxGYlErE1mkenO6BEjQPURLZep9oNhtRUB1gj6LrjBlz4R_2t-IvNR8NYRO74_yhCRpuxHdjId4XPeEBxugJwcqDw3nrJx-lushp9c9ZhBFvKffvz1L_DTskQtC-V7Mad6RNlwLMDz7I2puzdNf3EwOGElj81Hn-XWSJMp8V5Noi1Bsw_XYgJE7BFJSuO1lWz8Jl6hmKwgDZ9WGT3FpbaH6L2OCNbR0UPaZ6k20bt_Sm9l9cz3xM5U_ICt8B9OKjZctexmqrhDQoLPpfb5RKvGDrRO2MDAW2UK2ecVrIpboycCZD3MSFbjcUUeJreofOfXLJggkhZjx8JeLmsLTeSEIyzR1SGZ9TqSX4J6ufsTz2Tw2JA9Fe885mlbkBVi1Csm2ZCu3UV5r9_aWT8rkucZTJtUrgVgrLIEfnDjHe4I839Z1lyJZcwIpcieiAhAhGA75LmXwmMR85zWpWGdIlJcqRgjLA4uEArcK0CSDUprqTNUNT25KXddWJBweQX3eA1mnwOXf8ewny9vOirUPOpo_p6dZQFTMVUYwJde58Et6MnWvbD5qRPZ3wOL1EkM9DMsOJlMWd5vLC3MKsQ7go_x5W-UFPN5iO0M3qJi98zTHlISJb43iG9z8NufdIKuXCClstR89F9Lr8UFLEODQncgqcXH8gedGZQ5EMtOI9cFRTpf-D6X_FSEZMmQPtWSL9sQwgHx80xruOoYOQpxQqz9ynZZWc6mymrCgcAPsBSGx__XPSJYUbCluut9vERAMSUqYgcMiA_5NTpQ4olanBINT12RzYS8_WYecZyK8ErU7A4nNZVe-6D2uFyip66NXNRHXOoBlXlwSaZZb2z6nSBNoEVJc9P3LHblwLrKxdYcVtaXVrlqr3qtjZ9lEE2yoKWA0Pq76pax3ld-YrfNGM4WZIgMf4dDRlSc_usmOcoohwQjaUfWyyftXwmOz9dvvjIaz9YmdPCf2h_ngV5ifh2kq4Ez0O-rRgFQrqeW7mO04LwG3b3iQiNpB5O55XSrfKufBw-5CAPvshHv0QDJjk8YXVd0GySYTMfOnq72x6Ghl2iKg4eDAok6xOKDqvwwMcRuCvoUpxnZjeIiHbvv0tsvSWYHIgVNOvmLbyxsAzWnhI0vzgKNU60YrwgYePyRKv1qsjn64TZGcz6OvnJZGBRfZgaSfWoDbwjFd7DmHgpXN1VXz_jMVFBIHjLx8A0ajfRsw0y4O-ye3N07qmUgPNKuAS5LIf9jSLD29ngLX_SnLAfPi-97FA4JQRSAShQG36n6lj7h00PpqMNpfEGqgVIlaae8bAj31adChMubTkSquIFIj8lt3WpZkW-6UaRUwLmeN3otZtnvw_kf8vr-gAVMC72lY3nCXMrUGfSEltq-gQcLSA1k4gdKCeokcKr1CnF9qX4JuLNese7cacGaUPWQTCFEEXm_lfNIIhUPwI0opioYJ7BGZyMF18cf4nvRg_5m0RhKeRbYWAUXh7MXfJkoPqL&cid=CAQSTgDICaaNbUWfH30q18oO8tA-sR_TwY1SV01hcSzyuNBT76G_sGPvwYc0c-arfKdly8Xvu_FrRvsAmWGSwUnrFnZDtlj6XpLHmfpdvDzqIxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Felcorito.chat%2F&ds=l&xdt=1&iif=1&cor=6326060395985223000&adk=497053795&idt=81&cac=0&dtd=22

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C9EB 31 KB
12 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 16:17:22 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C9EB 41 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 235245
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 160 KB
55 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/reactive_library_fy2021.js?bust=31079699

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6f64fd1d9f408249bad441e006c941278314946c96f6d844d521f11425710bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55848
x-xss-protection: 0
server: cafe
etag: 10462183402240173727
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
DATA 200
OK truncated
/ Frame C9EB 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 489f6bcd0642eef4da9a835ce732da672ffea109db0a00cd443d009441f4599a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js Show response
www.gstatic.com/mysidia/ Frame 6E98 9 KB
4 KB 71ms
22ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:40:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4046
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 19 Feb 2024 07:40:27 GMT

GET
H2 200 78b00c21e40332afd18050ebd59c6b08.js Show response
www.gstatic.com/mysidia/ Frame 6E98 11 KB
5 KB 71ms
23ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/78b00c21e40332afd18050ebd59c6b08.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 09:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4753
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 22 Feb 2024 09:25:14 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6E98 14 KB
1 KB 33ms
31ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 09:54:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6E98 2 KB
822 B 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70464
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 15:51:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 6E98 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7145
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:26:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6E98 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6E98 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E98 202 KB
64 KB 74ms
72ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 6E98 37 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 19 Feb 2024 07:40:28 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8161 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11815468952012219303/ Frame 18BF 15 KB
5 KB 68ms
22ms Document
text/html 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35acb49f48978a133c8602949a19353539306e93ba95b51a53c180dbd6198141

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 11389
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4934
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 08:16:04 GMT
expires: Tue, 26 Nov 2024 08:16:04 GMT
last-modified: Wed, 08 Nov 2023 13:36:23 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9EB 0
0 119ms
63ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstSZ0yq4hYKOVcvJKitak91LQGgDoNUPdPjKT5tQ_VIDYINSuglCFxJloEU1xGOuvTlmAHdTUAAfdH-tlp7ZsST2xxP4WE8kZeRSJNznhdsuwdCQ1sBb4D8xSbIm36_QcF62YCdXjsv2QHlDBrHDsAdP3beK4mCrY6GXNwhwb7HneGAR8jfPUDFBS_16CdISLfyZMepUa76x1U9NJj8G5kOVWnG9jOQLhV7eyDzVjjWtdklBIks9_yehYds6VOZkwIkE-1tyzffwMoNFp8WJPjSQXZznMeHHF5t9bSuvD5hid0vsA6VOu3FfayevBoI5e4Gb3DT2SePBBH-nSoar7wo6nivV5Ov1uhO_FjcFMePIQqe77TAlno7W1ptF8JJUB5_dqoCUt51EIUUUg1pCd_2bR-AynpuJUFVtpYyrg9ik2Qtgxs6c4Jvv1ECwfFDumhEgnwUYlJLfF_sOxarMeeYCLfsm1GqonMpMbThD-CfTEuJiSug7zYW15V58xCh-cixXld35MPspYN6OrDLJ8pNN2YGCQfCCfQ0DP0ETrcdxzyyEV_cFr9uw5QYxy8zhDtXBeZyTqYnx3MDk-p1mFjrqcMNTdzrjeq4T96s8ZaianDpqrCRCl5cJGhvlLuNCb1eAAtjRxs298kOc3xjp5H4eoOlQHbOmpxMVWmVdl7dBOAEtg0jQFPGtbnxcNsSYeNXFBS5IPz00QuqYvB1Y5joMvj4PF3s5WgL4k2vtd30zTBMv12DLYx3QzfnhN47v_pQqKzswhGRmU5z3eaj5m_eHdCMFI1WoIMhKCr1OowyOzNIgVRIuSyh5UiKa6N32cSZvnH37HLlND5VIZAhi4s39Z6wsEo3iATR465kYJFkDIWJYlv8pzhx9P0aKcAd94fVpvly-ny9IuOLOr_w7LxDMKAb7df6BoSrxm2lvwqYqX1h9T_185ZghxrJB5Ea3X2wdMYKwyMvmz4t64ewaKt2eD9xrez60E07dTkd1EN5hQHGGKOLJd9xDb-veEvYSOkWXE8ptOQtL9lFZk7-hGQf4_btdO965SQAs6MkrshUM4TOINIvVMX4-DBeQ3XNfbSjE33-fI4fQfK6V3OpmIQnM57gJ8mK90LnWEivg0dKiw-rYRTKKuAtjdSbKyYSUlBwc3Tii1gg2RiS5a9jW364uNWxDJXNugr0tv0J_74z5_5lmhQg184rHQqDTWgkzv6DjqmL0Q2Y2U-NSQChhvug9Pi7AbhVkbyPBYoAMM_ogVMcomtE_NQNkHC15bYrXbcWQjGaRV3pOC7HWkZ4S9M&sai=AMfl-YTtHRf_--uMbyb02hwGexPJSTwUkC-h-JULh0jS4IMK4h0BWK8Ti-ecL6GuqnjhnFoSlfOpyG9cv0UvUqBlitJgwRyQqLK9LByFGpyWdCF-36izqGNGDxdPO5_qryKhqNDP9QbkzvZclpP9E57BG7-Ge4dyinGOGYVMKiIRqmmEyyO5Zkd0qtZlirbaTGQ3mPWZ9c5b4nXpuq3aEdt9BLIzFbtRof9w9cSi0Yd25Cw431pdeyXFi8RpYFYNeG8pz1MGqd9PQU402_Ddx6jTG9QO2jyX4EL9NHyGaA&sig=Cg0ArKJSzAW4EDdQGfxWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=107&cbvp=1&cstd=103&cisv=r20231109.61475&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame C9EB
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_consent=
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_c...

42 B
735 B

52ms
51ms

Image
image/gif

52.50.106.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_consent=

Requested by

Protocol

Server

52.50.106.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-106-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-00cd77fef.edge-irl1.demdex.com 5 ms
pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: vX3tYhXJQkI=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-2-v054-0209de723.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: fMg9nVcwTQw=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=204478604&d_placement=380647696&d_campaign=30999372&d_bust=9478348&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame C9EB 60 B
60 B 160ms
26ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=1014760199&extPm=531080120&extCr=20761493732&gdpr=&gdpr_consent=&rnd=9478348

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Mon, 27 Nov 2023 11:25:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 27 Nov 2023 11:25:53 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 923
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 zrt_lookup_inhead_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame F0A2 9 KB
4 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4111
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 09:37:03 GMT
etag: 13268084621564590274
expires: Mon, 11 Dec 2023 09:37:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_inhead_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame E47A 9 KB
4 KB 27ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4111
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 09:37:03 GMT
etag: 13268084621564590274
expires: Mon, 11 Dec 2023 09:37:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 8161 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 08:57:58 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame F0A2 4 KB
671 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 10:24:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame D9D0 23 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:26:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7145
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:26:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D9D0 8 KB
750 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 09:36:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame D9D0 15 KB
3 KB 72ms
26ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184606
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:09:07 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame D9D0 376 KB
131 KB 73ms
26ms Script
text/javascript 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 14:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 336107
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2024 14:04:06 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D9D0 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame F0A2 15 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:27:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43132
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:27:01 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame F0A2 21 KB
9 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 03:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26780
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 03:59:33 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 18BF 236 KB
63 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B055 143 B
166 B 20ms
20ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 276
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:21:17 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4238 624 B
245 B 67ms
66ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COKX54oFEJva0bIFGJuYtf0BMAE&v=APEucNWiQwmlRO2epZDCQIuWIhf_EjFk7SIv4wE30que-xBqdXNK3QZ0E1GGoXoeLoQ3Vdi7xlMlfzbzMmWAHuYmkZ00Als4rDl1tJMfOx0qVioRsY2GqYIYP8pzemPpYCnRCS2tFYBi7OsGsKj9-GpDmOScPm_32Y12NSKv4F6Pk5n-euELtwI

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
expires: Mon, 27 Nov 2023 11:25:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 67F9 23 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 07:40:28 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 67F9 7 KB
3 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 07:40:28 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 67F9 0
0 129ms
64ms Fetch
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstJShDgEWNvt35C6VOTZDC68qc4Q0R4TGTmhcbDpZAhQPt21t5ZTvyY1dYqCK-NV1HfzxFyx7zYKav3bw6j1T4uXMWZezDdp2Dm4GGKcJCCJQBNyWU8Jrt4zPldgIST8_omfWhvWrnTZUSkqrqyAQ9HsfqjImqVD5vJzA2IFRvLI_ajLnVViglgOfpeN3MeQMoxcVEi61nDSw6xTudzOMhjgMXgiAf387Q5iGnGxVo2lT0jchCb_RQ6O55JdKgZW8p00_6lVS2KGD8uOUrNCBDfnkiwLRWIeXvUKAEbbJ0SsFNnXC9JVRZgGXBY06IKaaYxrHywrf_2DFvFVMXujer9vJcS1M77mgd4szcbsg3aOo2IzeCXR13E4Pe2GGlxn7hnU0m9UBoqvuxrqN6iFWE207Rz624YIYou26V53GAEDEZycTmVZFbi33iynI7CJ4LwEj2PM-za07uIeu_x9KgbBhokTBPLEFNDMenQgVsYnj7I3IL5C7cj5x8PhJX2i5mS0wbX_LY6U9fd_eOMqzP_VBfEyD3cJuuOnkWqDtKVm4hvPppOOcNSY0Xt-lw4bfN5OBzNKjHz2miOEv9kNKTG9qCe-yqZCAx3RuTfLiaoH2h1T3iY4KT0y5CYHG2OSypJaRoBC0IBtExkT4V6fvkMehwRgqwKdX2eCh2pKRpIjM-0BboTnjTTgzM10Tqqc-7negphR0kksSZA4fFTsoTStp1CfPk5KEJz176xDM2ltiuI1u3TFS-9r8qJQRXgr-4pqDWkEJUNeIvavOZrrYuj0jV0jwp8IWivZ2QLi2b4ss_vg6bkaU7TDhGt5ztV8_kKtDmbxg9TKjzjA-kxUuIF9oNp0Ib1NYNnOBWkJ3lx0o0F6Hk-aWmpsZRqElsk0v0musgYiB2tGHwdUdq1mflnmMNDa07fHr-mRPswFP40gW0BELlbQXGaTrs83sUx-hqY72kAIJT5nNCTi7Mx9vwwjoPx8-a8eYjoOgD9B7rebnZGZmFDkJJXfdYMRRlInoR_qQLWsO9iAy8YeCrW_TJw-sZkE1zXO9hprG1Rrr7OARuPh1iIu7MU51yT7uFDBdHUFKXBgweeFAU6QhU1nxVZoYthZU7DypHDzaqjH0N76aiOiGladszrV8TCRdp30e9rf0deFh-yNtFoOfXbTTU419sU4niMos_oR2SJ4eT0_YDL9t2gNdkCGsQ9CqqMYZBpH3IWnqIoPlVuFzK5T8bP9UQQaethsaTmBp-B9YksP4uXCwP3df3oUhjYJW9Ni3vxyW5DcuIMRZbUWjWf2wzC0eOiDs_ET6CY&sai=AMfl-YSdnsZwNA2HrY3dXpyJomBxQJS3NXj2itXLiBhQ3eUP91sdH8Ok-GLEG2m_BmaMZaae90lmReroetRZ6bJqRSjkRt-MfwMIyzfsI44-mzPd9hb70H5AvtPx2K4GS4UrKIewi7MwGav3j_m33Lua-T9IiX-Pi0rXorwjdk3Gxfn_w05Gc7xD5MfLtWM70spJEpEe8dfm8tMa-9cv_GcCVX-tngFiE6qMNq6kaHhM3BtTXVcj09p58PARhuZJgqeddk5y_oa_Oyhuc5KUu6LogfCWxl0ECsZx1LAEJwmlGrBSvuq-T-MLP8cVa2SmhKAkQQbNuRcYeGBZ5DxzBM4Zr0iNhl_Oa64lC10WKiUuZvUaWir8DlWeeGApUM_ysv-G4AHnH58iesG5FwZCSZBKl6TTOCB3n3UETEzUDXX2rhA0p4hUp67K12o5nqfEtR8wiHjcATxvnRtuZ2vglRAVI7RBf4-ATrPtpD8zREB8W5XTzV4MKxhd-GgHdewbaqXMwxv5BH8&sig=Cg0ArKJSzJabtNO1Z7ILEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9haXJldXJvcGEuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.40025&arae=0&ftch=1&adurl=

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 67F9 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 235245
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 67F9 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 67F9 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 67F9 202 KB
64 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 67F9 42 B
63 B 58ms
58ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BSkygYGVNpam_vk5vh6vC-H1-HEznT2x5NyuHaAHzjX_aXf40hbze07Uw5hZfLk1jIN5323uF4_i81CuBh_sTysw29OfYfKEtVxXurNbB_-2FJbks

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 11002839464861165926
s0.2mdn.net/simgad/ Frame 67F9 48 KB
48 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11002839464861165926

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1bb229a4b5a943cfa72918d2b19bc3d6b2f4e921a32d39b69b557b7693e8b37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 05:00:01 GMT
x-content-type-options: nosniff
age: 23152
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49128
x-xss-protection: 0
last-modified: Fri, 24 Nov 2023 21:24:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 05:00:01 GMT

GET
DATA 200
OK truncated
/ Frame 6E98 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9561e55f94058a2a590a72ad43d4f838294e2d6158e1adcf06343d840ead7635

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 67F9 0
0 59ms
57ms Fetch
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstJShDgEWNvt35C6VOTZDC68qc4Q0R4TGTmhcbDpZAhQPt21t5ZTvyY1dYqCK-NV1HfzxFyx7zYKav3bw6j1T4uXMWZezDdp2Dm4GGKcJCCJQBNyWU8Jrt4zPldgIST8_omfWhvWrnTZUSkqrqyAQ9HsfqjImqVD5vJzA2IFRvLI_ajLnVViglgOfpeN3MeQMoxcVEi61nDSw6xTudzOMhjgMXgiAf387Q5iGnGxVo2lT0jchCb_RQ6O55JdKgZW8p00_6lVS2KGD8uOUrNCBDfnkiwLRWIeXvUKAEbbJ0SsFNnXC9JVRZgGXBY06IKaaYxrHywrf_2DFvFVMXujer9vJcS1M77mgd4szcbsg3aOo2IzeCXR13E4Pe2GGlxn7hnU0m9UBoqvuxrqN6iFWE207Rz624YIYou26V53GAEDEZycTmVZFbi33iynI7CJ4LwEj2PM-za07uIeu_x9KgbBhokTBPLEFNDMenQgVsYnj7I3IL5C7cj5x8PhJX2i5mS0wbX_LY6U9fd_eOMqzP_VBfEyD3cJuuOnkWqDtKVm4hvPppOOcNSY0Xt-lw4bfN5OBzNKjHz2miOEv9kNKTG9qCe-yqZCAx3RuTfLiaoH2h1T3iY4KT0y5CYHG2OSypJaRoBC0IBtExkT4V6fvkMehwRgqwKdX2eCh2pKRpIjM-0BboTnjTTgzM10Tqqc-7negphR0kksSZA4fFTsoTStp1CfPk5KEJz176xDM2ltiuI1u3TFS-9r8qJQRXgr-4pqDWkEJUNeIvavOZrrYuj0jV0jwp8IWivZ2QLi2b4ss_vg6bkaU7TDhGt5ztV8_kKtDmbxg9TKjzjA-kxUuIF9oNp0Ib1NYNnOBWkJ3lx0o0F6Hk-aWmpsZRqElsk0v0musgYiB2tGHwdUdq1mflnmMNDa07fHr-mRPswFP40gW0BELlbQXGaTrs83sUx-hqY72kAIJT5nNCTi7Mx9vwwjoPx8-a8eYjoOgD9B7rebnZGZmFDkJJXfdYMRRlInoR_qQLWsO9iAy8YeCrW_TJw-sZkE1zXO9hprG1Rrr7OARuPh1iIu7MU51yT7uFDBdHUFKXBgweeFAU6QhU1nxVZoYthZU7DypHDzaqjH0N76aiOiGladszrV8TCRdp30e9rf0deFh-yNtFoOfXbTTU419sU4niMos_oR2SJ4eT0_YDL9t2gNdkCGsQ9CqqMYZBpH3IWnqIoPlVuFzK5T8bP9UQQaethsaTmBp-B9YksP4uXCwP3df3oUhjYJW9Ni3vxyW5DcuIMRZbUWjWf2wzC0eOiDs_ET6CY&sai=AMfl-YSdnsZwNA2HrY3dXpyJomBxQJS3NXj2itXLiBhQ3eUP91sdH8Ok-GLEG2m_BmaMZaae90lmReroetRZ6bJqRSjkRt-MfwMIyzfsI44-mzPd9hb70H5AvtPx2K4GS4UrKIewi7MwGav3j_m33Lua-T9IiX-Pi0rXorwjdk3Gxfn_w05Gc7xD5MfLtWM70spJEpEe8dfm8tMa-9cv_GcCVX-tngFiE6qMNq6kaHhM3BtTXVcj09p58PARhuZJgqeddk5y_oa_Oyhuc5KUu6LogfCWxl0ECsZx1LAEJwmlGrBSvuq-T-MLP8cVa2SmhKAkQQbNuRcYeGBZ5DxzBM4Zr0iNhl_Oa64lC10WKiUuZvUaWir8DlWeeGApUM_ysv-G4AHnH58iesG5FwZCSZBKl6TTOCB3n3UETEzUDXX2rhA0p4hUp67K12o5nqfEtR8wiHjcATxvnRtuZ2vglRAVI7RBf4-ATrPtpD8zREB8W5XTzV4MKxhd-GgHdewbaqXMwxv5BH8&sig=Cg0ArKJSzJabtNO1Z7ILEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9haXJldXJvcGEuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=64&vt=11&dtpt=63&dett=2&cstd=0&cisv=r20231109.40025&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 6E98 33 KB
33 KB 20ms
19ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 21 Nov 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 526595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Nov 2024 09:09:18 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4238
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

43 B
731 B

36ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COKX54oFEJva0bIFGJuYtf0BMAE&v=APEucNWiQwmlRO2epZDCQIuWIhf_EjFk7SIv4wE30que-xBqdXNK3QZ0E1GGoXoeLoQ3Vdi7xlMlfzbzMmWAHuYmkZ00Als4rDl1tJMfOx0qVioRsY2GqYIYP8pzemPpYCnRCS2tFYBi7OsGsKj9-GpDmOScPm_32Y12NSKv4F6Pk5n-euELtwI
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0t70uWEFwA68A82hcX43%2FDzgZSBCbYVL%2BsCZcsB0H4U7UOwX1obHrg1WGc9ecwrG4BXHZ8tRVm3plBZ4BzdSnORK71YxwPAq5aDkoYG5A4ijOLlUoQyTNOJFj4YZsOVC0RvXy1SNeYEvXg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ca035a3fb64db1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4238
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWR8wQE2cHucARbXonT5aAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1

43 B
739 B

43ms
43ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COKX54oFEJva0bIFGJuYtf0BMAE&v=APEucNWiQwmlRO2epZDCQIuWIhf_EjFk7SIv4wE30que-xBqdXNK3QZ0E1GGoXoeLoQ3Vdi7xlMlfzbzMmWAHuYmkZ00Als4rDl1tJMfOx0qVioRsY2GqYIYP8pzemPpYCnRCS2tFYBi7OsGsKj9-GpDmOScPm_32Y12NSKv4F6Pk5n-euELtwI
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7WZRRIB8NlfHJ8CQ2%2FSHx2jJWzVx6BMCL5UrHVYVrp3YUdfTjn7Yd2w1s%2FvIBJGowwHSswAc4X9WU1rfl%2Faa2KMLgHGTGfHVCG%2BcAfe69C%2FwBuL5v1675xSbHKyg%2Fq03FFmTS%2BucEKbuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82ca035a98554db1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGZX9YLCpriFoANiJW7EgBM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 4238
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1

43 B
843 B

42ms
42ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COKX54oFEJva0bIFGJuYtf0BMAE&v=APEucNWiQwmlRO2epZDCQIuWIhf_EjFk7SIv4wE30que-xBqdXNK3QZ0E1GGoXoeLoQ3Vdi7xlMlfzbzMmWAHuYmkZ00Als4rDl1tJMfOx0qVioRsY2GqYIYP8pzemPpYCnRCS2tFYBi7OsGsKj9-GpDmOScPm_32Y12NSKv4F6Pk5n-euELtwI

Protocol

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
an-x-request-uuid: 89218174-de55-40e0-8fa7-116941fa89bc
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.22; 217.114.218.22; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMKFU11dS-6oWJPymhruj7M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4238
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4NTE4MjMzMDE4MDMxNDQ4Nw%3D%3D

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4NTE4MjMzMDE4MDMxNDQ4Nw%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
an-x-request-uuid: 77190142-79e7-4644-9278-c2c440afbfd9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg4NTE4MjMzMDE4MDMxNDQ4Nw%3D%3D
x-proxy-origin: 217.114.218.22; 217.114.218.22; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D9D0 0
225 B 398ms
25ms Ping
image/gif 108.177.127.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lpgtpbnr&c=7978720484913&slotId=3989360242456.5&qqid=CNzpxoSJ5IIDFbCOpgQdyZMJBQ&fb=outstream-lima&sei=44752538%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.177.127.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: el-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D9D0 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C8L_fwHxkZdyJJLCdmtUPyaemKPy10al0ybGdjLQS6NDvgJkCEAEgv568IWCV-vCBjAegAbyOju4CyAEFqQJ-8f9UZ12yPqgDAcgDmwSqBPYBT9AoYOLwIOe9qrJ9PvHn-V7btqLUhieShU9qsPD0YKMKp-_wAXkrF4Y3TnA5Uv7_jv052B_DYggAwg1D0VyvBBOTt0Ko65y6nJAU7wgIYWoxczQoOEId6T4WejyfOoMW_Hn2n6lsBiKPZrIf0hCO9dZBTVKMxA4ADvLYaiUg2UCCxA-UMCIns-gAxBCbFCltWnoSPpD042z38dDQsQOHBjgssDNWMxTgZdr1hBjWK5rRpdZCs1DRa3ZegxBfWXDlBRRzqtq8tB4Rr99V-l2TpLALujfOYwulcWWdieLTwA74l4-SrnpsIJM4f0N7saWa1n0pwliXwATtuLPguATgBAOIBfWTobdNkAYBoAZ2gAes8fGRAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB4AsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAkRFsBOAr8oVyBPl34vkA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&eventType=clickstring&clientTime=1701084353614&ai=C8L_fwHxkZdyJJLCdmtUPyaemKPy10al0ybGdjLQS6NDvgJkCEAEgv568IWCV-vCBjAegAbyOju4CyAEFqQJ-8f9UZ12yPqgDAcgDmwSqBPYBT9AoYOLwIOe9qrJ9PvHn-V7btqLUhieShU9qsPD0YKMKp-_wAXkrF4Y3TnA5Uv7_jv052B_DYggAwg1D0VyvBBOTt0Ko65y6nJAU7wgIYWoxczQoOEId6T4WejyfOoMW_Hn2n6lsBiKPZrIf0hCO9dZBTVKMxA4ADvLYaiUg2UCCxA-UMCIns-gAxBCbFCltWnoSPpD042z38dDQsQOHBjgssDNWMxTgZdr1hBjWK5rRpdZCs1DRa3ZegxBfWXDlBRRzqtq8tB4Rr99V-l2TpLALujfOYwulcWWdieLTwA74l4-SrnpsIJM4f0N7saWa1n0pwliXwATtuLPguATgBAOIBfWTobdNkAYBoAZ2gAes8fGRAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB4AsBgAwBogwQKg4KDOS0sQLutbECtbixAqoNAkRFsBOAr8oVyBPl34vkA9gTCogUAtgUAdAVAfgWAYAXAegXBQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_inhead_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D9D0 0
45 B 390ms
26ms Ping
image/gif 108.177.127.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lpgtpbnz&c=7978720484913&slotId=3989360242456.5&qqid=CNzpxoSJ5IIDFbCOpgQdyZMJBQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.ur&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.177.127.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: el-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame D9D0 31 KB
18 KB 242ms
152ms XHR
text/xml 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Cwko-yUzCUZoYVRe3dzLsZVQ8AMBFmmLV5Li0EVWD9xnjWEEWmIBO78VPmmKeJS2_XAJavBzGQlWJ7Y5psc9s3VO9I0w&cry=1&dbm_d=AKAmf-AMbflmoobATq67FrsFpfIkfLK8aMt3RiHF1Oj0MuO851gV4m8kXlNcbvPCzfjkKKCEQSZRD_FsNMAfhv6AobNKNf68tduNnPv1KSTHEg473XcDlah16Kg64uekyscg7oq7F_BZ9lIyPNlvgF_73J4hgYZzYMWqY37gv0M39wnBz6B5ASrs0hmqRHu3eS6dqjCJaUBlfjOsBisNLgC2ZDJslYChmJc6G3BVi7AKdvuY_JX_ujfjmiL-A8VNbClBCGcX6z9VYliAcUt1RtWgyUuuBsKbvTsRkKa8KU7-_msod6hk8-_Gh0PxuoUMgB4dQTKjusrqH_DcdQflebviJEx6KG0hWmXvjUObRnOgTXPpsr9sGUYTIu644lSGFeHYk1B2eaunvUZ3n5eVhRVJNZe9cddusGJ0XcRdufa673yp_hNS-_5weWpFLW5BVev1jIGRXCsURpvLId6M6TaNWaWrMy2zqJREzAF8-7GTwmBorhsKuiMHIxdX-eIILlD27kWguaHYI5h69CmQNtTHxBMJvw4Acz0l3D4FMsqJPAa4NZXUTParwOfqb9iVdj8v10X9C7NhW2UokjU-RQEOa2-MgvdiAHfyd7ReUmWNM0jiRMrLhS7D1Ar3NieOIkakbGn2ZpqkXibxDHg_TD-ojd-Tpp2y1l3mR5OITMP8np0UOrP58crpg0ilcY4k9jCmucll2Y8p7zUY3veJhOLHoSOUFIAKlSIo111ygABOxV4BmLgjkXtEDfkQhEBFYtcnW-kTUVvP8Zk3zJsOwIsBiOJG9ah3Tc9cmTUqQEw9irdHqRnpGMkfMuaUuFloRMBYyMEcbIYIIXZkUhmVnpes73ZEKUzqdF41ozfbypza282IIphK-ESj0D4h4yfineYL1EQaxbJ0OqL-mvyMMO3-LO4TFNXt1ALCKfWEBPlFMEd2YRwj-zql7oSntpCWIFzh3WKI9RJo0dTq1SZ2-jC6iYsQlQ9Z0tgUcxhUAxslzIgws5KK6TD-sR9khS869XsQfmCZnjR3ZSgfduB_z8obmdBwRQapevIvScaKtwIWnZZKhqxC-Bl66krBrrmnLy3DTfey4rET0Krgou8Vuhe4aDknX3W3PXF_-zlJ2i8RqHpE0cqCDQT_AO15UXUbXtect3SIQYjEqttt9NikDFko7gPykecW1RPboTFtZDF2R4C23LEUlmiuJm4wIaW3ulYSWxQMpb-0tKMw8D9-zB0MyRjF_GFo7o31mb1CYai7yfCjyxJtPcyIZDjunHPQvtIRfpcZQgLleKgCKt5KYNZ1dlJD98gRd16X4PdSgeCYy9_cmr6c97Yu0KxZ3Ps8MGO72Pxd6wygFUfinRbpm8fJ7H7A43fd8BgTk5mduhKMbQnbxPK9vSzeE6xRy_g7laVs1e9P7d4GoSKUpfX1uuiR1VeFjwaoqv_zQOerGg73K5iOpCKe6RqVQLJgGjVhFFLEI_cGp4ZA-2T_juSfv1G1ukquiUArOLglQqy6CVaUkTEtZ8g3xF055wtL-i_S8WYXiSKQ1ui4a4mWYDaAlNHeZkO8HRjhnyvw-a3Yo36jx7RLCu697rI2lMEefgrXcQrJwGuamSD2E77_2a3qCebGvQudQDNNTS2POPzB7WROIQ0TYtugVMguNa-acOFA2s_ypGtijgeo5MYumRnDF1y7HPGsHvDxJrXwPzPIO5iddT5W7EtTkBT_xryChFSCYDe3ez7n3zfFJrqFZQJgandhx6DLHfwR0bRs4tL7yvtuiC-1yZ__ZZD_-QZaTqJ0BtNLPiuo3xQsMeEsfAFNf_RIZTMRMnxklL2lh3FwIKrycBKVj9Nacrdg7vMQtdRC-IaYSaQWPWuty2IP3PZVdUI6BF5d9ObR34goq9IWbPs3CVMxLHn6rN50X9xFj2wbiZcr_dC6nepuaERtALkchwLkpx_QPGuJBsHKekL1IeZVHJ6vdfFu0mj7nyOlKIBPSHJlx_8qny9VAT-GEKAWb4RDSZ4jdcK8sKNhexZY8HMCVt9OLpLwcC4F-9owC3nJt-EhMVNLENeIXZsxjmEA30cWCryZO0NXl_k2mDj7h_aABwK0pDzrBZc4wliqCTSCjlPgR7Kz1vKegGGI308sRBT3MTu9CnHsVL4Hd-vNL1PAwwCK_F_Un-6dGXFGpUGyIX1_aBYKhBekhyuM_JE1k9nEZMkSgitldjZaQg1kI9LQcmjXpknR55G7kgkQ0dGQaAtGpKxMiCBwFyVz36MjKGpmgLcd2n3JIFFbx3yxPnkeMS7pJAlYF9WMmddZ_iTm0rhUP46oS5fy-gF0qR1DfaUVrr67Hym8DTOmSt3cLVHjphayIk8_5DhzgblOLFZRzTefICPv0v9oKHjL6QaMilzoNCWQbYZhLL3IcKpbZa-dYcMsc7KWVsDDC40I5iwF8caAZmAUPLwkeXDoDqgm-1xQHLsYq00rDQ5h97rWo4DeYVhTz1ZNl2xbQGJCBQwLQuOEt5Z5743B16ZtrLilomcQoKLP8JB0rS7LQ-_wmsOGZp11KGkg0g3NU1rqhs-je1_zkevE0FIBWXDY6JZAUxnJEoZjR4yDBrSkOUT4ppQNM3A1sjC49oZwvSsoXNar975PZUThdQxgD-PKFIkBA_KYw5K_qhuxZc_YUB9wK1nr-7zTzkYEMnypBXzt8jvKbssIsZvXGa9P63u2KQSgRKBU_VE5c_4FTgqPmSW9AREH9GJwiWv8VTXjIq3SbGUzlU6NZ3fxHIo4kEY_dk1g4WZULGbcIrp9NDviAsv2F1dqDrP3K_f-c1stZa3Mojg8eg9PWo1laQXpWncVOUOxOeT9IGboMlexblojzV8byA-CKsvkj6rOjJhvbYaPZWMxHH8oCWrMP7ZY8TmScviq8R6QhNU2ZGbJx2vvt5Sk1aE0BauBGC0k6P-2d76rxcfed3bdAPPKyoN2es7qvwJTsmY30qGAb2srr4UtzVNYpqcp7IdwPkIaVgFNX18BangiyHRCJ0tVH8h1Mqx12miRdPD7vhqImJMPh2cCjkbqD5btQnDxAoMtmdms1VLru1oZ9ic_K0IngGjU1rU7Tsc4JSaWbT5ZiJ5aeuN99B02PCKRUvJj8M_PnwKJ9gdQXCs6lKyixhFexq7_wIiWCmbMVWJh1NQptumSN0TYn4OmsHc4uQqaDoPwz8XjN8q3x1NOHznSMCkuJR0Vj6RLV2zuf3yXY3VtXjEWVEPOLQI5HtjQf89mjMC90Tg4FTcuZE1dLxNHA82KZPfWMP9Ri36hhOq5mtXeGBXZOtCbpGzHQXp9S72Qf8wlpEvLW2kfWK_jDeb184Tgp4eaVoTm7KZP_wPeEldPN1wQKyY2iz9v0XDfuipvm7UVsyn8Ni5T5vcJ7xh6_-kzF2pFrujbymiXVTphpEE0hPhHISDidPA8dEyrleopNKtPGCJyYG5JRnxdPrQFhdnksXV9_yn3S3kL0Agbj-NNOYqSMO4DlXRqXT-wMkc74yMs-2uf5ws-U1nZg6zJoO3HcZfIsfUFHwHLSGK7nrc4Ifian9DJ9MpOjCwwboNUmp_3BAYSvPQ1SxJJKi7UomWwlpHqGYeD1OnpKjy8_aa_rGS_345fhCJ8Ev8jZ4oFgmLHSNFMdWn1Q4YYFkxpUjxnYg2HZBh_taofYBIkKMI_zdFlZqqgiwkgskIjUL8O0S0lRvXlfLPr9AdU53gj3_wFviR5OS46e3PqIn4zJF4sY2MDJmSa_au8ZTNKsnGqCS3U-blxTjy5NSBVlljQ5M1KAjzge0x4q326pXWYAax4v5Us3fr-13NaCWoBjdQSLnTad5A-uFShu9Mrm626TJiAiTJHhg3xp3SV6zv-RhYwRLDav9aXt1abX6ShorWEMNG1vA3sFl54kXkvn_B_pMnge8d4ojEBzPXJlWp2OQRNsb_NcZ8sAYB6dtyFp77A1IxtaDpDF1xdeCC6VdXb12YHOM5mxFsNnsdWho7CVsDSsrI401o34AUu-t5EiNcmSZNIb16DxJW0Ebi6x26H0f2a5i5r734SOn2iF9EUrsl7HEXu1LxZ9-iGuP9QUOR0TtP8Iy0d1IrGewc-xrU6HX2OCzDnCHfabTjxf-G-khyPkFwjVDKDAc2z6gWg8k8113MmOSE&cid=CAQSTgDICaaN9paN5MoPYQFuPRfmANq01ecLnRLa4W1qJren0GZAO2x3X4UjUIhiLwSIDgY9IBLx7He-oVZgg-z35Oc2ewffiXbQ25dXgyoetRgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

d95bceb4d889af5c7677bec38a036ecb8a005d98eea05d64a648ea180bfa6e70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17466
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 67F9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64e88964320483e566dca17b2bdf129097fc345bf7089ce891dbfc922a9ec05d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B055
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

36ms
36ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
expires: Mon, 27 Nov 2023 11:25:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:53 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9EB 0
0 64ms
63ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstSZ0yq4hYKOVcvJKitak91LQGgDoNUPdPjKT5tQ_VIDYINSuglCFxJloEU1xGOuvTlmAHdTUAAfdH-tlp7ZsST2xxP4WE8kZeRSJNznhdsuwdCQ1sBb4D8xSbIm36_QcF62YCdXjsv2QHlDBrHDsAdP3beK4mCrY6GXNwhwb7HneGAR8jfPUDFBS_16CdISLfyZMepUa76x1U9NJj8G5kOVWnG9jOQLhV7eyDzVjjWtdklBIks9_yehYds6VOZkwIkE-1tyzffwMoNFp8WJPjSQXZznMeHHF5t9bSuvD5hid0vsA6VOu3FfayevBoI5e4Gb3DT2SePBBH-nSoar7wo6nivV5Ov1uhO_FjcFMePIQqe77TAlno7W1ptF8JJUB5_dqoCUt51EIUUUg1pCd_2bR-AynpuJUFVtpYyrg9ik2Qtgxs6c4Jvv1ECwfFDumhEgnwUYlJLfF_sOxarMeeYCLfsm1GqonMpMbThD-CfTEuJiSug7zYW15V58xCh-cixXld35MPspYN6OrDLJ8pNN2YGCQfCCfQ0DP0ETrcdxzyyEV_cFr9uw5QYxy8zhDtXBeZyTqYnx3MDk-p1mFjrqcMNTdzrjeq4T96s8ZaianDpqrCRCl5cJGhvlLuNCb1eAAtjRxs298kOc3xjp5H4eoOlQHbOmpxMVWmVdl7dBOAEtg0jQFPGtbnxcNsSYeNXFBS5IPz00QuqYvB1Y5joMvj4PF3s5WgL4k2vtd30zTBMv12DLYx3QzfnhN47v_pQqKzswhGRmU5z3eaj5m_eHdCMFI1WoIMhKCr1OowyOzNIgVRIuSyh5UiKa6N32cSZvnH37HLlND5VIZAhi4s39Z6wsEo3iATR465kYJFkDIWJYlv8pzhx9P0aKcAd94fVpvly-ny9IuOLOr_w7LxDMKAb7df6BoSrxm2lvwqYqX1h9T_185ZghxrJB5Ea3X2wdMYKwyMvmz4t64ewaKt2eD9xrez60E07dTkd1EN5hQHGGKOLJd9xDb-veEvYSOkWXE8ptOQtL9lFZk7-hGQf4_btdO965SQAs6MkrshUM4TOINIvVMX4-DBeQ3XNfbSjE33-fI4fQfK6V3OpmIQnM57gJ8mK90LnWEivg0dKiw-rYRTKKuAtjdSbKyYSUlBwc3Tii1gg2RiS5a9jW364uNWxDJXNugr0tv0J_74z5_5lmhQg184rHQqDTWgkzv6DjqmL0Q2Y2U-NSQChhvug9Pi7AbhVkbyPBYoAMM_ogVMcomtE_NQNkHC15bYrXbcWQjGaRV3pOC7HWkZ4S9M&sai=AMfl-YTtHRf_--uMbyb02hwGexPJSTwUkC-h-JULh0jS4IMK4h0BWK8Ti-ecL6GuqnjhnFoSlfOpyG9cv0UvUqBlitJgwRyQqLK9LByFGpyWdCF-36izqGNGDxdPO5_qryKhqNDP9QbkzvZclpP9E57BG7-Ge4dyinGOGYVMKiIRqmmEyyO5Zkd0qtZlirbaTGQ3mPWZ9c5b4nXpuq3aEdt9BLIzFbtRof9w9cSi0Yd25Cw431pdeyXFi8RpYFYNeG8pz1MGqd9PQU402_Ddx6jTG9QO2jyX4EL9NHyGaA&sig=Cg0ArKJSzAW4EDdQGfxWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=424&vt=11&dtpt=317&dett=3&cstd=103&cisv=r20231109.61475&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: photo.hdd3.one
URL: https://photo.hdd3.one/VIEW-PHOTO_txux21z7k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5797 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5797 39 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 08:57:58 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 6E98
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=ChKLFwHxkZfyxIceXgQeH1q_YA7PHsKNuvdDk_YAM2tkeEAEgv568IWCV-vCBjAegAa6YiqICyAEBqQJ-8f9UZ12yPqgDAcgDywSqBMgBT9BkcXWgnpanXbP9AZW4r4-eU3PAZaXg3_PsTVU...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212313530094972327403%22,%22debug_reporting%22:true,%22destination%22:%22https://xcraft.net%22,%22event_report_window%22:%2...

0
0

92ms
53ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212313530094972327403%22,%22debug_reporting%22:true,%22destination%22:%22https://xcraft.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22608341038%22],%224%22:[%2211-27%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223185333925843657793%22}&andc=true

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12313530094972327403","debug_reporting":true,"destination":"https://xcraft.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["608341038"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"3185333925843657793"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Nov 2023 11:25:54 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12313530094972327403","debug_reporting":true,"destination":"https://xcraft.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["608341038"],"4":["11-27"],"6":["true"]},"priority":"500","source_event_id":"3185333925843657793"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 112ms
67ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6991d45bb4405a8cb2c0e7709cee948946eb74eb98446fd6840d699155cb28c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12329
x-xss-protection: 0

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CD8 39 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4896375881595114&output=html&h=280&slotname=8294562186&adk=528232075&adf=1081431890&pi=t.ma~as.8294562186&w=930&fwrn=4&fwrnh=100&lmt=1679708750&rafmt=1&format=930x280&url=https%3A%2F%2Felcorito.chat%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701084352117&bpp=2&bdt=370&idt=405&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3172985720591&frm=20&pv=1&ga_vid=1187110127.1701084352&ga_sid=1701084353&ga_hid=1684467240&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=335&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809004%2C31078301%2C31079699%2C44807763%2C44808148%2C44808284%2C44809055%2C44809071%2C21065724&oid=2&pvsid=4453051286576426&tmod=1317948274&uas=0&nvt=1&ref=https%3A%2F%2Fphoto.hdd3.one%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 298184
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 00:36:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8161 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BBXquwXxkZdr1Cd-99u8Ph7ugmAEAAAAAOAHgBAI&bg=!LyylLGPNAAZxrfrxUa07ADQBe5WfODdWDWFO7OLzMcAM2jO5zf_ZYCVXksnD63R7IK6nKu1XVWGGGbU3cCtuPdYz_R3rAgAAAOlSAAAABGgBB5kDCI9CGXWYg0fg_yL5JU5erlVO855oHBlaR_1v1u3HyiFWZxm9VlzR-UGp247-pRUjnF-Wk1RhiAwxJOzm1QWEs3tZut6KJrJJl_gG5GBdFW4KQCLYKa5um3WC3e3EelYSOm2qmJpCssdfg3RQDOGmwFrZisps8Zq6wzJ1oHvBaviOUar3_nB-cIkANzvwLFXCBowyA4MRVmX9nJDBsWW6_e6GtVv_i6WxjLLXFyi4MlXmS_zOurs_YkqFr7Gx0ABlhHz2-YX5vimE1w_hytMxidqfBSoboXMUiHk1DBsLNQsqRo4pHAZh1xifABHGIY2FfsX-8gAV18YPonExs5ai00HTT97P8L5xgxhMG_KV-0X419c2mTdXr5BdqHlAnd9uS69N5KnvgAjLJ1DJUtMN_ctZ05-i3jP1EdAJQxrrPL98BX_Y5lvvPbQ43UoT1xJU1CyfTDCL1R_YVOlCmP21WVdEG8nHcBDXHwEKTa9JiewrtaeZThggy9o4BEz9ghcwLMpctkKcc0V188WLO486wtbBjGOn5y6YTf_KIQrp4PQAIVlpoBFRJh5D5sLM9AW7kEdyx8Wc6Q04MylUEvH5Q8OqbudU-m1D2pqOPVXzVI_iiTKkSCluv3uRaKV50CofmtHT41UVB3SQGiiuWVkNtXN1RVUZ5fg37PZD2sJEDfnGcvM1ermupJoEhOtv0gNFklN5TpoRqlV7K6eTspnbrwVvo1W8XIe56NlZfF-ZagzJn5AHqdXG76NDLwtu0SnOTtW9FRRwJhiC2eCiTRXGlzMEzJvmUb9Ws2pd14vaorZ16Wd63we71Bz8bis2le8uLy6f8prpqhsylD2hTMf-de30EzLvIJx3hpQr0QR-0CbSxkic2mmWI_s4MdBKe4ePCUShEUI0cnq4uJnkNZALlwnosIw2y_vVioxcC3ds_-whNEyfIzV2lROv-4q5_iIOQKDosz7E4VsrRKwaczTOThsJLP3uxf1xJYzfFn0IEiBi1yDX7rbANpxQ6DNxEUu1e1kmmn2ODXl7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D9D0 0
45 B 114ms
25ms Ping
image/gif 108.177.127.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lpgtpbo9&c=7978720484913&slotId=3989360242456.5&qqid=CNzpxoSJ5IIDFbCOpgQdyZMJBQ&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.177.127.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: el-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame D9D0 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 15:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 159556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 15:06:37 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame D9D0
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

118ms
20ms

Fetch
video/mp4

2a00:1450:4001:28::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0F268DFA9BC8EA937D5441B4D9090115A7B70ADA.735CD1B0F46C09D5485A4E35E110F5B75D989FAF/key/cms1/cms_redirect/yes/mh/sm/mip/2001:1b60:2:240:3247::9/mm/42/mn/sn-4g5lznl6/ms/onc/mt/1701083399/mv/u/mvi/5/pl/29/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:4001:28::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Mon, 27 Nov 2023 11:25:54 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 3558800
Last-Modified: Mon, 20 Nov 2023 13:04:08 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Mon, 27 Nov 2023 11:25:54 GMT

Redirect headers

date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 652
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0F268DFA9BC8EA937D5441B4D9090115A7B70ADA.735CD1B0F46C09D5485A4E35E110F5B75D989FAF/key/cms1/cms_redirect/yes/mh/sm/mip/2001:1b60:2:240:3247::9/mm/42/mn/sn-4g5lznl6/ms/onc/mt/1701083399/mv/u/mvi/5/pl/29/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 110ms
53ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 11:25:53 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 2570 23 KB
8 KB 20ms
20ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 169101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 12:27:32 GMT
expires: Sun, 24 Nov 2024 12:27:32 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 11:25:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5797 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8tppwHxkZd2JJLCdmtUPyaemKAAAAAA4AeAEAg&bg=!XF-lXxDNAAZxrfrxUa07ADQBe5WfOFPyw0FTcHRvHi1yoInMwSfJkWShPaXx8SVfkc-ySONXQSec2L7yjEQqMJDQCf8JAgAAAMRSAAAAAmgBB5kC-o9EnruzSfhAZoSRwTYjpog80aShEkKHafFsDHUbnsyNQkF-4aINvlfXDH8LJMzuG1syVL2UdWUMZYQmdacBScOKY3IpOaRNzW6TLKyL9zifzjo4iYXNFsLaalgUsTWD7girK1uIo-yc8xlAbdFbZVPiy_5PHUpVoU2YxAmRiqbhdqjb3ZXiOeZuazlnVmt5yRWotWWyd4_b26cGtIpY8jbVrrBHcYIyzdKlIfiuqjx9J5KlDqwKRi0_g5hrLto3vQjJ-TRzHQIDOaADq-4dCi8TNMcHoG9mmrOPW2HxzZs575JwvyDlN9WVYOSPXnJ-lPeJMBNCtLgfgrnNElhaTE9nZKikn3aX-zVD-z805hJjC7EM_XjG2-ASkEvgx-m1MeYsxrfeFAZ_jK0w2o4ydfCOwmGcQSI-SvSZCo0IztH2vvx26MpBU_TMCNuFMop8mXWNaEl6XGj-b9C5A-_3UYA2EtQ77DJY8v_YDiJgnhfprAVNUBAvKZN9YeN9QojtxQZ16nvbpaWlS7z-RGrtHAnXzsWXZ1T7rIrzU6UrB66puz_ihiF8Vruk9elRUNulSRQwV-DXjeHkSJ0X6neLJdYkZ8PVE0N2R2BV6sqp39Wm3Rq8SRTltjQSD8qOEZX2HQQDWNGSbH9aeuB4olcqCIffSI2GMhM89vbxLY87oJ14v9yxN881Dx7mPHuFLBrCOQbIMhABrAIiUpXNxHLVsdfXME_uMvKdh_PUV4gzG5IVzC_yYo6HO2rlBFKOu7KzdltXTn71x2mK8S-20PME173V1blastFBuThhznb-O1zax4x8jlY1c-qaYZ5rtW4TEr6DOmXHgm-zQMNQCUt9HxpExnFrFz12dbyq5P2Hcp-fnYYO1ZSEhBl3_ECm2xSyrzn6GpQ8AUOAGlHanlwHQJ9L4bQl3BK7TjVFvHHJvR-QR6ffKTdSfGzTFnz8wqMJxgmR3izLA8Mmw_aj0xSti7pvfmGPsX23xU738ElNQmz7KatUTchtWERo6Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 2570 39 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 08:57:58 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 36E4 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3597
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 10:25:56 GMT
expires: Tue, 26 Nov 2024 10:25:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9184 829 B
998 B 29ms
29ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

52e263a7e63ef6b0fba1200bec89c1112cb039685e5c0b7a748d5802823f240b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4MlEuxvknL1bSR7Pqx43nw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://elcorito.chat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4MlEuxvknL1bSR7Pqx43nw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 11:25:54 GMT
expires: Mon, 27 Nov 2023 11:25:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9184 0
0 55ms
54ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=4453051286576426&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 36E4 39 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 08:57:58 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2570 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BWQbGwXxkZYXsLJ3_mLAP6KmAiAUAAAAAOAHgBAI&bg=!Dg2lDULNAAZxrfrxUa07ADQBe5WfOCW43tqMeFXx84danlwD50RNudhsXKXgPgdaRHG7CeKay6IpFe7uTQq3GV4ztwzqAgAAAF9SAAAAA2gBBwoAPzeUgmvy1eK08y8KyqsdYlfubCE0_jd6A5-WKEGA9EpqqvbZba-jK8Q0QRHUDkqAp5C4rZB_Pp52AFiMS1QjK5kDBBsey4B8C_UJi_02ZETDFKAXOh7wQ4hJ2bPf69_rM8qNIUeL7NpSLFlxKaFRb26Ml_GbOqNqABxUFalByrVoxCQ9pYslIghb1AMkW_BMNkh4_26x7PhZhsIU-IqAy0Aqof8sAZ5-2Xhsl8oOuBQpOfuTmHw92OdAgml4V-xmM3_BjotMsHEiD7QwcOa0P2c-b754U2GXa8qSM31H44oSvE2ladV809t5GmL3c8Mi9IypYKVRLftLj_r0_DjOznEIrGH9BZK-Mkb8S6E5qvObqWC-NB31BALQoXfC1iv-eTKYNNykYWDAkze3rFAWAJQYrHlDsM-0WOC51OMpi7WBaIHmaCmQF6Qhka3e5DibvDjOeBesDxdOo6CrPIH6ub7AZlbiRJ_KcP1vbe7Fc0LVV1GS4n4uMFUKlSYA27GUekfSZ1bOEQxqIMpPSOMQSfz9FmzFBIZyFjWidP5apWL2hYNrb-9WUQR1DCcN7qymUhdUlJkaPhgfyrqCWfSh7KdDnI3xMk7turgcTlVZDve8eBO3j0_YJfCX6bdUMNI2xfVrHSGFRd9qq_KeOj-GZ2v_JmV0540Lx9-RAKpJaCg5wwnI23Tn7JAmcNOiZzZuKq0_lND-xayGEvG4kAB1EHdoWzoIuOUMBecCZjXwEwExJCrvXFJd4XKDBFNCKi_DpjYe4ZslKj4zElPXJrKy4BLNHiSrzds0khFJ7jdQPvpC-6_tEa2lsUkUMDvxK5gTDRUIK9TpNJG3eP8Oeo8iSmrlUW6q9j-XqlxoaJrnbjy9l_74YkhG_9k6RuAdSANHzXkxC-ChxFX5F-81NdXxayj-9ui9TXFr_Y40bCn9-ERhnBnua0pPpZkU7GPBKOwLwawm2rdV7JA0-VxTh6ySS5rOsOC6FObsW7WuBaJdloO85Da9UFC5ndGAOQHkQriBSsHKyXLlVoDgpIaHYsVQayLU9HxZ45psG0wbJCn-_jIb4yGEVMRz588JfcYfVEAnlcUmZhSDF4fuEC7H_3d4cr1ZSKLgjSU

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r5---sn-4g5lznl6.c.2mdn.net/videoplayback/id/dfef2bd31f7dd917/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1732620353/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame D9D0 301 KB
0 62ms
21ms Media
video/mp4 2a00:1450:4001:28::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:28::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

expires: Mon, 27 Nov 2023 11:25:54 GMT
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-3558799/3558800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 3558800
last-modified: Mon, 20 Nov 2023 13:04:08 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 36E4 0
11 B 26ms
25ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?066gJA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 11:25:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C9EB 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEpTf99bf0PHZTFBqysg1MMnoPoSJgn4vDGNRYhKXZiK9KB79sq2la9FNUcbAO900DhN8qK5WmHUti8p480gW-ZzHSeiG-6ZIvvZnx_6HmA3h2e3P1wgOQO5ja5TxXUbebjHOaGdWHJbZy&sai=AMfl-YSm2HS6ifOQBcv__LPyDFIngTgdki4Ft17Ticen5qS0PxbvPCZnY6SzBeLt9q_VQqJ-3KqGjcTXrV-Z5dfljiaSe1DY3oZye0aBBq0kl3dxsDGCKT2YNUrbQtqyocUbfOtUjb_yZZ8OgPxHJoEZ&sig=Cg0ArKJSzOJX2iO1dvgPEAE&cid=CAQSTgDICaaNbUWfH30q18oO8tA-sR_TwY1SV01hcSzyuNBT76G_sGPvwYc0c-arfKdly8Xvu_FrRvsAmWGSwUnrFnZDtlj6XpLHmfpdvDzqIxgB&id=lidar2&mcvt=1000&p=0,0,268,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&vu=1&app=0&itpl=20&adk=2005281337&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701084353023&rpt=326&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/11815468952012219303/ Frame 18BF 129 KB
23 KB 21ms
21ms Script
application/x-javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11815468952012219303/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7418bbb8453c354b7bb8c00d2040cbb83c8bbcf598ca2569b6163871afc48e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11390
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23102
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:04 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9EB 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6611084392406&version=m202309260101&ct=76&x=1&cor=6326060395985223000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/11815468952012219303/ Frame 18BF 8 KB
2 KB 22ms
22ms Script
application/x-javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11815468952012219303/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b774a4be3b45ab7c1cbba8d6a4b19bcbcb4e9ebae699b125b05e6f17b6bd57d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11389
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1993
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 55ms
55ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=4453051286576426&bg=!ysmlyYbNAAZxrfrxUa07ADQBe5WfOMbvdORCugGCrOZlllSkN0T6WqN8CoAyZS3mDkcbR_K7NKQkBRUgkNdrjeWwc2iGAgAAAG5SAAAAAWgBBwoAIpBszKUZ0RWY9UUmPdp3BbOgaPesk4voS6yJjgCwbewFNaWZArMC0svcq4N_3Zx_WGgLcW-WQdtfZ1ITgb_B9D16umSji-TVHynqabaKBA7Rn-iQH1acJc7QyZWkZCFzlTA15X5XMqMG1tk-C5saUl1cSg4eCEYvaWQC1PBUs93acw-aQ9p1OX7Rj-jwAwh4r8OoU6HGaE0UHY3mFjUQnOBnxmeZ8UifENtNuZjhafur0Wrqb6cWBk1Ayj5gdQCyPxFH-pikADKoLbrSKNwIZApsBq-YJ7xvbugHSHlLFiCGmt7XWQb_vM2QTrMc_u63kXGmievYPYTWUzX5EH3Yoxj2EaBId_MBFbjGcW7TRRYNMpEnHlYPDIp6lDCaSdRCoUBwVZTjhHvwFRvk1-CWohqQhqDoRcdbZlLJcaRCjdYw4M5_nrtR5v3fCxkzZH8fnHiHqP23z_LJP6aPwTti9sg5PY6UaLxHfP5CbXAM8FYIvo_6fmrAODe6ZMI1_iYOYk9MzQT5x8NvMN_vBvYfMCKEMdYxYO-OZ4ZYFCuuoG8-PP6w7uKPb2Qx39sF7epCKydRxix9JDprnGAcAZihYHFol4mo-97Rmq6ISTmzulPe8_lyoOjKuJl6lRKfrAqZGSpD1cRNkkh3OuLgs4xiWAYbtBSHm9d4_hQazEoGbaTA59M4bUBHi2x_7dwFeF8hxfnAJWsrNSHgEJjKWu5yMQUD2vWxxIVRGb0tzEbhuxa6uPDu_MEbRDNtSe7JvkDy-yezh7_fvjYYCNXem5VmU9lTRMubq0g0XJiH0GDFaUOphnylXOtbP5c2WueIz0L1hlQI6papEbOLMnhpH47kLjLJTYyzOSxjuSNIgJwo1bmMpMC-E6S0LT8w1KlkQlMK1X6sdP1iXL5MrnfiXaGNS6UZaVAypcqBsCIUZ78WW2aRL-ofHbtKy-k_iQE2mGxPGbfGgDkbip7T
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elcorito.chat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/11815468952012219303/images/ Frame 18BF 106 KB
106 KB 21ms
20ms Image
image/png 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11815468952012219303/images/index_atlas_P_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69099e865282e09ae31dc3c3dcac8cf3cce26c35ed718a44e85a804a9aa6f3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:05 GMT
x-content-type-options: nosniff
age: 11389
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108597
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:05 GMT

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/11815468952012219303/images/ Frame 18BF 2 KB
2 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11815468952012219303/images/index_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cec6285df16f2aa240ba8d1c498e6a006e6c928174f5e2e8aa027e963f6f34b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11815468952012219303/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:05 GMT
x-content-type-options: nosniff
age: 11389
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2194
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:05 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 67F9 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvn5Kg4zxzmVK-0Gd0otHjnHNY2XZYMaPfNIpUwzFEkTp9CFHfjGZeSvYsxpIA2DtPHMlTHn-haKh7dkkFHdlJi2ePGQmRTp74UlIbTVIcXy1SobXHO7f5jtB9jkOngROz6PSDYtE4MLdg3&sai=AMfl-YS32hSzDdLFrJiQ5k-MW57X5-9yD6CZz_eJtlUnnb9xTdMUnOGgYbd-ZNRtco2-r0eKMnIpicq1sYf7Bjvsqrfs_8CVRYXKY_DjPb2nKKS5lCGD1_VT7KVdxA2EabdD8ssE-l5aTWyprrlo33ab&sig=Cg0ArKJSzEGcd9xWDpJMEAE&cid=CAQSTgDICaaN9paN5MoPYQFuPRfmANq01ecLnRLa4W1qJren0GZAO2x3X4UjUIhiLwSIDgY9IBLx7He-oVZgg-z35Oc2ewffiXbQ25dXgyoetRgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=380,864,1000,1000,1000&tos=380,484,136,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701084353492&rpt=279&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D9D0 0
45 B 26ms
25ms Ping
image/gif 108.177.127.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lpgtpbvw&c=7978720484913&slotId=3989360242456.5&qqid=CNzpxoSJ5IIDFbCOpgQdyZMJBQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=1383&mt=video%2Fmp4&vs=1024x1280&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.12i~vil.1cw&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.177.127.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: el-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6E98 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssjRr5dsd7wggdCObI9IbtG7dOX8VqOLnRR02pp3_UoqtlaAnWGjSgJRYlmcJY-_SrlnciEyDsAnC0l45y5TLV_trVicL-qVZZaULtDU51LVkf9K0TnAfzlJqhrnsEmnHu9cVYAfHIbl03x&sai=AMfl-YSXiYcbl1btNrZRA_Knq2fnc6TdGU7XMnVlEuCPp3NSd4TW7WJ7yRmWavtydn6MQh4Z-pVIWA6UL40Mr8OKKE_2jH90jqxYDBtIdpeRio4_51CZVOFP6uaH9m4CW4bBLqQ0wtEkWWrjefMGaoXH&sig=Cg0ArKJSzIWvdcQ0Oi0lEAE&cid=CAQSTgDICaaN3IDPm5I5TRP4pIeIWltH1FXnbdmtI9IvHqhzRg83QqVqSqrESFfc3d_iv544OnZUAnuTCIh9wL3uuonyxJy27ticuLDp6akT_BgB&id=lidar2&mcvt=1035&p=0,0,280,930&mtos=1035,1035,1035,1035,1035&tos=1035,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=528232075&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701084352528&rpt=1287&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 11:25:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.elcorito.chat/	1970-01-20 16:32:50	Name: _gid Value: GA1.2.908868018.1701084352
.elcorito.chat/	1970-01-20 16:31:24	Name: _gat_gtag_UA_144973325_1 Value: 1
.elcorito.chat/	1970-01-20 16:31:24	Name: _gat_gtag_UA_156928160_1 Value: 1
.elcorito.chat/	1970-01-21 02:07:24	Name: _ga_2QGFJD0WL7 Value: GS1.1.1701084352.1.0.1701084352.0.0.0
.elcorito.chat/	1970-01-21 02:07:24	Name: _ga Value: GA1.1.1187110127.1701084352
.elcorito.chat/	1970-01-21 02:07:24	Name: _ga_7QBYH7SFLV Value: GS1.1.1701084352.1.0.1701084352.0.0.0
.doubleclick.net/	1970-01-21 01:53:00	Name: IDE Value: AHWqTUndt3TTEgrgOvGeoJkfwUNXdrpzxnz5FOZ7eonoXCCdmE3iN6UE5WhvOTu6
.doubleclick.net/	1970-01-20 20:50:36	Name: APC Value: AfxxVi6sJWffD7Oh3bEctzyZPz6sn696uNAvsObhw_QHpw14EdhxUQ
.casalemedia.com/	1970-01-20 18:41:00	Name: CMPS Value: 2136
.casalemedia.com/	1970-01-21 01:17:00	Name: CMID Value: ZWR8wQE2cHucARbXonT5aAAA
.casalemedia.com/	1970-01-20 18:41:00	Name: CMPRO Value: 2136
.adnxs.com/	1970-01-20 18:41:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hc#L4@f8!@wnfH8K6pQK`!5=E<L5?%M5lJcv'3M=nU26mtCXNEM%[(5bUA8e$dQ9$?XbpRzqF1`b_H-*-[d^
.adnxs.com/	1970-01-20 18:41:00	Name: uuid2 Value: 2885182330180314487
.elcorito.chat/	1970-01-21 01:53:00	Name: __gads Value: ID=11f4f6c3f97249fe:T=1701084352:RT=1701084352:S=ALNI_Ma-lcEFl5xnZn843ka5-wh6bzuvYg
.elcorito.chat/	1970-01-21 01:53:00	Name: __gpi Value: UID=00000ce7ebf895e9:T=1701084352:RT=1701084352:S=ALNI_Mbm-qMG9DpkaLAl03oDzUSaXRZZKA
.demdex.net/	1970-01-20 20:50:36	Name: demdex Value: 35799853858495721800724491094796486596
m.exactag.com/	1970-01-20 18:41:00	Name: exactag_new_gk Value: 13dd9a68bcfa4ae9a956cfcc1644c80c%7C26.01.2024%2011%3A25%3A53
m.exactag.com/	1970-01-20 20:50:36	Name: exactag_new_uk Value: 941b2533cb9044dfbee58ac69e39f39d%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 8256e52cdfa6482d8464ff36
.skydeutschland.demdex.net/	1970-01-20 20:50:36	Name: skydeutschland Value: 35799853858495721800724491094796486596
.doubleclick.net/	1970-01-20 16:31:27	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 18:41:00	Name: ar_debug Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://elcorito.chat/js/lastfm.api.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://elcorito.chat/js/lastfm.api.cache.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://elcorito.chat/js/lastfm.api.md5.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ajax.googleapis.com
bid.g.doubleclick.net
cm.g.doubleclick.net
csi.gstatic.com
dsum-sec.casalemedia.com
elcorito.chat
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
huevopollito.com
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
m.exactag.com
netdna.bootstrapcdn.com
pagead2.googlesyndication.com
photo.hdd3.one
pixel.adsafeprotected.com
r5---sn-4g5lznl6.c.2mdn.net
region1.google-analytics.com
s0.2mdn.net
skydeutschland.demdex.net
static.adsafeprotected.com
tpc.googlesyndication.com
waust.at
whos.amung.us
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.36.155
108.177.127.94
142.250.185.226
142.250.185.98
142.250.186.162
142.250.186.166
170.10.160.83
185.89.210.101
2001:4860:4802:34::36
2400:52e0:1e00::1082:1
2600:9000:223f:d200:8:48e:53c0:93a1
2606:4700:10::ac43:88d
2606:4700:20::681a:407
2606:4700:3032::6815:487f
2606:4700::6812:acf
2a00:1450:4001:28::a
2a00:1450:4001:800::2001
2a00:1450:4001:801::2003
2a00:1450:4001:806::200e
2a00:1450:4001:808::2008
2a00:1450:4001:809::2006
2a00:1450:4001:80b::2003
2a00:1450:4001:811::200a
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2004
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::200e
2a00:1450:4001:831::2002
2a06:98c1:3120::3
52.50.106.246
52.51.176.114
74.125.133.155
85.14.248.71
0ab340987711378e8cb5582b1f97f6938037712213396d8e7c7f8fa7b1ab4e5a
0ae6ae880ff4711b5e901a9e0f0684969c9ed8434c434cab5e16151d17371278
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0ef7e516132288a14d8cdedce364d421e3a1f2a024845c558a340a8439a232c9
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f18bd6987c0e1bfcb7f35d652081661af092513d992929f108617f10dea97fe
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
24544d80ef459a015494fe5c641102f3d2ef680568dc4524c2eb16c5b8482d7a
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
263e0ef22df06639af1fa219ae0ab49beff0ea390f9094ec777565f7256f86db
274953991926d3365a516cef237a4e64028fb4026b1797c48c164eb0dd12ba3a
287441d6ca926bac6b7e4e50b48412faf12fa3654c80d3abd0f20dc420632eee
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2a29a4c0bb4e5f3a765e711bf3463e29253bc45137107b05bfac1f5436c803da
2b894ff327ab4f945741b16af437bfe9d6b5e89d0726181528b60b8c2ddc017e
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3039294d93ec76b04b90caa559cfb3e21a2aea6707455068d28e23c9530c522b
3083e8d3b21ddc3f0e6d65ec3580aa6edfaadca5d9737d9caa27e6a233e1ccf3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
35acb49f48978a133c8602949a19353539306e93ba95b51a53c180dbd6198141
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39b426bb29c085d4a324a01713205766e9da309c4d430b12a546e561d8d911a7
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
489f6bcd0642eef4da9a835ce732da672ffea109db0a00cd443d009441f4599a
49883b2ff34194c5fbf2ed8a87a378de086a67334253d63d77ee02488c9d3f10
4a19e0ee3e786d1c1edc160a4e6255b0096d70e9b0585d4b1a3b91ed09149a4e
4a77ea5147173c42b23e754663635f044a9fc9cae895aa1487e7cbe4a46ae156
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e1354fc542b617c58cbba3aeb5116a528cf08bb1299f5dc7f3bc77a3b902b68
52e263a7e63ef6b0fba1200bec89c1112cb039685e5c0b7a748d5802823f240b
54ad56988bf78090ce07a5897636fcf8f1f4209a244c8ec03aa45d16f6309375
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5bc3116d1336864426ab3de833b2382f7bc057f265a592a448c75ae0a6ecd177
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
619f522608653b3074b1161f407de89e5806804729edacadd3accc0e1bf97a94
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64e88964320483e566dca17b2bdf129097fc345bf7089ce891dbfc922a9ec05d
6596b8610483551a3c0111f59bcdd1049728e496618181de90a9928f0e79d3df
65c3ba3bf6bf1617ee7e82251b6d4193082545eeedc60979b031d772ffb5a878
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
66625453601bcbcc54e1d678eb76162f1b117ea1d26c8bb2ad1aa8598d59d886
69099e865282e09ae31dc3c3dcac8cf3cce26c35ed718a44e85a804a9aa6f3f9
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cec6285df16f2aa240ba8d1c498e6a006e6c928174f5e2e8aa027e963f6f34b
6e38ca9bffa82d9df246392811cb84323aae578099752e322751189cd897ab0c
6fd7fb85167ed50ef6b6e19d89b2f5dea7b32a133b02ec15744b5921f72e9751
70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4
7c23dc6d33756a70efed4e2d27fd9314b2dca3ee7e0243fd552c041a61c6c5e8
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
9561e55f94058a2a590a72ad43d4f838294e2d6158e1adcf06343d840ead7635
9779d8159d328d842f63cac031444d411a42c8dadfae9f2313e6e4369485274b
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9a0493c889c58b96e508431fc9eac773683d9839bcaf3c0feef44afec85b2733
9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b0372d6ab0ab808f88875a1dd12d9f771c2486fcfd44fa48d5a3a688f74c60d3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b302f3162063054c6c6a18ac90cc62e69a395912cd157dacd2d53e1d4b06597e
b5dba68d705ba20baa1e8133d51261af4897d351c3d861704aa280eabd710480
b7418bbb8453c354b7bb8c00d2040cbb83c8bbcf598ca2569b6163871afc48e2
b774a4be3b45ab7c1cbba8d6a4b19bcbcb4e9ebae699b125b05e6f17b6bd57d7
b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
c1d4cdd9e85ef7e00db8d1c1ef6fe8e352628e3b528a2e247dd1b779444a6087
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c8104390115f92b27003b1e4e503ef59343ccfef4ac19751093544e8cfaeae26
cbe8fa329ee129f7d866a51e4e38e0ff31a3bf6b000ee7502b2e46d05e3bdac0
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d95bceb4d889af5c7677bec38a036ecb8a005d98eea05d64a648ea180bfa6e70
dab4d1e1e1409fbc22698a9e54df6c2322954cb11b486fb6ecf835efb9481657
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6991d45bb4405a8cb2c0e7709cee948946eb74eb98446fd6840d699155cb28c
e6f64fd1d9f408249bad441e006c941278314946c96f6d844d521f11425710bf
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e99839b2a7caa30386a961a259a09e6c888800626290c2d35dda7276f73c1c10
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec190e2f6ca2b272958e593e24827f3e51d2352733b509cbe1e30868b875bb7f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1bb229a4b5a943cfa72918d2b19bc3d6b2f4e921a32d39b69b557b7693e8b37
f4fb502ca1cb75eab89973f7726007591fb388ebfdea4216faddca45118213c1
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
fc1d94f50dd3822e1e53cb96af4f040d2ad8b5c7b984bae5e84efc7641acfada
fc2a934d09315618cc7d670f748958a584c14cb54a8619b455b71ec9f62fc887

elcorito.chat Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

157 Requests

92 %HTTPS

66 %IPv6

22 Domains

35 Subdomains

34 IPs

4 Countries

2709 kBTransfer

6607 kBSize

22 Cookies

3 Outgoing links

Page URL History

Redirected requests

157 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

elcorito.chat Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

157
Requests

92 %
HTTPS

66 %
IPv6

22
Domains

35
Subdomains

34
IPs

4
Countries

2709 kB
Transfer

6607 kB
Size

22
Cookies

157 HTTP transactions
4 data transactions