goo.by Open in urlscan Pro
2606:4700:3037::ac43:899a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://goo.by/o0jbk
Effective URL:
https://goo.by/
Submission: On March 19 via manual (March 19th 2023, 3:39:00 am UTC) from TW — Scanned from DE

Summary HTTP 198 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 9 countries across 29 domains to perform 198 HTTP transactions. The main IP is 2606:4700:3037::ac43:899a, located in United States and belongs to CLOUDFLARENET, US. The main domain is goo.by.
TLS certificate: Issued by GTS CA 1P5 on January 26th 2023. Valid for: 3 months.

This is the only time goo.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2606:4700:303... 2606:4700:3037::ac43:899a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4 12	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
9 16	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
24	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
3 6	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
3 19	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 2	3.120.73.5 3.120.73.5	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	18.194.238.124 18.194.238.124	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:c4cb:4322:c3f3:dc8d	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 3	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4 4	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.164 213.155.156.164	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
198	19

17 2606:4700:3037::ac43:899a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

goo.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:6b8::1:119 (Moscow, Russian Federation) 9 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:678:cb4:bbbb::11 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.34 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.73.5 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-73-5.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.238.124 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-238-124.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:c4cb:4322:c3f3:dc8d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.245 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.164 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-164.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 134	614 KB
43	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 cm.g.doubleclick.net — Cisco Umbrella Rank: 210	245 KB
27	gstatic.com www.gstatic.com fonts.gstatic.com	633 KB
17	goo.by 1 redirects goo.by	204 KB
14	google.com 4 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 68	44 KB
9	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	8 KB
9	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	35 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	388 KB
7	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 9360	3 KB
6	turn.com 3 redirects ad.turn.com — Cisco Umbrella Rank: 770 r.turn.com — Cisco Umbrella Rank: 3354	3 KB
5	yandex.ru 4 redirects mc.yandex.ru — Cisco Umbrella Rank: 3749	59 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 590	3 KB
4	yandex.by 2 redirects mc.yandex.by — Cisco Umbrella Rank: 222850	642 B
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 752 s.tribalfusion.com — Cisco Umbrella Rank: 1848	2 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 425	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4624	651 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 729	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8720	698 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1462	352 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 6097	558 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 736	718 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1444	588 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	266 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 317	461 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439	715 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 31897	613 B
1	everesttech.net sync-tm.everesttech.net — Cisco Umbrella Rank: 595 Failed	548 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	599 B
198	29

	Domain	Requested by
41	tpc.googlesyndication.com	googleads.g.doubleclick.net goo.by pagead2.googlesyndication.com tpc.googlesyndication.com
24	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net goo.by
20	www.gstatic.com	www.google.com www.gstatic.com googleads.g.doubleclick.net
20	pagead2.googlesyndication.com	goo.by pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
19	cm.g.doubleclick.net	3 redirects goo.by googleads.g.doubleclick.net
17	goo.by	1 redirects goo.by
12	www.google.com	4 redirects goo.by www.gstatic.com www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com
9	fonts.googleapis.com	googleads.g.doubleclick.net
9	cdnjs.cloudflare.com	goo.by
8	www.googletagservices.com	googleads.g.doubleclick.net
7	fonts.gstatic.com	www.google.com fonts.googleapis.com
7	mc.yandex.com	3 redirects goo.by
5	mc.yandex.ru	4 redirects goo.by
4	c1.adform.net	4 redirects
4	mc.yandex.by	2 redirects goo.by
3	r.turn.com	goo.by
3	ad.turn.com	3 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	d5p.de17a.com	2 redirects
2	a.tribalfusion.com	1 redirects googleads.g.doubleclick.net
2	x.bidswitch.net	2 redirects
2	pm.w55c.net	2 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	rtb.openx.net	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	um.simpli.fi	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	s.tribalfusion.com	goo.by
1	pixel.rubiconproject.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	sync-tm.everesttech.net	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
198	35

This site contains no links.

Subject Issuer	Validity	Valid
*.goo.by GTS CA 1P5	`2023-01-26` - `2023-04-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-10-18` - `2023-03-30`	5 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh

This page contains 28 frames:

Primary Page: https://goo.by/
Frame ID: CB42AF2A8B4D345CEB4AC70D488F61BA
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html
Frame ID: FBC2B999E02073419E63604B06B06143
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&adk=293675617&adf=814277786&lmt=1679197133&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fgoo.by%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133075&bpp=7&bdt=321&idt=136&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5936592529877&frm=20&pv=2&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=164
Frame ID: 31054E7E8FD14987D56AA0126F40097D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1679197133&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133082&bpp=3&bdt=328&idt=181&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=450&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YnaYorrf56&p=https%3A//goo.by&dtd=184
Frame ID: 5C6321C2570DFA58AA21FC70AF89ADED
Requests: 14 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=rlaym94xspd
Frame ID: 86767EF3A3D7FB4086F2FE6E5BC437BE
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=3189509110&pi=t.aa~a.2596561788~rp.4&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280&nras=3&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=3311&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bTGCA3RcS5&p=https%3A//goo.by&dtd=10
Frame ID: FDA9DE2C318D8BCF3290ECACC54C641A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15
Frame ID: 9D8B4FB04E20E0F1FBC93F4793C9F1A8
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19
Frame ID: CB8F555E1C616E85D9E68DD23D64419A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3F9EDFCF0401873AFD110BD29B277DFD
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: 8159DAC3EEC395749A1E2C3F38CABC98
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: 806ABB76F026AA6EF15DBB494CFB7942
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: 538ECF7CE108BA45C5E4DACE9F4A6740
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Frame ID: 838D95D78B6FE9B28021304CAAFD6BBD
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: B307542BED519C307FE8B32F6AE8659D
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: 879B4A24E94F2DA12DEE5A3B8E6EED12
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C4E80E265F24AA3B7F654460A45B2C70
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2286895A888CB40F6489B0B97CA987D8
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 0E60BCF2E95BEFE3CB21E3A8054E9CDE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: A73E2F6C99D7656FB210220C598B12DF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: 3B7B32FBA9303B395838BCE30EF313D7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F02C65416382D4C223B98CB2B130C248
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EBDEC1ACCBBBCA287601B5BC557E788E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: C87BB86336B1A9724EFC05A66CF24C5E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: E284FCA3A814473D2E70570FD3EFD3ED
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BF802A27D444D9B6074852E0DCC1C9DB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js
Frame ID: 2A4AC34153F9A6067F6AB10A490F7E8B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 80172F0EBF067E84CA4E0E222C7611D9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5862DB480810ACF189DD689537042245
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Goo.gl URL Shortener. Shorten URL Free!

Page URL History Show full URLs

https://goo.by/o0jbk HTTP 301
https://goo.by/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery DevBridge Autocomplete (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/jquery\.devbridge-autocomplete/([0-9.]+)/jquery\.autocomplete(?:.min)?\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

198
Requests

88 %
HTTPS

53 %
IPv6

29
Domains

35
Subdomains

19
IPs

9
Countries

2233 kB
Transfer

5906 kB
Size

38
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://goo.by/o0jbk HTTP 301
https://goo.by/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9946.6nA6RytGB4mz4UzM-zCVEVerdWDaSITBhFDuDI_rx72__H3wqbsD8guaEw5qpgSU.4Kr1vRe9p1NFK2izT4oNqHEu11E%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9946.LCYmOcP7JAVwiZhL85Wq1dUW9qudoov5W_4MffmLhpWM6UtPeD4simC44QiQBqwUF50aVzh4d3exB4Q5GIFm_IeSwMdvcAte7n0XPDuwjN8%2C.CaXGJWHvHaOh-ugzLsgdSYQg0CU%2C

Request Chain 38

https://mc.yandex.by/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=9946.7bNL8F4qYCbrgFVEGHSbzUZXEdvD0PxISSBUo-tf-xMWrmrUAoG255WsSuHDFePf.cpJ4mypaRhU7OY5sAoHhBy8G9-k%2C HTTP 302
https://mc.yandex.by/sync_cookie_image_decide?token=9946.zbK4t-oOc-K768HbD8bmCOZ9tAmsXRkVcTlIbzmnjfv_crzjVE_ZHzHDMgBVgxDWVT9B3zCEIw8BPD0QZBrriFqouuyvJ_ZIipB-e8TMqC0%2C.7bLy607cm0elrNk3rw875hJQf6w%2C

Request Chain 45

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A474973416879%3Ahid%3A204919086%3Az%3A0%3Ai%3A20230319033853%3Aet%3A1679197133%3Ac%3A1%3Arn%3A469746700%3Arqn%3A1%3Au%3A1679197133219503669%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C3%2C192%2C192%2C1%2C235%2C65%2C%2C%2C%2C470%3Aco%3A0%3Acpf%3A1%3Ans%3A1679197132514%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679197134%3At%3AGoo.gl%20URL%20Shortener.%20Shorten%20URL%20Free!&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A474973416879%3Ahid%3A204919086%3Az%3A0%3Ai%3A20230319033853%3Aet%3A1679197133%3Ac%3A1%3Arn%3A469746700%3Arqn%3A1%3Au%3A1679197133219503669%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C3%2C192%2C192%2C1%2C235%2C65%2C%2C%2C%2C470%3Aco%3A0%3Acpf%3A1%3Ans%3A1679197132514%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679197134%3At%3AGoo.gl%20URL%20Shortener.%20Shorten%20URL%20Free%21&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Request Chain 48

https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9946.IHo38WPrSQ_3xIxT3AFFyzZBIMZDAvJrkc7xeFJBZgxIWwzwjNnUVKJO5gq-hQp2.Lmn3ZeHGxaqNC3nJ8X8n1WVp2o0%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9946.j01zBFnRYLaK33ZR_2qNnhpzxsBQZcrhqI1wzJCeWgD_bnhNcM02_YlK9h4Zn19Cfwxsvk2IdJMypR4JV9l6TbJ3XeLmDm58AW-tUZBGLuI%2C.ZFK8kuD1zfwUmX9-bOgSOGJ0ibE%2C

Request Chain 49

https://mc.yandex.by/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.by&token=9946.MuiayJX4ckqMXKkH21GFvexo7ip7p_j_fSA_X7swXSQp54lUuXT8qbGJMaY7Rg1e.nvxkC4j-MmG8VBcPZiACIXBTgtc%2C HTTP 302
https://mc.yandex.by/sync_cookie_image_decide_secondary?token=9946.AhvasTbb2Q5a08NXsFzgWWRVdloeYsQnQnPjD17MHFkH6AXCIKVThp8JRH41nbYxt7Wl7AZoITiVaW8_EmPNXLEqy3SHFSpp7J8IodrJdtU%2C.L6uWK9_NjefR-AZrtZzUU21QLj8%2C

Request Chain 73

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 119

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 121

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 122

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 152

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx8uY2wvINoKj6hTzh_piLK4DMQxonQKghHYUs1xjL1Tc2nQNNkFu_dSJVOkqo4YFUhif5_6BfMzPXWRk9_g9zgZ5cWP4dB1ISQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzAxNjA5NDY0NDAxNTYzMjk4NA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

Request Chain 153

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJpk-OJMSsbwZOWO2itElNXKTPb8RwrS1AjrWCjH8q8Od8dSsDGMnZHons HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJpk-OJMSsbwZOWO2itElNXKTPb8RwrS1AjrWCjH8q8Od8dSsDGMnZHons HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZkhQRGdBTXAxUERKU0w1&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJpk-OJMSsbwZOWO2itElNXKTPb8RwrS1AjrWCjH8q8Od8dSsDGMnZHons

Request Chain 155

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOAxKCz_t-RvZ6KHWvOSkrk&google_cver=1&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X5i2dSojrzlLy8oG6OZRM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X5i2dSojrzlLy8oG6OZRM&google_hm=daCZFEYBSdCqzsmYtO5P3Jc

Request Chain 156

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEK47p8Im-TeiB2hFjMoVUpc&google_cver=1&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEK47p8Im-TeiB2hFjMoVUpc&google_cver=1&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk&google_hm=0RzY7qhHSOKj0fip0lcrDQ==

Request Chain 157

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEH886wAAmmTIq3H6Sl8X9u4&google_cver=1&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHRHDlr5pQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHRHDlr5pQ&google_hm=eS1nWEdyR20xRTJwRXVFYlBaWTFPMzZodXprOG9nOVdPWX5B

Request Chain 158

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFFC7NnKaTAD9LX6P0YhBjs&google_cver=1&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxSGhDTM4t929iBujm_OuKL0OeBQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZFVU05V1UtMVctNzVNSQ==&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxSGhDTM4t929iBujm_OuKL0OeBQ

Request Chain 164

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx9lHDikxzpuxDkMbIFqFRlffaM2dwjheEpqa1hiN3YDGi79a8E1MIrriHlshomIoqy2xrHVwZXgJKNzHKQlrhJb2mqy2qCE8aD9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjk0NDAzNzA0OTk3NzcwNTA0OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

Request Chain 165

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 166

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_cver=1&google_push=Aa02lx-Vkk04f7pO_rykzScE1l_znI-1S65JPkSa62LWF8keBW_mqOz-cI7uzDthiHbWORtANN9HGR7fwEVAB_UzYWDU8M-y-lrqA4qs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_push=Aa02lx-Vkk04f7pO_rykzScE1l_znI-1S65JPkSa62LWF8keBW_mqOz-cI7uzDthiHbWORtANN9HGR7fwEVAB_UzYWDU8M-y-lrqA4qs

Request Chain 168

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKymRQ9jCh0XYJ36HI2hfq8&google_cver=1&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_PeH1KXwzJkdEnhcg2K29 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMjA5Njc3ODM2NjgxMDI1Nw%3D%3D&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_PeH1KXwzJkdEnhcg2K29

Request Chain 169

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90etlA_F_sRIA65qAaEPWTKXTM HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90etlA_F_sRIA65qAaEPWTKXTM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxODg2MjEyMTQ5ODkyNzE5OA&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90etlA_F_sRIA65qAaEPWTKXTM

Request Chain 170

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGnTEzqid0wzX4UZXgjfwYeqbjk HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGnTEzqid0wzX4UZXgjfwYeqbjk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ3OTc5NTIwOTY4NDk1MTM2Mw&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGnTEzqid0wzX4UZXgjfwYeqbjk

Request Chain 187

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx9r5Kg5JOflYD4pfmIMYAZgTQEznDkY9JEKzoanyNDWPssBm-x3alfWSNiU4g60nuUcL8NtL2JwW_7d-eFktK6P8nQyHT583w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjk0NDAzNzA0OTk3NzcwNTA0OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

Request Chain 189

https://um.simpli.fi/gp_match?google_gid=CAESEBKBFpFKW6Fp8omdsTXNJds&google_cver=1&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_mSYWpXyv8D3eDQSI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5DF55BC9A0C04945AEDB832182FFC18D&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_mSYWpXyv8D3eDQSI

Request Chain 190

https://ads.travelaudience.com/google_pixel?google_gid=CAESEMFx5TN4-Jis8FEU-rGqwuE&google_cver=1&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgryYBpRMlda-6C0lA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g_EkQeJ9TbqcdX1EeNttXg2&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgryYBpRMlda-6C0lA

Request Chain 191

https://d5p.de17a.com/cookies/google?google_gid=CAESEN7ET_kNN63PZ6cBl2alXi8&google_cver=1&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEN7ET_kNN63PZ6cBl2alXi8&google_cver=1&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ

Request Chain 193

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_cver=1&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAOBxQe5bpRW_MtBNpHRVIN2PTENjMOlbcdic0YJI4IIf272eihqf7Lnnt2-ER_sjOtnw HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAOBxQe5bpRW_MtBNpHRVIN2PTENjMOlbcdic0YJI4IIf272eihqf7Lnnt2-ER_sjOtnw&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_hm=ZBaDz1_Mre0MthNTdDN6RgAABL8AAAIB&google_nid=index&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAOBxQe5bpRW_MtBNpHRVIN2PTENjMOlbcdic0YJI4IIf272eihqf7Lnnt2-ER_sjOtnw

198 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
goo.by/
Redirect Chain

https://goo.by/o0jbk
https://goo.by/

25 KB
8 KB

38ms
37ms

Document
text/html

2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb0da042b5626ff3c34be283c780411e5664400008fe714920d89e5ef72fd9ae

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7aa2af5f7e67928d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 19 Mar 2023 03:38:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htSTA5O6SMBA8i40zlsgul5QVRJvs8QZxzISCz%2BwYAJxzn2aP8CnmDi%2FtRGuQKWm5bdgKyntpulnwAcI42TYkodTgBKAtv9cNtLbVseD%2F1%2BJCnY1UTxojhI3N7yPP3QrSS71src%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7aa2af5efe0d928d-FRA
content-type: text/html; charset=UTF-8
date: Sun, 19 Mar 2023 03:38:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: /
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2B6203JTH1ZpMACU5FnpQGBt1tXppH061NUk%2B%2B5MknRPEDZc4zQe0cyvHW99a0eMXmyf40OUos7U12LMUWAk23aaEieH4Lf%2Bu2TGmWSlX1aoigOZ18SVrN76iEujUYM%2FX4vQrDw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 bootstrap.min.css
goo.by/static/css/ 89 KB
16 KB 17ms
16ms Stylesheet
text/css 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/bootstrap.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1912ec9329c898b56073a8120eb94e72e0bb858b390443cbc65d18a494572215

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 761790
etag: W/"626b7a86-1631a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpWdmXDmPzDwkYylgfi7Nxot1Ns9RvBFgxLyww49TEkS5Pafp5nidxkZYLjjDicM6XDSXxqTpZf8OX1dLiMB3aze27wS2XwCkmFF8JjyntFQkRv%2B7pE2w%2B%2By0ew5iqTO2XDiYsY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 7aa2af5fc8069b8e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
goo.by/themes/spartan/ 69 KB
13 KB 35ms
23ms Stylesheet
text/css 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/themes/spartan/style.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c44313430f757e3a44c796394ad431ad413d363d4467dfbc6cf1867e560969c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4347282
cf-polished: origSize=84847
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:41:48 GMT
server: cloudflare
etag: W/"626b7a9c-14b6f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pN%2FnxjfAI1omMojfGh2e%2FDTmB7dcPhWteMr1B2jBEHjR%2FmX4sJIABpltSlf8RVvU3rypcXkJ1CPnQaWpFpZmD3U2FPGkO3Ye%2FE2F4r0wzRB59GUQAQfJwJkVQtUi3aCCTBcBB74%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 7aa2af5fd81a9b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 components.min.css
goo.by/static/css/ 19 KB
3 KB 23ms
13ms Stylesheet
text/css 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/components.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 195ffe64f7501043f3700fdf9fbf2012d0b66fa26dcad328db4d5e8430fb520b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 514904
etag: W/"626b7a87-4b61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLw%2F1Lj4Z63Fr3G2IGQTQIzJtjApOWqjzOvN4s5Fuosc9x9svqq%2BeRmwACnEWoM8dLQdH4WiKVcWKTKQP8v%2FYq71l%2Bfb%2FkJsEPWO3hEW4fd6VMgdE8j4Y5j3GP%2BedsbtR3mBOpQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 7aa2af5fd81b9b8e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fa-all.min.css
goo.by/static/css/ 56 KB
13 KB 28ms
17ms Stylesheet
text/css 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/fa-all.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4347282
etag: W/"626b7a86-df5c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kw0hIYRz9DYCBxxxenBjJNZAMvZpBo3aj5OKfO12S9oAYqfCHd8oe8w0iWlgn4tiPibgP7qLoDmEt8sZ3Zk%2BBHXhnnPd4uYpdfHjNUI3P40QEB%2BdMiCGVprAn4yxNa7zqfRJQ%2BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 7aa2af5fd81c9b8e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
goo.by/static/js/ 82 KB
30 KB 31ms
21ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/js/jquery.min.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 14365135
etag: W/"626b7a93-14696"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYMpGvmKanFlHhrpuiE3YXlXdSPfVHWfrm2MMBDXTIYKbgRyMDVe26s20bwYCHR8bNScEJC%2F1U%2BsIehG98MYid05G38cQRPoxi5ZsgnxlVGEN1tyQHVaduyOuoSkBXgz7ghI%2FtM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af5fd81e9b8e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.js Show response
goo.by/static/ 3 KB
2 KB 23ms
13ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/bootstrap.min.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c785dee6ed2b248070e51f80868e1b938665681c17188c4e579c9c509ae05d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 8283019
etag: W/"626b7a28-d5b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JSeRG8lYod1CwImVUgsP81AwFqmFAcy%2F%2BDUtVfSp6OBxySjAP13YZIuZKl5gdTSmn6BHmCo4GoQjq9Du%2FB4x5vjpkVEvPWeACf%2BmflSwZVQ5OI%2Bdftwag%2FUCeewXKWS01K8Wo04%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af5fd8209b8e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 application.fn.js Show response
goo.by/static/ 3 KB
2 KB 23ms
14ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/application.fn.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2295914
cf-polished: origSize=4361
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-1109"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nkPdnXEU81BxQ0Hm2dw25A9v6sqqAsD5WvtxdWQPWOz4G0jx3caKhdENc6mo2z5EYsmo%2Fcshz9OrjqJOo4M%2FiT1BltpdQlzqgyGRvDb2gauKh9UIL2jfsM9KyHHrihHoHY23uY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af5fd8219b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datepicker.min.js Show response
cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/ 17 KB
5 KB 47ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/datepicker.min.js?v=0.6.4

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43df0eac8cd04fe4184d857d79cb2b72f9c636dfbc7d3bc6555ce0aacf2f2c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 187780
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5100
last-modified: Mon, 04 May 2020 16:09:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e33-4449"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxpWJZFkIIQ%2BHWbE6ZPvSUQad7BAz8UQzHJUcRSejReQaBjvo%2B8T%2FqsxaEOi8P8A%2Fx35fsbEaM39CX7BoO7CPQTf53CgSwhKJLN0eR7x64Qdj52aweOAOXedBLBhZUT0naQCU2qiwZP3cLumR2gxyXQ2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b793a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 datepicker.min.css
cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/ 3 KB
1 KB 46ms
13ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/datepicker.min.css?v=0.6.4

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68decb9b04351770373306a7d4eef2a677b9f2541d790a42fc6f72e8cdcc7bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 806642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 720
last-modified: Mon, 04 May 2020 16:09:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e33-d76"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HavkcgLeRMfnm55apK5zUwzNCmGyYO1IgJFJmM01%2F6nUB3Q6FSR5wAWqYH%2Fkb%2FIU02t9K7CTN%2Fs%2B3LjYdsDRMWubKLI%2FtVtcN%2FeawHSLsZX%2FR3XSSGB4S8n10dqfhGd55rsDl3ooiLeCuy7qrvz%2F3v0Z"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af5ffb753a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 chosen.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/ 26 KB
6 KB 51ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/chosen.jquery.min.js?v=1.1.0

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2786407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5483
last-modified: Mon, 04 May 2020 16:09:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e23-6956"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OnckQV0dQEiHPxChsk5VBws2MUSJOX1aDnufG0zU1fZ1%2Fp8J%2FtdX9Loxfq73o1o6IjPGPEFLFD0e1CkfolNunnvV0r8bv2jSzpXdvfBeQKB7Zi1c4FjWUe%2BFGsAlnyc4IXdH8hfALRPVzpkeymeXuTer"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b7a3a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 icheck.min.js Show response
cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/ 4 KB
2 KB 45ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/icheck.min.js?v=1.0.1

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1597740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1911
last-modified: Mon, 04 May 2020 16:11:10 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9e-11a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DNpD0enhx6yzUjPVYc2JVBCgjWte8Qx%2FwE%2B032Xwn7geJ7GYZWCOn1yeVKHvtBuo4FlGZ3r7JSE3JWvc8P7toG3X9QKEMnNCCxgnL73nNl2BxeI4mkyuqP%2FscWA8iCeEYZ3cp6rYKRG0Jy99L49efrYs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b7d3a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/ 10 KB
3 KB 49ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 814227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2906
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2824"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2FGgZxT%2F708OPkhwj%2BLB1TdR%2F0UXSLOJYCFQMmFoMCAbLPsR5OZ%2BGRwbHrKRDV1HR88zB%2Fg59CVioYnqkDUiU0D4tc%2F%2BsvEIWWojw07YYQ7ufEVbFo6Yhy7EMq4lrLRo%2FK9vfyVnROwpzRpROEEdiL7D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b823a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 43ms
12ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js?v=3.0.3

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1822039
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kXtF6JKahs%2F9An3q63hEbrA%2F09GdtowPuZPGRapO2y31i4xVzNbVGk%2FL3xcZFHDpgcPkRGRlhuVBKtoEFo%2BEvgkj%2FFfg2xNZXDm7J9bNsGz1c6oDCc%2BeCcCrt0YpUPT%2FaRoOFMvzRgZd8C5bZ%2FwRvfAl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b7c3a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
2 KB 42ms
11ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css?v=3.0.3

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3762668
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cCI9y%2FW5N5nYUoVtSThL8uhTkMhPIFCcBTVeMsbFyUZGIHxVYtRaYTbIxMfXyufULK2lsRRqVgIggD0cMcVCbMEKFs0ZvVal7PFR0ZbCLoXRIt2edM5t8YFhlIeEvX2PxBt4bApPkKKk3AAJy8V6efY"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af5ffb763a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 jquery.autocomplete.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/ 13 KB
4 KB 45ms
16ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/jquery.autocomplete.min.js?v=1.1.5

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3229213
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3860
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-331b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yF9beIvXVI3gv1rKsi3BKVYhURH4Jc1%2BO8onhQ8Wqprg%2FYuP8xElSBwHSzv1sxsO363%2BezBM0qN6kNShfRkxuTSWKWMjL9nWjK91pLcN3GR49rff7EQbgwwx3tvnSWBJSt0wWnll2o8NxN%2F8EqaKFeAZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b7e3a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H2 200 pace.js Show response
cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/ 25 KB
5 KB 44ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/pace.js?v=0.4.17

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 181653
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5158
last-modified: Mon, 04 May 2020 16:13:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f40-621b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewDBSccU%2FgHfIPaQUBvE2Eb4qo%2BjvZ0aap7fjiWhYaVfUa4zz33BXw7W2XK9Sy%2BZBl1YAIqRli6VuhyjLaZIBVY7YnUcSaaLryPNBMFBn7wiMwent9jBTaB%2Bpz7Hv5shJNMkoPxzAllFQvDGvVcrMeqZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7aa2af600b7b3a76-FRA
expires: Fri, 08 Mar 2024 03:38:52 GMT

GET
H3 200 application.js Show response
goo.by/static/ 15 KB
5 KB 19ms
15ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/application.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14575330
cf-polished: origSize=19442
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:51 GMT
server: cloudflare
etag: W/"626b7a27-4bf2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrNZ0CKQLKnP3OkLlhFijDEGZ6zRQNNxIG9l%2FXbvFhnvLxE%2FvaWHqIS1epfEfzWj%2BkUTARch%2Ff2ZuT9wWe1VjXmCRL6oBDuODsAIZw4y1Ro2Hn8IImNDKePe23s8vQCKBKrkwkg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af5fd8229b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 server.js Show response
goo.by/static/ 8 KB
3 KB 26ms
23ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/server.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 761790
cf-polished: origSize=12112
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-2f50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MKbIpgZ%2FctjPEmzjbgYcP3Z7tQAT%2F3sk7ezts%2F6Rz22HoFVaj%2FeiOyg1vGTSXAYBXvjhcsWgO3QopMvE5OMqILBG8jmAVY3BBIYJT2v7vvRv4KhWZzAUDxRKIPD%2FMB680R8546s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af5fd8249b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 165ms
72ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df57fdd697010bbfcec8c72546e801feadc9773a632e5497ede3dc4aabebfeec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48626
x-xss-protection: 0
server: cafe
etag: 3246699960254186187
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:52 GMT

GET
H3 200 auto_site_logo.png
goo.by/content/ 3 KB
4 KB 14ms
14ms Image
image/png 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/content/auto_site_logo.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6461e3d621bb44222b85c04e787c3a1bc2c296316d77bc175e682c177557fa76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14575330
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3400
last-modified: Sun, 08 May 2022 12:53:50 GMT
server: cloudflare
etag: "6277bd5e-d48"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QScTYH8%2FyHl56PMszgdRkp2UJ1hBDJM%2FzniqSaKnfygXlXdeFs6jEXTzlDFIHDYk1H2oBIMxwtG7F%2Ftt0T%2F5F9re7kfY%2FzapqJFLFq0z%2BjP0bMg%2F%2BJEm1vw5fimHN%2BlvSWqRtgQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7aa2af60386f9b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
905 B 148ms
51ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9018e6709cc0720ac1077d552464176bdcba459344cdecf7b001480cc8c037ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 585
x-xss-protection: 1; mode=block
expires: Sun, 19 Mar 2023 03:38:52 GMT

GET
H3 200 landing.png
goo.by/themes/cleanex/assets/images/ 17 KB
17 KB 14ms
13ms Image
image/png 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/themes/cleanex/assets/images/landing.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e337c98d5ed7ed7e852c87ee65bf108bd1cf6377d585c9f7b595a9e54ad41fa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166391
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17186
last-modified: Fri, 29 Apr 2022 05:44:07 GMT
server: cloudflare
etag: "626b7b27-4322"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aWWU3iOG3vQKYG9i9MKCv5WN6ZVFRFjTg11idqR0%2BZCszli2NGDSHNiNEXNFMnmGKwzMK0dXOMQMqdhhkPO941JAkDdmeHdBgdPcc04M3NsBsibLB5ayrhuZf2PqX%2BIuiYAPYP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7aa2af6038709b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 profiles.png
goo.by/static/img/ 62 KB
63 KB 16ms
15ms Image
image/png 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/static/img/profiles.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d69ba2a3cb603ff3aba5f081ad98b683d0b0788524d62f5b4df4f240658b4c90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 732143
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 63985
last-modified: Fri, 29 Apr 2022 05:41:34 GMT
server: cloudflare
etag: "626b7a8e-f9f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLOe5lsUOUNaNEsflZi7dwBFu%2FHH77AYIWjswXHDYy4%2FwYUxj3%2BMsz2KHK5caP1UWX0O6LusndLA2LSgLjIGwC7Z1KEyaPxSpD9VOpj5iM3YONy9rmeEKL42hrHa4sw%2Brt2yE2c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7aa2af6038719b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 main.js Show response
goo.by/themes/spartan/assets/js/ 794 B
724 B 20ms
20ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/themes/spartan/assets/js/main.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8283018
cf-polished: origSize=869
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:44:04 GMT
server: cloudflare
etag: W/"626b7b24-365"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxj%2BLGwpnsivvSXimGYGLtsdvvFLOljqSR0Ps7HIG0Bf1c93YXnHVJIKsYUgdJBWm%2Bfw07%2FHGDAEBF8UHLTauQkkBOmlr5VrKvBAmvj8B2Wo7ZhpS2D3FjO6YmH6vPM1%2Fjha%2B3M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af6028689b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 server.js Show response
goo.by/static/ 8 KB
3 KB 21ms
20ms Script
application/javascript 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/server.js?v=1.0
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2295913
cf-polished: origSize=12112
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-2f50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvusCGYOfsW9C4u%2BHpfUc%2BEHrkDLqmX8ZWgdZzbguy4Cdii4VOlqM6st5uj8LD%2FH20lOIEx9V5oMCOSZVBFqUR41DgQ%2B%2FNu2NTEJTWlvxtCkQowbE%2FAA%2FW7EKDJE4xq2kXNjG74%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 7aa2af60386d9b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 glyphicons-halflings-regular.woff
goo.by/static/fonts/ 23 KB
23 KB 19ms
18ms Font
font/woff 2606:4700:3037::ac43:899a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/fonts/glyphicons-halflings-regular.woff
Requested by: Host: goo.by
URL: https://goo.by/static/css/bootstrap.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:899a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Request headers

Referer: https://goo.by/static/css/bootstrap.min.css
Origin: https://goo.by
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 146935
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23320
last-modified: Fri, 29 Apr 2022 05:41:25 GMT
server: cloudflare
etag: "626b7a85-5b18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNb7OY%2F%2BnE7UfVbvqnqR%2BxE1Vp%2FJ%2FXQhdyZXRVnQLTSTEO692D3F3j4P55J7mpN5hnOgaB5nK2nfdt9p5SuYmmO77mo%2B%2BvRYwUDZ1sCZvV%2F6u%2BVcaOg7C4MwO8YIlJ3ktTd507Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7aa2af6038759b8e-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ 404 KB
161 KB 116ms
35ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9d91ff5b9a775b5ce8c6c81e51e71c27194d11ac8690353727d23c91f7b317c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Origin: https://goo.by
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 16:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164678
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 02:02:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 16:06:37 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 162 KB
57 KB 234ms
111ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

cf0e934daa92ef101fcdf4f64d318324f197533bc3a8ad60630a947cef5d7073

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Thu, 16 Mar 2023 11:37:34 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "6412d54e-e3bd"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 58301
expires: Sun, 19 Mar 2023 04:38:53 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/ 350 KB
117 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8917830189100721&plah=goo.by

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1eeeb0cc2e1ffcc4d9c8cb2aa447cd277e018037b8723f8d63a23a70c8eae3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119663
x-xss-protection: 0
server: cafe
etag: 17522350664083920869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/ Frame FBC2 10 KB
5 KB 114ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 22:45:27 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 22:45:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 379 B
599 B 130ms
47ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=goo.by&callback=_gfp_s_&client=ca-pub-8917830189100721

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8917830189100721&plah=goo.by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83424e16faa6b762de3210a5681de9ded45668d8b56293b60362ceabc99c994c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
532 B 124ms
44ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
457 B 130ms
47ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 71ms
71ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=cc-window%20cc-floating%20cc-type-info%20cc-theme-classic%20cc-bottom%20cc-right%20cc-color-override-1971232268%20&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3105 492 KB
81 KB 938ms
937ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&adk=293675617&adf=814277786&lmt=1679197133&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fgoo.by%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133075&bpp=7&bdt=321&idt=136&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5936592529877&frm=20&pv=2&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=164

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00a54117c87f6a5f64ee160201d8451d202bb46db0ed0d1cf835840011282949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 83019
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
expires: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5C63 94 KB
34 KB 851ms
851ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1679197133&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133082&bpp=3&bdt=328&idt=181&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=450&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YnaYorrf56&p=https%3A//goo.by&dtd=184

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b0f6266f5451df27af597034775eb8facf66824e47166a6918b66642a892e00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34158
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
expires: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 8676 44 KB
23 KB 60ms
59ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=rlaym94xspd

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a7f5aa3c30e5e04ad238de50a95faea8bd9dc5d3ae4ecf884f2b16a8d2aa2a2c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oRgbaUB6iS3_pVMEjI_olw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 23518
content-security-policy: script-src 'report-sample' 'nonce-oRgbaUB6iS3_pVMEjI_olw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9946.6nA6RytGB4mz4UzM-zCVEVerdWDaSITBhFDuDI_rx72__H3wqbsD8guaEw5qpgSU.4Kr1vRe9p1NFK2izT4oNqHEu11E%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9946.LCYmOcP7JAVwiZhL85Wq1dUW9qudoov5W_4MffmLhpWM6UtPeD4simC44QiQBqwUF50aVzh4d3exB4Q5GIFm_IeSwMdvcAte7n0XPDuwjN8%2C.CaXGJWHvHaOh-ugzLsgdSYQg0CU%2C

43 B
67 B

59ms
59ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9946.LCYmOcP7JAVwiZhL85Wq1dUW9qudoov5W_4MffmLhpWM6UtPeD4simC44QiQBqwUF50aVzh4d3exB4Q5GIFm_IeSwMdvcAte7n0XPDuwjN8%2C.CaXGJWHvHaOh-ugzLsgdSYQg0CU%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9946.LCYmOcP7JAVwiZhL85Wq1dUW9qudoov5W_4MffmLhpWM6UtPeD4simC44QiQBqwUF50aVzh4d3exB4Q5GIFm_IeSwMdvcAte7n0XPDuwjN8%2C.CaXGJWHvHaOh-ugzLsgdSYQg0CU%2C
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide
mc.yandex.by/
Redirect Chain

https://mc.yandex.by/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=9946.7bNL8F4qYCbrgFVEGHSbzUZXEdvD0PxISSBUo-tf-xMWrmrUAoG255WsSuHDFePf.cpJ4mypaRhU7OY5sAoHhBy8G9-k%2C
https://mc.yandex.by/sync_cookie_image_decide?token=9946.zbK4t-oOc-K768HbD8bmCOZ9tAmsXRkVcTlIbzmnjfv_crzjVE_ZHzHDMgBVgxDWVT9B3zCEIw8BPD0QZBrriFqouuyvJ_ZIipB-e8TMqC0%2C.7bLy607cm0elrNk3rw875hJQf6w%2C

43 B
67 B

56ms
55ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.by/sync_cookie_image_decide?token=9946.zbK4t-oOc-K768HbD8bmCOZ9tAmsXRkVcTlIbzmnjfv_crzjVE_ZHzHDMgBVgxDWVT9B3zCEIw8BPD0QZBrriFqouuyvJ_ZIipB-e8TMqC0%2C.7bLy607cm0elrNk3rw875hJQf6w%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.by/sync_cookie_image_decide?token=9946.zbK4t-oOc-K768HbD8bmCOZ9tAmsXRkVcTlIbzmnjfv_crzjVE_ZHzHDMgBVgxDWVT9B3zCEIw8BPD0QZBrriFqouuyvJ_ZIipB-e8TMqC0%2C.7bLy607cm0elrNk3rw875hJQf6w%2C
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
113 B 62ms
59ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 16 Mar 2023 11:37:34 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "6412d54e-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Sun, 19 Mar 2023 04:38:53 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame 8676 55 KB
24 KB 110ms
36ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=rlaym94xspd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 16:06:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 02:02:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 16:06:38 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame 8676 404 KB
161 KB 128ms
55ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9d91ff5b9a775b5ce8c6c81e51e71c27194d11ac8690353727d23c91f7b317c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 16:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164678
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 02:02:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Mar 2024 16:06:37 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 8676 2 KB
2 KB 39ms
38ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Mon, 13 Mar 2023 08:02:07 GMT
x-content-type-options: nosniff
age: 502606
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 20 Mar 2023 08:02:07 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8676 15 KB
16 KB 117ms
35ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 15:27:04 GMT
x-content-type-options: nosniff
age: 216709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 15:27:04 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8676 15 KB
15 KB 126ms
44ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:28:44 GMT
x-content-type-options: nosniff
age: 292209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 18:28:44 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/45619767/
Redirect Chain

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%...
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A97...

435 B
555 B

61ms
61ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A474973416879%3Ahid%3A204919086%3Az%3A0%3Ai%3A20230319033853%3Aet%3A1679197133%3Ac%3A1%3Arn%3A469746700%3Arqn%3A1%3Au%3A1679197133219503669%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C3%2C192%2C192%2C1%2C235%2C65%2C%2C%2C%2C470%3Aco%3A0%3Acpf%3A1%3Ans%3A1679197132514%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679197134%3At%3AGoo.gl%20URL%20Shortener.%20Shorten%20URL%20Free%21&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

46d2adb674341ab345b9d9a897714aceab6c430c15bf696a6cb45ac5cb7738bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sun, 19-Mar-2023 03:38:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://goo.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 435
x-xss-protection: 1; mode=block
expires: Sun, 19-Mar-2023 03:38:53 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
last-modified: Sun, 19-Mar-2023 03:38:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3A3llbk0t3p8ehu21bjv65f%3Afp%3A341%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A474973416879%3Ahid%3A204919086%3Az%3A0%3Ai%3A20230319033853%3Aet%3A1679197133%3Ac%3A1%3Arn%3A469746700%3Arqn%3A1%3Au%3A1679197133219503669%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C3%2C192%2C192%2C1%2C235%2C65%2C%2C%2C%2C470%3Aco%3A0%3Acpf%3A1%3Ans%3A1679197132514%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1679197134%3At%3AGoo.gl%20URL%20Shortener.%20Shorten%20URL%20Free%21&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29
access-control-allow-origin: https://goo.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sun, 19-Mar-2023 03:38:53 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 8676 102 B
132 B 46ms
46ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4fdd793c6b9c084150c7577c83ddd7bdb6f38b1e5b1f036418f20d6d080b42a5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=rlaym94xspd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 1; mode=block
expires: Sun, 19 Mar 2023 03:38:53 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 8676 32 KB
18 KB 82ms
81ms XHR
application/json 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5e3f0a216d331f28ef4fc1b4c8503c1a91299ce769feafa4b3774f86200dac1c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=rlaym94xspd
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18723
x-xss-protection: 1; mode=block
expires: Sun, 19 Mar 2023 03:38:53 GMT

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=9946.IHo38WPrSQ_3xIxT3AFFyzZBIMZDAvJrkc7xeFJBZgxIWwzwjNnUVKJO5gq-hQp2.Lmn3ZeHGxaqNC3nJ8X8n1WVp2o0%2C
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9946.j01zBFnRYLaK33ZR_2qNnhpzxsBQZcrhqI1wzJCeWgD_bnhNcM02_YlK9h4Zn19Cfwxsvk2IdJMypR4JV9l6TbJ3XeLmDm58AW-tUZBGLuI%2C.ZFK8kuD1zfwUmX9-bO...

43 B
67 B

56ms
56ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9946.j01zBFnRYLaK33ZR_2qNnhpzxsBQZcrhqI1wzJCeWgD_bnhNcM02_YlK9h4Zn19Cfwxsvk2IdJMypR4JV9l6TbJ3XeLmDm58AW-tUZBGLuI%2C.ZFK8kuD1zfwUmX9-bOgSOGJ0ibE%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide_secondary?token=9946.j01zBFnRYLaK33ZR_2qNnhpzxsBQZcrhqI1wzJCeWgD_bnhNcM02_YlK9h4Zn19Cfwxsvk2IdJMypR4JV9l6TbJ3XeLmDm58AW-tUZBGLuI%2C.ZFK8kuD1zfwUmX9-bOgSOGJ0ibE%2C
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.by/
Redirect Chain

https://mc.yandex.by/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.by&token=9946.MuiayJX4ckqMXKkH21GFvexo7ip7p_j_fSA_X7swXSQp54lUuXT8qbGJMaY7Rg1e.nvxkC4j-MmG8VBcPZiACIXBTgtc%2C
https://mc.yandex.by/sync_cookie_image_decide_secondary?token=9946.AhvasTbb2Q5a08NXsFzgWWRVdloeYsQnQnPjD17MHFkH6AXCIKVThp8JRH41nbYxt7Wl7AZoITiVaW8_EmPNXLEqy3SHFSpp7J8IodrJdtU%2C.L6uWK9_NjefR-AZrtZz...

43 B
79 B

53ms
53ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.by/sync_cookie_image_decide_secondary?token=9946.AhvasTbb2Q5a08NXsFzgWWRVdloeYsQnQnPjD17MHFkH6AXCIKVThp8JRH41nbYxt7Wl7AZoITiVaW8_EmPNXLEqy3SHFSpp7J8IodrJdtU%2C.L6uWK9_NjefR-AZrtZzUU21QLj8%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.by/sync_cookie_image_decide_secondary?token=9946.AhvasTbb2Q5a08NXsFzgWWRVdloeYsQnQnPjD17MHFkH6AXCIKVThp8JRH41nbYxt7Wl7AZoITiVaW8_EmPNXLEqy3SHFSpp7J8IodrJdtU%2C.L6uWK9_NjefR-AZrtZzUU21QLj8%2C
date: Sun, 19 Mar 2023 03:38:53 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H3 200 0f98ab093493e21e6a1e2127137795a3.js Show response
www.gstatic.com/mysidia/ Frame 5C63 10 KB
4 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0f98ab093493e21e6a1e2127137795a3.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1679197133&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133082&bpp=3&bdt=328&idt=181&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=450&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YnaYorrf56&p=https%3A//goo.by&dtd=184

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b87eb697514c4f7f78d19319a9f7f9ec477787d3c6060ae86eb7cb04a64eac13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4382
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:47:09 GMT

GET
H3 200 ec50de85495f28590e259a5bfc1feac2.js Show response
www.gstatic.com/mysidia/ Frame 5C63 11 KB
5 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ec50de85495f28590e259a5bfc1feac2.js?tag=text/vanilla_highlight_ms

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d12fcbeb7624beef6c90755330fd5dfc2fd155c8e1f596129c9531821c5a85be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4795
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 21:42:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 13:25:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5C63 8 KB
1 KB 133ms
48ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:48:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 5C63 2 KB
846 B 96ms
47ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 5C63 22 KB
9 KB 115ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 5C63 3 KB
1 KB 94ms
45ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 5C63 20 KB
9 KB 120ms
40ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C63 158 KB
49 KB 123ms
43ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 5C63 34 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5C63 0
0 81ms
80ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cxj_SzYMWZLjuEejhx_APqtSVoA6SsMbDb8TM6tTlELCQHxABIIva-xxgleKQgqAHoAHIjebWA8gBAakC1WC00sPmsT6oAwHIA8sEqgS6AU_QYXzlqdoec5Pum7AoIy2LYBy7EMu-9kw4MtzxdK_nO34CEPvUNnj3uxCa5ZAhgCZYjqI7_nNnDPCULe5wwa_Qg3ObroodOHTC51vbJYk23Ov-YDaNc0BQ6efaolEs_3KMfOJQpCKz-wlqQg57JE8n6lEz6vnB8_a3xc6Hh6BF7u62EjyiLXdpRF7-edMyxKLMVKUDbtW8CMgdmP5jPKU4Fk0XrQHG7By3gsgBDaj4MtxEoJYC0gx6MMAEoLK61rgEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB6DymSmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBRDahKIB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw2IFATQFQGYFgGAFwGyFxwKGggAEhRwdWItODkxNzgzMDE4OTEwMDcyMRgA&sigh=DKgRXhEE8_w&uach_m=[UACH]&cid=CAQSGwDUE5ymeo24rkJwv2wa4ZcnFlphvoKlC30DQhgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1679197133&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133082&bpp=3&bdt=328&idt=181&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=450&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YnaYorrf56&p=https%3A//goo.by&dtd=184
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/ 149 KB
51 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303140101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56979e872da578544dec9c08574e0e42f40efa81016660b13e68e3c583a035a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52121
x-xss-protection: 0
server: cafe
etag: 322289460396024922
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
166 B 46ms
45ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
166 B 46ms
46ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FDA9 92 KB
33 KB 673ms
672ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=3189509110&pi=t.aa~a.2596561788~rp.4&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280&nras=3&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=3311&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bTGCA3RcS5&p=https%3A//goo.by&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a6355d74ef3f07bd7d876f73a91d4f4eefc777da295960cc32840ec059fd15a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 33590
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9D8B 101 KB
35 KB 1010ms
1009ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27363905b0ea3bbc0f23d6193f1c7910728626648a31a7308b8d02bbf905427f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 36047
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CB8F 102 KB
35 KB 818ms
817ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a01d50b1257ade421f527ee3b332f83e46bde30a83583806c2c2eb1e4de31fe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 36057
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3F9E 143 B
166 B 35ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1679197133&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197133082&bpp=3&bdt=328&idt=181&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=450&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YnaYorrf56&p=https%3A//goo.by&dtd=184
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 02:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5C63 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d58342582faacf8e635eea9308379a1b82fc1d1977c642ad6af8b738abdc891

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame 8159 10 KB
4 KB 35ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame 806A 10 KB
4 KB 35ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame 538E 10 KB
4 KB 35ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/ Frame 838D 10 KB
4 KB 38ms
37ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 23:21:33 GMT
etag: 2378337311435320485
expires: Sat, 01 Apr 2023 23:21:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5C63 28 KB
28 KB 36ms
35ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 19:36:43 GMT
x-content-type-options: nosniff
age: 201731
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 19:36:43 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3F9E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

45ms
44ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
expires: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 8159 4 KB
710 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:24:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8159 205 B
229 B 37ms
36ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 21:11:17 GMT
x-content-type-options: nosniff
age: 23257
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 17 Mar 2024 21:11:17 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8159 604 B
628 B 39ms
38ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 02:48:46 GMT
x-content-type-options: nosniff
age: 3008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 18 Mar 2024 02:48:46 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/ Frame 8159 20 KB
8 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

317f149045d69a8bf445de8bbd3ff61b2cc95da746998e97f4381dfe3326c7f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33596
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8549
x-xss-protection: 0
server: cafe
etag: 16448057571289220057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:18:58 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 806A 8 KB
968 B 47ms
46ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:38:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 806A 2 KB
799 B 35ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 806A 22 KB
9 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 806A 3 KB
1 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 806A 20 KB
8 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 806A 158 KB
48 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 806A 34 KB
14 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 0f98ab093493e21e6a1e2127137795a3.js Show response
www.gstatic.com/mysidia/ Frame 538E 10 KB
4 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0f98ab093493e21e6a1e2127137795a3.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b87eb697514c4f7f78d19319a9f7f9ec477787d3c6060ae86eb7cb04a64eac13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4382
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:47:09 GMT

GET
H3 200 ec50de85495f28590e259a5bfc1feac2.js Show response
www.gstatic.com/mysidia/ Frame 538E 11 KB
5 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ec50de85495f28590e259a5bfc1feac2.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d12fcbeb7624beef6c90755330fd5dfc2fd155c8e1f596129c9531821c5a85be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4795
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 21:42:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 13:25:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 538E 8 KB
969 B 52ms
47ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:58:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 538E 2 KB
799 B 48ms
43ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 538E 22 KB
9 KB 39ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 538E 3 KB
1 KB 48ms
44ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 538E 20 KB
8 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 538E 158 KB
48 KB 68ms
65ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 538E 34 KB
14 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 0f98ab093493e21e6a1e2127137795a3.js Show response
www.gstatic.com/mysidia/ Frame 838D 10 KB
4 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0f98ab093493e21e6a1e2127137795a3.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b87eb697514c4f7f78d19319a9f7f9ec477787d3c6060ae86eb7cb04a64eac13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:47:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4382
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:47:09 GMT

GET
H3 200 ec50de85495f28590e259a5bfc1feac2.js Show response
www.gstatic.com/mysidia/ Frame 838D 11 KB
5 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ec50de85495f28590e259a5bfc1feac2.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d12fcbeb7624beef6c90755330fd5dfc2fd155c8e1f596129c9531821c5a85be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4795
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 21:42:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 13:25:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 838D 8 KB
969 B 48ms
46ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:22:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 838D 2 KB
799 B 52ms
50ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 838D 22 KB
9 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 838D 3 KB
1 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 838D 20 KB
8 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 838D 158 KB
48 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 838D 34 KB
14 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B307 8 KB
895 B 50ms
47ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:22:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame B307 2 KB
765 B 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33968
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame B307 22 KB
9 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame B307 3 KB
1 KB 49ms
46ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame B307 20 KB
8 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B307 158 KB
48 KB 66ms
63ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:54 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame B307 34 KB
14 KB 39ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 879B 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16952
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C4E8 143 B
166 B 35ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 02:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2286 143 B
166 B 36ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 02:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0E60 143 B
166 B 36ms
35ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 02:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 806A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 806A 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 561736faecba167b5b538be37b8d7c4e686c307c4a64413228980aa4d0cad961

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/3768724973957661681/ Frame 538E 5 KB
5 KB 36ms
36ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3768724973957661681/14763004658117789537?w=300&h=300

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0579474c93f54edd0ea223b6a2d552da76783a4b919501f743f47b93225f633

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:45:40 GMT
x-content-type-options: nosniff
age: 233594
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5271
x-xss-protection: 0
last-modified: Wed, 22 Feb 2023 19:04:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 15 Mar 2024 10:45:40 GMT

GET
DATA 200
OK truncated
/ Frame 538E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99771b396dab463693f3f4b72d9b8d0d5b494789ac61332a1415300a8c87f5ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame A73E 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16952
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C4E8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

48ms
47ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
expires: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 806A 0
18 B 80ms
79ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-QjfzYMWZI-vEJPix_AP64eUyAGlx-CUbc7ck4n-EMaR6vTPKhABIIva-xxgleKQgqAHoAGKzdSaKMgBAakC1WC00sPmsT6oAwGqBLoBT9D8awLx50QVAwmCM9agIeXkJd0eZY1WRtxmApNzFGgsutS_sqR33l80DOas621zfvVtC6m4XuK-U3kL33BrYq1j-k3QuZDX1MyWvFqt9Bc3OMCINWgkbUkuDgJy9WGtMYkH_30LFV6YVKq8sklF9UWazNLlY_-Y4YmC3I7NlTZrMS7LGzvnfSuGb1cq_6-a3M6uCA7Fy-BOoood31BeFX-Hd9jxfF46_-3JK1Bb3ivSt7uUHmKPbg1FwATa0rX96gOSBQQIBBgBkgUECAUYBIAHioWl-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBD_xBnSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi04OTE3ODMwMTg5MTAwNzIxGAA&sigh=Edjik0EYxfg&uach_m=[UACH]&cid=CAQSGwDUE5ymmlLKb3zvkIfE3eFdChTw2s_nVHq8zBgB&template_id=5020&vis=1

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2286
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

44ms
44ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
expires: Sun, 19 Mar 2023 03:38:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0E60
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

47ms
46ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:55 GMT
expires: Sun, 19 Mar 2023 03:38:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:54 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3B7B 36 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16952
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 538E 0
18 B 85ms
85ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CYCIMzYMWZJCvEJPix_AP64eUyAHPgZ2Ob4jl4_m8EdnZHhABIIva-xxgleKQgqAHoAGE3aORA8gBAakCeSyfJ3sJJz6oAwGqBMgBT9DDPKZu-8OKpYy9XZ8RskNq0p8ilceW6bR4F9JH6hQ7mjzoqN837w4lvW3Wphz3saFcQ1bcSuOxU2oqnFEtPXf0ESo7kbpOEsCCmNfK47tD4Pf6syi2NKumc0I55-P4CVJPIWAxr6QgA3KCTS8fvc1x2PWQN103yM2zOP89mpIT1bwAj3V8nOeC-h3uRWsktGGll6fSnUV8KaO182upXakdeWZMDEfo6KYQ6419VXLbR-LtwHRM6RMB5R2iW_cYd3fBmAzB9mLABJyI5tezBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBgAfkotxuqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ3b8O0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw2IFAbQFQGAFwGyFxwKGggAEhRwdWItODkxNzgzMDE4OTEwMDcyMRgA&sigh=bd7utQ2Q9K8&uach_m=[UACH]&cid=CAQSGwDUE5ymmlLKb3zvkIfE3eFdChTw2s_nVHq8zBgB&template_id=5001&vis=1

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame FDA9 4 KB
621 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=3189509110&pi=t.aa~a.2596561788~rp.4&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280&nras=3&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=3311&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bTGCA3RcS5&p=https%3A//goo.by&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 01:44:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame FDA9 2 KB
765 B 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33969
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame FDA9 22 KB
9 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame FDA9 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame FDA9 20 KB
8 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FDA9 0
0 43ms
43ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTlnY7tdBenHS9zZEjz85UZnWiAMmKGkRAEqh5Eb0jQ-TXhGMmyZWFA0gynvhuI1NQUV7ufJoQWF_o9WVWZUPn1n62fmw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=3189509110&pi=t.aa~a.2596561788~rp.4&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280&nras=3&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=3311&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bTGCA3RcS5&p=https%3A//goo.by&dtd=10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FDA9 158 KB
48 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame FDA9 34 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FDA9 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Co3ohzoMWZPqvFMmg-gbSioH4D_aosKJvoMWFj_oQt7TcjYQ5EAEgi9r7HGCV4pCCoAegAd6L0scoyAEJqQLVYLTSw-axPqgDAcgDywSqBMEBT9B0PkPCFmQ8eqgGFN2NGtWTRiydvRux_hVL5N_leJaRfaC5iZXP6UgTHupZuVLdcF03_exBifgyTG0pUMmJPvY4i7F_xBH-rV6ia_nIMZVCC7LhcQw3S_U6Bo6P15ge6N5-IGtoq88wNtoyNBuS3B7YslQSP8Xmd3HY8PoyEPfvF5fm57Qysxi9FIcdTua61lMFxpOD_By-g3cggK5qJeJrUzaEKVwSAvII9qKzZcDuEFhlKItffULCAMOwkrqF-8AElZ6cvKAEkgUECAQYAZIFBAgFGASgBi6AB97DoqcDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQybMG0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMN0BUBgBcBshccChoIABIUcHViLTg5MTc4MzAxODkxMDA3MjEYAA&sigh=7pFWi382P5M&uach_m=[UACH]&cid=CAQSOwDUE5ymhDVYWu8uQPN5CpMqqdhvIbqkl8Wg2nrDkHHd58H2KMHzLAn1itRUkkTls1VznMqwt4Dm5eTlGAE&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=3189509110&pi=t.aa~a.2596561788~rp.4&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280&nras=3&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=3311&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bTGCA3RcS5&p=https%3A//goo.by&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/11918635218877321045/ Frame FDA9 20 KB
20 KB 107ms
107ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11918635218877321045/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63d4ce33e14074f9f391fb2025a73128975d645bfd427adffdffa2291b0303db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20352
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 09:51:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 18 Mar 2024 03:38:55 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/14000247216091412956/ Frame FDA9 1 KB
1 KB 36ms
35ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14000247216091412956/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01181fe4d47c4645b8f60d39217dd78b8fb823dbd96a39485a0950756915a364

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 11:55:14 GMT
x-content-type-options: nosniff
age: 229421
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1479
x-xss-protection: 0
last-modified: Sat, 25 Jun 2022 11:16:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 15 Mar 2024 11:55:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F02C 1 KB
643 B 38ms
38ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Sun, 19 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FDA9 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aebfac1c19fa21f4e1c20cc17b4c4018283917b2da578ad0f0f5a7742c77b19d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame CB8F 8 KB
895 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:05:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CB8F 2 KB
765 B 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33969
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame CB8F 22 KB
9 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CB8F 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame CB8F 20 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CB8F 0
0 44ms
44ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRCaskzKFHXoPLRpnIxlKn3IymwiiJ1GYdo7fAxiKT8ps93AKuY64UkMCug8qdzHXO7K5FK_Zh7xu8m5XDEafNBvZYMkg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB8F 158 KB
48 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame CB8F 34 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CB8F 0
0 82ms
82ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ca2upzoMWZP_3FMq6x_APxsWUyALPq4XZbay0t9ycDZiS-IezAhABIIva-xxgleKQgqAHoAHarv-iA8gBCakC1WC00sPmsT6oAwHIA8sEqgS8AU_Q3NMSnrtPjxyW8mOsaWOLEi-R09uP1J9Dgj4-cCieevttM7ZUgfG39Tc3vogXgcL6IHtqwL1wnnsEgoJzr5_iDoTVRLnQVMi9yQv_G2p64JGiPh7QsMdOMmJTsymlCuDroybwBNsNFYnCkRB6_uC6iLXeoyrIaUfPZYoy2SxXc4k9qAxb3DbWeAnGWI74crK6PDIqf_dwthFV8v0H_rAzUq5zItv0Q6c_KfNJ3-y3FBs8L89LUaJU0Tg8wAS2i_jXxAOSBQQIBBgBkgUECAUYBKAGLoAHjtGAXagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEMK4CdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQD0BUBmBYBgBcBshccChoIABIUcHViLTg5MTc4MzAxODkxMDA3MjEYAA&sigh=yUsnSekwXdw&uach_m=[UACH]&cid=CAQSOwDUE5ymf8w0TjGY9KTWHuzlGzESlBYcxkJEBX3zmIIesAs9GdxmTz-1ULkoyJchX7JmuMbpJhiw_l2zGAE&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FDA9 15 KB
15 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 21:07:17 GMT
x-content-type-options: nosniff
age: 109898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Mar 2024 21:07:17 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FDA9 16 KB
16 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:21:08 GMT
x-content-type-options: nosniff
age: 253067
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 05:21:08 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1602392501282871508/ Frame CB8F 43 KB
43 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1602392501282871508/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

020e8835183111104ef56f8689f6c417447d9d15aa4eca56cdee8ba35d341232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:30:19 GMT
x-content-type-options: nosniff
age: 137316
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43695
x-xss-protection: 0
last-modified: Tue, 29 Nov 2022 12:08:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 16 Mar 2024 13:30:19 GMT

GET
DATA 200
OK truncated
/ Frame CB8F 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CB8F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame F02C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx8uY2wvINoKj6hTzh_piLK4DMQxonQKghHYUs1xjL1Tc2nQNNkFu_dSJVOkqo4YFUhif5_6BfMzPXWRk9_g9zgZ5cWP4dB1ISQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzAxNjA5NDY0NDAxNTYzMjk4NA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

43 B
398 B

52ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 19 Mar 2023 03:38:54 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F02C
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZkhQRGdBTXAxUERKU0w1&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJ...

170 B
330 B

49ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZkhQRGdBTXAxUERKU0w1&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJpk-OJMSsbwZOWO2itElNXKTPb8RwrS1AjrWCjH8q8Od8dSsDGMnZHons

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 19 Mar 2023 03:38:54 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-770-gc22eae1#rel-ec2-master i-0f98d39f03f7816e5@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZkhQRGdBTXAxUERKU0w1&google_gid=CAESEP9rO1ZYwNg-uJr5GogTJ6k&google_cver=1&google_push=Aa02lx80uajWA-p3Vor0avTuft7e5Y03lb2eAOKLgi_FyFJpk-OJMSsbwZOWO2itElNXKTPb8RwrS1AjrWCjH8q8Od8dSsDGMnZHons
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET 5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame F02C 0
0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F02C
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOAxKCz_t-RvZ6KHWvOSkrk&google_cver=1&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X5i2dSojrzlLy8oG6OZRM&google_hm=daCZFEYBSdCqzsmYt...

170 B
233 B

77ms
56ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X5i2dSojrzlLy8oG6OZRM&google_hm=daCZFEYBSdCqzsmYtO5P3Jc

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx91_HONoLJhLOPcvAe5CQLGl6Of333vYzhSWsM-GevbkmibkyBJytn_FKtabAb4_GEIODC1C9mK58X5i2dSojrzlLy8oG6OZRM&google_hm=daCZFEYBSdCqzsmYtO5P3Jc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F02C
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEK47p8Im-TeiB2hFjMoVUpc&google_cver=1&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEK47p8Im-TeiB2hFjMoVUpc&google_cver=1&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk&google_hm=0RzY7qhHSOKj0fip0lcr...

170 B
233 B

54ms
53ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk&google_hm=0RzY7qhHSOKj0fip0lcrDQ==

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk&google_hm=0RzY7qhHSOKj0fip0lcrDQ==
date: Sun, 19 Mar 2023 03:38:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F02C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEH886wAAmmTIq3H6Sl8X9u4&google_cver=1&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHR...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHRHDlr5pQ&google_hm=eS1nWEdyR20xRTJwRXVF...

170 B
188 B

83ms
83ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHRHDlr5pQ&google_hm=eS1nWEdyR20xRTJwRXVFYlBaWTFPMzZodXprOG9nOVdPWX5B

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 19 Mar 2023 03:38:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx8OSRhKZ2-_yUqmgcH-BsII2WPDNFoB9epgqEWK_47kKO3feq4mq41UgpVxgVJdeE40wIsNChVuIKslG7Y__ka-cHRHDlr5pQ&google_hm=eS1nWEdyR20xRTJwRXVFYlBaWTFPMzZodXprOG9nOVdPWX5B
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F02C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFFC7NnKaTAD9LX6P0YhBjs&google_cver=1&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxS...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZFVU05V1UtMVctNzVNSQ==&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxSGhDTM4t929iBujm_OuKL0OeBQ

170 B
233 B

60ms
56ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZFVU05V1UtMVctNzVNSQ==&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxSGhDTM4t929iBujm_OuKL0OeBQ

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEZFVU05V1UtMVctNzVNSQ==&google_push=Aa02lx9oiwH8o7Z25EDEr8VRrwwVQ8LwKEZQmL42mCuA-L25eAM0_m9PBqWMQxZnCuuzkT2IaxSGhDTM4t929iBujm_OuKL0OeBQ
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 28e1e7d28d06b07ec669bc9e43057b8e
Expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame F02C 0
140 B 150ms
46ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LUaZU9-oegyqkU1Ku5cHI98AZ_w8LxJ-PKLPJ0QzKxjvzqZ_7EFsE59xhBx7Cv3kwHASpH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EBDE 1 KB
643 B 40ms
37ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Sun, 19 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame CB8F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 029edae1c6301cefa4391e2a215d361cf0a72f76c9f0fe044c40651049215b6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame C87B 36 KB
14 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame CB8F 28 KB
28 KB 36ms
35ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 19:36:43 GMT
x-content-type-options: nosniff
age: 201732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 19:36:43 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame EBDE
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx9lHDikxzpuxDkMbIFqFRlffaM2dwjheEpqa1hiN3YDGi79a8E1MIrriHlshomIoqy2xrHVwZXgJKNzHKQlrhJb2mqy2qCE8aD9
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjk0NDAzNzA0OTk3NzcwNTA0OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

43 B
398 B

51ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 19 Mar 2023 03:38:54 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame EBDE
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNw...

43 B
424 B

180ms
164ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7aa2af713ed135ee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 582
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx88eVjyYKQL_I_dQQwjIE4hvguWB7gQMCsdz3CzKn7R3h6B-McFrop2D5EPuApIOlYixVxElmf5b_Q5333y1FeNKvM6gNwEf3Mo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7aa2af6fcdbf35ee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBDE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_push=Aa02lx-Vkk04f7pO_rykzScE1l_znI-1S65JPkSa62LWF8keBW_mqOz-cI...

170 B
188 B

48ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_push=Aa02lx-Vkk04f7pO_rykzScE1l_znI-1S65JPkSa62LWF8keBW_mqOz-cI7uzDthiHbWORtANN9HGR7fwEVAB_UzYWDU8M-y-lrqA4qs

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230136-FRA
pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1679197135.297825,VS0,VE181
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_push=Aa02lx-Vkk04f7pO_rykzScE1l_znI-1S65JPkSa62LWF8keBW_mqOz-cI7uzDthiHbWORtANN9HGR7fwEVAB_UzYWDU8M-y-lrqA4qs
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame EBDE 70 B
266 B 104ms
31ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEHaRWC1fYFhb7tvX7fDohmw&google_cver=1&google_push=Aa02lx8-SYvPaG1ySos7TAiG65mu79UsUB0wMYTE_9RM90AJDumzYshS046VMKnwpwakDzCoO5qdhYBQjY6hImmBGrrq6a4BHYeCzeU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.4&daaos=1679169110076&w=1200&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=1&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280%2C1140x280&nras=5&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4632&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=3&fsb=1&xpc=zPyYZaWSEO&p=https%3A//goo.by&dtd=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EBDE
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKymRQ9jCh0XYJ36HI2hfq8&google_cver=1&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_Pe...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMjA5Njc3ODM2NjgxMDI1Nw%3D%3D&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_PeH1KX...

170 B
233 B

50ms
49ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMjA5Njc3ODM2NjgxMDI1Nw%3D%3D&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_PeH1KXwzJkdEnhcg2K29

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIxMjA5Njc3ODM2NjgxMDI1Nw%3D%3D&google_push=Aa02lx95eRTbGrqAWyA4bgmCE4BtBHBNDbsBki8Ok3X7idOlsvdjCdFn9KcgtMQRWwsg4sCqrRqp_7bioxk_PeH1KXwzJkdEnhcg2K29
Date: Sun, 19 Mar 2023 03:38:55 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EBDE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90e...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5ot...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxODg2MjEyMTQ5ODkyNzE5OA&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz9...

170 B
233 B

75ms
74ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxODg2MjEyMTQ5ODkyNzE5OA&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90etlA_F_sRIA65qAaEPWTKXTM

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjAxODg2MjEyMTQ5ODkyNzE5OA&google_push=Aa02lx_9czjRbyD0tunRjzh6BWmplQpfNqFe1U_LQ36IwjHUVb4M7QfGfo7Ywy_Kqv5H252O5otmz90etlA_F_sRIA65qAaEPWTKXTM
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EBDE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGn...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN92eTenBD2U0ToDMLZzHhY&google_cver=1&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAuc...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ3OTc5NTIwOTY4NDk1MTM2Mw&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUC...

170 B
233 B

85ms
85ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ3OTc5NTIwOTY4NDk1MTM2Mw&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGnTEzqid0wzX4UZXgjfwYeqbjk

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ3OTc5NTIwOTY4NDk1MTM2Mw&google_push=Aa02lx8ZJxHi9wwbXe6IidZzBKxjsPF_sURlUfpMvcBKw2V9MFf96LArtQuJwAhxwkf_0gnBAucRUCGnTEzqid0wzX4UZXgjfwYeqbjk
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EBDE 0
50 B 57ms
53ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LAlzbgC_YQHAbBK5i4KbbbX8Jnce-sIjq3KuGW9cYnPxitm8TBfqSU6T-HEtbc_bC76zMx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 css
fonts.googleapis.com/ Frame 9D8B 8 KB
895 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Mar 2023 02:40:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 9D8B 2 KB
765 B 37ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:12:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33969
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:12:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/ Frame 9D8B 22 KB
9 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:08:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9101
x-xss-protection: 0
server: cafe
etag: 583283675565503348
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:08:28 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 9D8B 3 KB
1 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 15:43:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 15:43:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/ Frame 9D8B 20 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230315/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 18:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8617
x-xss-protection: 0
server: cafe
etag: 263085479041318444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Apr 2023 18:07:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9D8B 0
0 49ms
48ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQdWIifBuXM_iXi5t43hWM-eBKsbMgefSGd8Kg2rS9IbVoY8P45SGZgPOTmRLIE6K9jIRcJjDxzpD8rNKm7CzuKq8SC3Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D8B 158 KB
48 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 9D8B 34 KB
14 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 17:46:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 10:19:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 17:46:35 GMT

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame E284 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9D8B 0
0 90ms
89ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CL1uKzoMWZMTcFJGfx_AP0uinoAXPq4XZbay0t9ycDZiS-IezAhABIIva-xxgleKQgqAHoAHarv-iA8gBCakC1WC00sPmsT6oAwHIA8sEqgS8AU_QK_I8MLXD_Ekq3ySMi9yPmu3u67d3E-MkdkZefIXGUJ6tSfdpHqE2QlZFLp31-6f6fyXAUx_Wy97b4uzSK57iUJg5og6-ap4SrMpECt_AEk7L4yzaWdYl-ea7hyAs5D6CzjY2xyXNSAo2vfXjpi86HhMHotmVBVSqgjq5YFoImne8G4v13cpT-cCbptwxc7FuezRQuaxGGNrEY9RrfKrvKqmL0Ie5qQ4hTk6_fsq3_cGZccC5g_RFsBb8wAS2i_jXxAOSBQQIBBgBkgUECAUYBKAGLoAHjtGAXagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOnNFdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQD0BUBmBYBgBcBshccChoIABIUcHViLTg5MTc4MzAxODkxMDA3MjEYAA&sigh=GRzcfv55_C8&uach_m=[UACH]&cid=CAQSOwDUE5ym5NueO5Nl7NWWvu1AOnFyAbdudeD2CiF90lulH-7IsVrVV1ns84Asmf9zW2k_Zs7ZeQdU9CmzGAE&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1602392501282871508/ Frame 9D8B 43 KB
43 KB 35ms
35ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1602392501282871508/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

020e8835183111104ef56f8689f6c417447d9d15aa4eca56cdee8ba35d341232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 13:30:19 GMT
x-content-type-options: nosniff
age: 137316
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43695
x-xss-protection: 0
last-modified: Tue, 29 Nov 2022 12:08:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 16 Mar 2024 13:30:19 GMT

GET
DATA 200
OK truncated
/ Frame 9D8B 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9D8B 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BF80 1 KB
643 B 50ms
49ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 17:46:37 GMT
etag: 48472445140208031
expires: Sun, 19 Mar 2023 17:46:37 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9D8B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ecd45d76443bba488e621ee6eb6561008359364ca9c3432e0e4c073186ada217

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame BF80
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1&google_push=Aa02lx9r5Kg5JOflYD4pfmIMYAZgTQEznDkY9JEKzoanyNDWPssBm-x3alfWSNiU4g60nuUcL8NtL2JwW_7d-eFktK6P8nQyHT583w
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjk0NDAzNzA0OTk3NzcwNTA0OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1

43 B
398 B

16ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEG0nD3oz__7FMaj1iB1xjWg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame BF80 43 B
391 B 180ms
177ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEKRNFX3eZAFDQB_NunCRY78&google_cver=1&google_push=Aa02lx_zVXNP2Bs5nSwvkjJMGk-aUnQIqRJefgao5NMV1ABo7h8ui2tawEFtxJS2B_IW2PlGRbnzJlnFb1ylCk2PjojEV2mQnml_sg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_zVXNP2Bs5nSwvkjJMGk-aUnQIqRJefgao5NMV1ABo7h8ui2tawEFtxJS2B_IW2PlGRbnzJlnFb1ylCk2PjojEV2mQnml_sg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7aa2af714edd35ee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF80
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEBKBFpFKW6Fp8omdsTXNJds&google_cver=1&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_mSYWpXyv8D3eDQSI
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5DF55BC9A0C04945AEDB832182FFC18D&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_...

170 B
188 B

48ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5DF55BC9A0C04945AEDB832182FFC18D&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_mSYWpXyv8D3eDQSI

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 19 Mar 2023 03:38:55 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5DF55BC9A0C04945AEDB832182FFC18D&google_push=Aa02lx-1JQQWnvgAS79k23hZX-Xwz3yheGbHsRYyBEPsAiSgHmRSH8sXXRu_uS8dLu7kTwAGuNA2ofIFc0UTl9_mSYWpXyv8D3eDQSI
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sat, 18 Mar 2023 03:38:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF80
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEMFx5TN4-Jis8FEU-rGqwuE&google_cver=1&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgr...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g_EkQeJ9TbqcdX1EeNttXg2&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgryYBpRMlda-6C0lA

170 B
188 B

82ms
82ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g_EkQeJ9TbqcdX1EeNttXg2&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgryYBpRMlda-6C0lA

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 19 Mar 2023 03:38:55 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g_EkQeJ9TbqcdX1EeNttXg2&google_push=Aa02lx_J4L9GtFCj4KFBophAXmxhIH1Txz_E-vxij7MkxJrnNmDhjZhyCA86cKnpEiZmbHX7e1SAXQKLvCzzCMgryYBpRMlda-6C0lA
x-host: tde-deliveryengine-production-86c874c4d8-p4hxj
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF80
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEN7ET_kNN63PZ6cBl2alXi8&google_cver=1&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGc...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEN7ET_kNN63PZ6cBl2alXi8&google_cver=1&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJx...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ

170 B
188 B

55ms
55ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9U8y7nGVTQOe53WdVHzn1Tq-krtrgsNQ0ikdm5g8VS0CvRVlXd-Muc66PNbWmiG15ijCky8zuG0NTcEzWPBljJxGcmyHaJYQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame BF80 43 B
352 B 76ms
19ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMy74x6ZDSlscm2oTaDm4UE&google_cver=1&google_push=Aa02lx_e2HwUURNPmXTs7wgz2_Xskea8E5Di8gje7A0ZDXpQfOvtka2BeA5W-zC0mzGJZgmETm-Xc6kcBcoBtmcwkTnGCYiB611dzXg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:54 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 2vutpck0le41jd2bbfb5u6kd556a84dj

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF80
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_push=Aa...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_hm=ZBaDz1_Mre0MthNTdDN6RgAABL8AAAIB&google_nid=index&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAO...

170 B
188 B

75ms
75ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_hm=ZBaDz1_Mre0MthNTdDN6RgAABL8AAAIB&google_nid=index&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAOBxQe5bpRW_MtBNpHRVIN2PTENjMOlbcdic0YJI4IIf272eihqf7Lnnt2-ER_sjOtnw

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 19 Mar 2023 03:38:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEICbqRw24O0CgNU20ohbudI&google_hm=ZBaDz1_Mre0MthNTdDN6RgAABL8AAAIB&google_nid=index&google_push=Aa02lx8e1NcqLU7eZdbUfV046pjY171imGNAOBxQe5bpRW_MtBNpHRVIN2PTENjMOlbcdic0YJI4IIf272eihqf7Lnnt2-ER_sjOtnw
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BF80 0
12 B 54ms
53ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IS3kAXzUOnybbKbeN53NEK7qeNbWkWjtUpjRZ2k_U-Zqv9kTck_RICr3RmqAnEBj2JMvdZ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 9D8B 28 KB
28 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 19:36:43 GMT
x-content-type-options: nosniff
age: 201732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 19:36:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 125ms
52ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230315&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bec2220a495d8d93a2ecda3b71c504c646c4b908d92bd6f495bd187ba69f6408

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11198
x-xss-protection: 0

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 2A4A 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=3842512449&adf=1858515917&pi=t.aa~a.2596561788~rp.1&daaos=1679169110076&w=1140&fwrn=4&fwrnh=100&lmt=1679197134&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679197134297&bpp=1&bdt=1543&idt=-M&shv=r20230315&mjsv=m202303140101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D77f3e031c9cfaffb-224aa06dd5de00ef%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA&gpic=UID%3D00000bc82576279f%3AT%3D1679197133%3ART%3D1679197133%3AS%3DALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg&prev_fmts=0x0%2C1140x280%2C1140x280&nras=4&correlator=5936592529877&frm=20&pv=1&ga_vid=1339684324.1679197133&ga_sid=1679197133&ga_hid=1315412909&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1926&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44777876%2C44759837%2C31072951%2C44787456&oid=2&pvsid=1391020885446324&tmod=222811933&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=iBlBURhIGt&p=https%3A//goo.by&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C63 42 B
64 B 140ms
73ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtkcEvvUOmuUcSJiorIrII1X7aFWEzKU5xusuh-BV_ZaY0spdC65XpEty4984Nt-_OQEcqD44qTbzPOKjX5skJ-8WKhq97F3QtCmXkTSRdpkSxeHiTnATx7FFeqPGNf_V-nzSKZg&sai=AMfl-YQdchXQP-R9QQwAa3CEeu2-QpqsbVMyP88eWRKr1dGcipVbK9AzXWVlFCoEdrrHNoWupd3Ar9OVrSA_&sig=Cg0ArKJSzF9xb86tdE9jEAE&cid=CAQSGwDUE5ymeo24rkJwv2wa4ZcnFlphvoKlC30DQhgB&id=lidar2&mcvt=1006&p=0,0,280,1140&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2348938529&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679197133267&rpt=1297&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 19 Mar 2023 03:38:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8017 13 KB
5 KB 37ms
35ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 42926
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Mar 2023 15:43:29 GMT
expires: Sun, 17 Mar 2024 15:43:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5862 783 B
534 B 46ms
45ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

966406330c19154a60ac47035443f0c73f448f8c0b59bca77c74d688cd0fe130

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MzUICiUysogjnATIYGrFGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-MzUICiUysogjnATIYGrFGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 19 Mar 2023 03:38:55 GMT
expires: Sun, 19 Mar 2023 03:38:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8017 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/n7KdSiWJFgbDLHajlxoGzrM9J1DJZleIE0kt7I04uFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 18 Mar 2023 22:56:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14330
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Mar 2024 22:56:22 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5862 0
0 74ms
73ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230315&jk=1391020885446324&rc=05AO5OVO9dOqmCC_G8wKsIqoxBCp_lyAUhe_J0JuZjHZNlIXvMBhzHEoibuGFYnebbDxpa7R09fio_pM35E-gSE783UE5dzHc1aX47Dani2nd5ehC2sb0XxiJ2WoUs4IUx9HgY1WH6EOflzVP7FL57Xc21nFrnVt1LPe8UtBUzHYy6rss
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 538E 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvPnQFt7r1qTXgW2F2KRj1GBvvEKtcfLLlts9K8vW0DJ6Zz6AtaTE2Z7P9ZkA1OKGbNhDKU4wrIYAmsncxWsojTAskz5z06xyr4BrlkAYubpelMoRo4WRcrsM2I_UnofPZc3NgdEg&sai=AMfl-YTZRl4eQBea54vzxTSheEVapN5WqtWN231yGHYhn_9hWq5Gn06ZFtA1Oi2Bc7KJuXOy9Z6YICc1Bl-C&sig=Cg0ArKJSzDxcR1WZizqIEAE&cid=CAQSGwDUE5ymmlLKb3zvkIfE3eFdChTw2s_nVHq8zBgB&id=lidar2&mcvt=1003&p=0,0,500,180&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=293675614&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679197134400&rpt=493&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 806A 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsujBvBZ7pioBAN--ipq1g2CBUMKtva_XHoEpdxcM04NIUdLVL-ONYdl2VEkYvAILnh4Pix7lk0ievoLAD5rVZzrKVekNH_bTglLM_yq7uidJuGbrunvnff2PdHoTLLjOMxd5p_peQ&sai=AMfl-YSe0LiDajhnF5X3u7rvf9TcNX-weRIEFpMBgunY8pCEVK-iEs7wLPm-f7lR7-p2s6Zgw1B3Kb7HNibt&sig=Cg0ArKJSzKn-BejHUFY4EAE&cid=CAQSGwDUE5ymmlLKb3zvkIfE3eFdChTw2s_nVHq8zBgB&id=lidar2&mcvt=1006&p=0,0,500,180&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=293675613&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679197134397&rpt=483&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Mar 2023 03:38:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8017 0
10 B 35ms
35ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?z-8f3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:38:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 76ms
75ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230315&jk=1391020885446324&bg=!8POl86fNAAZEjmHWZI47ADkAdvg8WuAY0tgZSmyK8e2SW2sSaxRdJyvJg1RKnn-epzNSV0W6UVQdNZR3LnAtBDFEpXzL0arTq28CAAAAgVIAAAAKaAEHCgA-t96Dis7V_VwR6586AKFXil2Mkxnxn9NhQmiuhKyvXL1b8laDaTJJ--3NeA_TjJCQW6TKVg4420lt6Pi5b8eZAo_DUR6-cQyxa8P-P1VZ5t7pZBJsA2dWKq8iQUlMP2AHX4x5wo5hk7UfLW51CcrTD7YyhLlb4vbZ7jfyHR9kXLMIbbymdiTFT1uioBzFOPz6ffEvOko4C8p6SgavV5KZ6RUThf3lVqikoCon1bT9pFYOIcVg7qg32iGO-poDFeneD3UNL1dFXJxSry131hUFUBJLZZYaykbr3tVQbDIcrEpxYxBrR_Mf1o-HLbt-WyDU-3eib06uTjAUfFl3sBFdW4ultmyD_uAFVI-fAeVte2t9fGvoNjFVW0BH0F_sMZuH0ve4ldQU0oMetonHSNhw1scXQd9sF8uiXG8RrzyEvI9hCju4lHTdyHpIk3Tzb3SJKDynlzenmNcJ9FZI4ZRAEiOPkZ4cM2SItE_FE8s9fBVh9jaWb4-7QOEi_FdDnNGT-ABqbSpkJuaA94LN6zvsREVxgeA2tWW8dIPsDgs0OGcI_6AYJgYPL1RA4J3Av6WXYhH4NYDl7Vbb0GaCBx6MlhVFB88RCC_8Nk4jbNylT46wOdRJDhdeAo8WU-JaBe2JyLnALF7i6ZLH3cI1V5U-mX0GCdmIwCeRuplm3MfPKTCwb1lpIcFcvUEpRm8NKy3BiKnhhclAGMzKfo3TtcBgMoG1B2Imjt4ZC0u9WG2WIG_my7YpOwocTw4WX3A7x2uR4TaKJ8UEqxoOCOAzb3AI2GH61CTwylW3HHzA_Irrr_FdyRJcEmGyJZWkNFu1RC88ywjsIlL1KrZEMYcoxeXmal_U8SEeXg2gSl9V6YgNrJ6PNan1zVxpHazor3_KgAF-dTrwwm883Ax26d4RuV6NBNWRpk05dXWQsjyIWdCE90IFlBVNd0bD92AE1ludRty9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBu2xW4RSb_sWBX9QkS5HDc&google_cver=1&google_push=Aa02lx-rWVRf3-Y4uKofajL51I7GPg1r3zTgotne8MJzc7E3XgGNAIUkZ5CV7XMKxgb7F5AJCS5EGFfr1pSYuObmQVOtEZGZdJ4qsg

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 14:45:49	Name: _GRECAPTCHA Value: 09AO5OVO9U2RsbvzqLlYEjFur9jtMr3KIpVYSik6caMbdAtOp7zK73bKpQRhEbpaYEytOhdAkAaVxjgwb7ZdKiMuc
goo.by/	1969-12-31 23:59:59	Name: PHPSESSID Value: h3erp37i61gm2kf2n2bld5vkiv
.goo.by/	1970-01-20 19:12:13	Name: _ym_uid Value: 1679197133219503669
.goo.by/	1970-01-20 19:12:13	Name: _ym_d Value: 1679197133
.goo.by/	1970-01-20 19:48:13	Name: __gads Value: ID=77f3e031c9cfaffb-224aa06dd5de00ef:T=1679197133:RT=1679197133:S=ALNI_MZHDANCx-0-BgqFv-t9_1hPngGjcA
.goo.by/	1970-01-20 19:48:13	Name: __gpi Value: UID=00000bc82576279f:T=1679197133:RT=1679197133:S=ALNI_MYeiILaboHn0DabXgoCvc7d2UG_Sg
.goo.by/	1970-01-20 10:27:49	Name: _ym_isad Value: 2
.mc.yandex.com/	1970-01-20 10:26:37	Name: sync_cookie_csrf Value: 267331726fake
.mc.yandex.by/	1970-01-20 10:26:37	Name: sync_cookie_csrf Value: 1637309286fake
.mc.yandex.ru/	1970-01-20 10:26:37	Name: sync_cookie_csrf Value: 1492167198fake
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1566002101679197133
.yandex.com/	1970-01-20 20:02:37	Name: i Value: 61EDSVO3bSXLz7ghhQkGZTnyNqqXe4GquUPrKEqDhax2nc5+trWqKidJhGdQ3b1qxG6dUdMqUHVF0x8TTeTGBb0BN70=
.yandex.com/	1970-01-20 20:02:37	Name: yandexuid Value: 655759791679197133
.yandex.com/	1970-01-20 19:12:13	Name: yuidss Value: 655759791679197133
.yandex.com/	1970-01-20 19:12:13	Name: ymex Value: 1710733133.yc.1679197133#1710733133.yrts.1679197133#1710733133.yrtsi.1679197133
.doubleclick.net/	1970-01-20 19:48:13	Name: IDE Value: AHWqTUljaGOCvMveOvB3WjsApcOzPyEXw-3q91Rc7_wDg1U4euMoSCP6VGqoG0xSSmo
.doubleclick.net/	1970-01-20 10:26:40	Name: DSID Value: NO_DATA
.ctnsnet.com/	1970-01-20 19:12:13	Name: cid_75a09914460149d0aacec998b4ee4fdc Value: 1
.ctnsnet.com/	1970-01-20 19:12:13	Name: gid_CAESEOAxKCz_t-RvZ6KHWvOSkrk Value: 1
.bidswitch.net/	1970-01-20 19:12:13	Name: tuuid Value: d11cd8ee-a847-48e2-a3d1-f8a9d2572b0d
.bidswitch.net/	1970-01-20 19:12:13	Name: c Value: 1679197135
.bidswitch.net/	1970-01-20 19:12:13	Name: tuuid_lu Value: 1679197135
.w55c.net/	1970-01-20 19:58:17	Name: wfivefivec Value: fHPDgAMp1PDJSL5
.w55c.net/	1970-01-20 11:09:49	Name: matchgoogle Value: 5
.bidswitch.net/	1970-01-20 10:26:37	Name: google_push Value: Aa02lx_Bp7GQSb6nrmZv5_HNhjjvrvvfBIEoBs5WOIFC8bb0v2oZBReBZ1PmoX5RQ_RWh7ZliWIGjb_tGC2er6KXFG4u83TDuLsWuSk
.adfarm1.adition.com/	1970-01-20 12:36:13	Name: UserID1 Value: 7212096778366810257
.adform.net/	1970-01-20 11:11:15	Name: C Value: 1
.turn.com/	1970-01-20 14:45:49	Name: uid Value: 2944037049977705048
.adform.net/	1970-01-20 11:53:01	Name: uid Value: 7479795209684951363
.everesttech.net/	1970-01-20 19:12:13	Name: everest_g_v2 Value: g_surferid~ZBaDzwACsDILjgA9
.yahoo.com/	1970-01-20 19:12:34	Name: A3 Value: d=AQABBM-DFmQCEHsoWTU5KqXtg4nBytG_XbMFEgEBAQHVF2QgZAAAAAAA_eMAAA&S=AQAAAncHMgk-PzZuih5_X70IQec
.simpli.fi/	1970-01-20 19:13:39	Name: suid Value: 5DF55BC9A0C04945AEDB832182FFC18D
.casalemedia.com/	1970-01-20 19:12:13	Name: CMID Value: ZBaDz1-Mre0MthNTdDN6RgAA
.casalemedia.com/	1970-01-20 12:36:13	Name: CMPS Value: 1215
.casalemedia.com/	1970-01-20 12:36:13	Name: CMPRO Value: 1215
.travelaudience.com/	1970-01-20 19:58:17	Name: _tracker Value: %7B%22UUID%22%3A%2283F12441-E27D-4DBA-9C75-7D4478DB6D5E%22%7D
.de17a.com/	1970-01-20 19:05:01	Name: guid Value: 1.3857077417068119025
.tribalfusion.com/	1970-01-20 12:36:13	Name: ANON_ID Value: aRnseFPME7eQmKvCiHhigmUTjpsMqudgVrXbZaGZbds7NYvZc5mif5phMgZasv45lvnI4AtQfZa04BdRgBkwQ85Cx

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=293675612&client=ca-pub-8917830189100721&fa=2&ifi=13&uci=a!d&btvi=6&xpc=eHBuaK0XRK&p=https%3A//goo.by Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-2-&adk=293675614&client=ca-pub-8917830189100721&fa=4&ifi=12&uci=a!c&btvi=5&xpc=9k09tprPq7&p=https%3A//goo.by Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230315/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=293675613&client=ca-pub-8917830189100721&fa=3&ifi=11&uci=a!b&btvi=4&xpc=V9hEOClZUX&p=https%3A//goo.by Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.turn.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
d5p.de17a.com
dsp.adfarm1.adition.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
goo.by
googleads.g.doubleclick.net
match.adsrvr.org
mc.yandex.by
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
r.turn.com
rtb.openx.net
s.tribalfusion.com
ssum-sec.casalemedia.com
sync-tm.everesttech.net
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
sync-tm.everesttech.net
142.250.186.34
151.101.2.49
18.194.238.124
185.80.39.216
2001:678:cb4:bbbb::11
213.155.156.164
2606:4700:3037::ac43:899a
2606:4700::6811:180e
2606:4700::6812:19ad
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2001
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2002
2a02:6b8::1:119
2a05:d018:d29:3602:c4cb:4322:c3f3:dc8d
3.120.73.5
3.33.220.150
35.186.193.173
35.190.0.66
35.204.158.49
35.227.252.103
37.157.6.245
69.173.144.138
85.114.159.118
00a54117c87f6a5f64ee160201d8451d202bb46db0ed0d1cf835840011282949
01181fe4d47c4645b8f60d39217dd78b8fb823dbd96a39485a0950756915a364
020e8835183111104ef56f8689f6c417447d9d15aa4eca56cdee8ba35d341232
029edae1c6301cefa4391e2a215d361cf0a72f76c9f0fe044c40651049215b6f
08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f
08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1912ec9329c898b56073a8120eb94e72e0bb858b390443cbc65d18a494572215
195ffe64f7501043f3700fdf9fbf2012d0b66fa26dcad328db4d5e8430fb520b
1b0f6266f5451df27af597034775eb8facf66824e47166a6918b66642a892e00
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
27363905b0ea3bbc0f23d6193f1c7910728626648a31a7308b8d02bbf905427f
2a0e5bf3737755c3dff420d02d33cddae12560e84c602859f2d3f7da6a906116
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
317f149045d69a8bf445de8bbd3ff61b2cc95da746998e97f4381dfe3326c7f7
3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3d58342582faacf8e635eea9308379a1b82fc1d1977c642ad6af8b738abdc891
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43df0eac8cd04fe4184d857d79cb2b72f9c636dfbc7d3bc6555ce0aacf2f2c47
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
46d2adb674341ab345b9d9a897714aceab6c430c15bf696a6cb45ac5cb7738bf
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fdd793c6b9c084150c7577c83ddd7bdb6f38b1e5b1f036418f20d6d080b42a5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561736faecba167b5b538be37b8d7c4e686c307c4a64413228980aa4d0cad961
56979e872da578544dec9c08574e0e42f40efa81016660b13e68e3c583a035a7
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee
5e3f0a216d331f28ef4fc1b4c8503c1a91299ce769feafa4b3774f86200dac1c
6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63d4ce33e14074f9f391fb2025a73128975d645bfd427adffdffa2291b0303db
6461e3d621bb44222b85c04e787c3a1bc2c296316d77bc175e682c177557fa76
68decb9b04351770373306a7d4eef2a677b9f2541d790a42fc6f72e8cdcc7bd0
6c785dee6ed2b248070e51f80868e1b938665681c17188c4e579c9c509ae05d8
74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612
83424e16faa6b762de3210a5681de9ded45668d8b56293b60362ceabc99c994c
877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb
8a6355d74ef3f07bd7d876f73a91d4f4eefc777da295960cc32840ec059fd15a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9018e6709cc0720ac1077d552464176bdcba459344cdecf7b001480cc8c037ab
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
966406330c19154a60ac47035443f0c73f448f8c0b59bca77c74d688cd0fe130
99771b396dab463693f3f4b72d9b8d0d5b494789ac61332a1415300a8c87f5ec
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9fb29d4a25891606c32c76a3971a06ceb33d2750c966578813492dec8d38b851
a01d50b1257ade421f527ee3b332f83e46bde30a83583806c2c2eb1e4de31fe6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25
a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb
a7f5aa3c30e5e04ad238de50a95faea8bd9dc5d3ae4ecf884f2b16a8d2aa2a2c
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72
aaaeff283d77d5f0d27c6ae7768ea2bba13a624a99b79208db30e0a7ca2e7c27
aebfac1c19fa21f4e1c20cc17b4c4018283917b2da578ad0f0f5a7742c77b19d
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b87eb697514c4f7f78d19319a9f7f9ec477787d3c6060ae86eb7cb04a64eac13
bec2220a495d8d93a2ecda3b71c504c646c4b908d92bd6f495bd187ba69f6408
c0579474c93f54edd0ea223b6a2d552da76783a4b919501f743f47b93225f633
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c44313430f757e3a44c796394ad431ad413d363d4467dfbc6cf1867e560969c3
c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cf0e934daa92ef101fcdf4f64d318324f197533bc3a8ad60630a947cef5d7073
d12fcbeb7624beef6c90755330fd5dfc2fd155c8e1f596129c9531821c5a85be
d69ba2a3cb603ff3aba5f081ad98b683d0b0788524d62f5b4df4f240658b4c90
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9d91ff5b9a775b5ce8c6c81e51e71c27194d11ac8690353727d23c91f7b317c
df57fdd697010bbfcec8c72546e801feadc9773a632e5497ede3dc4aabebfeec
e337c98d5ed7ed7e852c87ee65bf108bd1cf6377d585c9f7b595a9e54ad41fa5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ecd45d76443bba488e621ee6eb6561008359364ca9c3432e0e4c073186ada217
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1eeeb0cc2e1ffcc4d9c8cb2aa447cd277e018037b8723f8d63a23a70c8eae3
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fb0da042b5626ff3c34be283c780411e5664400008fe714920d89e5ef72fd9ae
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

goo.by Open in urlscan Pro 2606:4700:3037::ac43:899a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

198 Requests

88 %HTTPS

53 %IPv6

29 Domains

35 Subdomains

19 IPs

9 Countries

2233 kBTransfer

5906 kBSize

38 Cookies

0 Outgoing links

Page URL History

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

goo.by Open in urlscan Pro
2606:4700:3037::ac43:899a Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

88 %
HTTPS

53 %
IPv6

29
Domains

35
Subdomains

19
IPs

9
Countries

2233 kB
Transfer

5906 kB
Size

38
Cookies

198 HTTP transactions
11 data transactions