www.beforeout.com Open in urlscan Pro
43.154.91.28 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.beforeout.com/
Submission: On November 29 via api (November 29th 2023, 6:49:09 pm UTC) from US — Scanned from DE

Summary HTTP 175 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 18 domains to perform 175 HTTP transactions. The main IP is 43.154.91.28, located in Hong Kong, Hong Kong and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is www.beforeout.com.

This is the only time www.beforeout.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	43.154.91.28 43.154.91.28	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
32	139.60.161.80 139.60.161.80	395839 (HOSTKEY-USA) (HOSTKEY-USA)
2	2606:4700:303... 2606:4700:3031::ac43:d208	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
15	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	119.28.16.172 119.28.16.172	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
15	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
6 8	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
4 8	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4008:805::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	64.233.184.154 64.233.184.154	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
1	172.64.151.202 172.64.151.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 4	3.123.186.116 3.123.186.116	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:63::6	15169 (GOOGLE) (GOOGLE)
6	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
5	130.211.44.5 130.211.44.5	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a02:26f0:350... 2a02:26f0:3500:58c::1ec4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:440... 2606:4700:4400::6812:2aef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
175	31

15 43.154.91.28 (Hong Kong, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

www.beforeout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 139.60.161.80 (New York, United States)

ASN395839 (HOSTKEY-USA, US)

pic.beforeout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:d208 (United States)

ASN13335 (CLOUDFLARENET, US)

static.intentarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.28.16.172 (Hong Kong, Hong Kong) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

count.xxxssk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.36.155 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.171.149 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4008:805::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.184.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.202 (United States)

ASN13335 (CLOUDFLARENET, US)

vast.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.123.186.116 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-186-116.eu-central-1.compute.amazonaws.com

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:63::6 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r1---sn-4g5e6nsr.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 130.211.44.5 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com

tpsc-video-eu.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:58c::1ec4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

secure.insightexpressai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2aef (United States)

ASN13335 (CLOUDFLARENET, US)

vtrk.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ade.googlesyndication.com — Cisco Umbrella Rank: 301	532 KB
47	beforeout.com www.beforeout.com pic.beforeout.com	429 KB
29	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 bid.g.doubleclick.net — Cisco Umbrella Rank: 802 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 ad.doubleclick.net — Cisco Umbrella Rank: 154	178 KB
10	gstatic.com csi.gstatic.com fonts.gstatic.com	32 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	4 KB
7	doubleverify.com vast.doubleverify.com — Cisco Umbrella Rank: 1695 tpsc-video-eu.doubleverify.com — Cisco Umbrella Rank: 14309 tps.doubleverify.com — Cisco Umbrella Rank: 515 vtrk.doubleverify.com — Cisco Umbrella Rank: 1375	5 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	5 KB
5	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 300 gcdn.2mdn.net — Cisco Umbrella Rank: 1173 r1---sn-4g5e6nsr.c.2mdn.net	2 MB
4	adtriba.com 2 redirects d.adtriba.com — Cisco Umbrella Rank: 109263	1 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 imasdk.googleapis.com — Cisco Umbrella Rank: 447	135 KB
3	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 110	2 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	104 KB
2	insightexpressai.com secure.insightexpressai.com — Cisco Umbrella Rank: 1399	4 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	128 KB
2	xxxssk.com 1 redirects count.xxxssk.com — Cisco Umbrella Rank: 186586	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	89 KB
2	intentarget.com static.intentarget.com — Cisco Umbrella Rank: 283054	6 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
175	18

	Domain	Requested by
37	pagead2.googlesyndication.com	www.beforeout.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
32	pic.beforeout.com	www.beforeout.com
15	tpc.googlesyndication.com	www.beforeout.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com imasdk.googleapis.com
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.beforeout.com googleads.g.doubleclick.net
15	www.beforeout.com	www.beforeout.com
8	csi.gstatic.com	imasdk.googleapis.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	ade.googlesyndication.com
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	tpsc-video-eu.doubleverify.com
4	d.adtriba.com	2 redirects
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
3	www.facebook.com	1 redirects connect.facebook.net
3	cdnjs.cloudflare.com	www.beforeout.com cdnjs.cloudflare.com
2	secure.insightexpressai.com
2	r1---sn-4g5e6nsr.c.2mdn.net
2	s0.2mdn.net	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	www.googletagservices.com	www.beforeout.com
2	count.xxxssk.com	1 redirects www.beforeout.com
2	connect.facebook.net	www.beforeout.com connect.facebook.net
2	static.intentarget.com	www.beforeout.com cdnjs.cloudflare.com
1	vtrk.doubleverify.com
1	tps.doubleverify.com
1	gcdn.2mdn.net	1 redirects
1	www.google.com	tpc.googlesyndication.com
1	ad.doubleclick.net	imasdk.googleapis.com
1	vast.doubleverify.com	imasdk.googleapis.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	fonts.googleapis.com	googleads.g.doubleclick.net
175	32

This site contains links to these domains. Also see Links.

Domain
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-08` - `2023-12-07`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
vast.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-06-11` - `2024-07-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-11-14` - `2024-01-23`	2 months	crt.sh
*.doubleverify.com Starfield Secure Certificate Authority - G2	`2023-08-25` - `2024-09-25`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-09-29` - `2024-09-28`	a year	crt.sh
*.insightexpressai.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-16` - `2024-03-15`	a year	crt.sh
vtrk.doubleverify.com E1	`2023-11-09` - `2024-02-07`	3 months	crt.sh

This page contains 17 frames:

Primary Page: http://www.beforeout.com/
Frame ID: 914B5F7ADE6142C9C6EA5482C5F38D40
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 14FE89E05E0B55D6D16E23F22C1975C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7582387081038556&output=html&adk=1812271804&adf=3025194257&lmt=1701283743&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x945_r&format=0x0&url=http%3A%2F%2Fwww.beforeout.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&dt=1701283742860&bpp=2&bdt=439&idt=187&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2420082694635&frm=20&pv=2&ga_vid=1863617504.1701283743&ga_sid=1701283743&ga_hid=643941317&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078301%2C44807754%2C44807764%2C44808149%2C44808284%2C44809071%2C318512601&oid=2&pvsid=4220443653273820&tmod=254759768&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=205
Frame ID: 46A05BB5D3B644DED59A1EA5C30ED37B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.9/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df43c45294b308%26domain%3Dwww.beforeout.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.beforeout.com%252Ffca8af0caa54e8%26relation%3Dparent.parent&color_scheme=light&container_width=336&header=true&href=https%3A%2F%2Fwww.facebook.com%2F%25E6%2599%2582%25E5%25B0%259A%25E8%25B3%2587%25E8%25A8%258A-1542849085944229%2F&locale=zh_TW&sdk=joey&show_faces=true&width=auto
Frame ID: 51F671304BE3B8609837C4D62E73147E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc4b7ce18ceffc%2526domain%253Dwww.beforeout.com%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fwww.beforeout.com%25252Ffca8af0caa54e8%2526relation%253Dparent.parent%26container_width%3D0%26height%3D150%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525E6%252599%252582%2525E5%2525B0%25259A%2525E8%2525B3%252587%2525E8%2525A8%25258A-1542849085944229%252F%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dfalse%26width%3D300
Frame ID: 862CE43737FB00D7D89D050524A374D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B9EC6E60C53836D89D5752893D067C8B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E8263875F8E8C8BC743E10DDA759523C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 954046FC7BD2153364237DBB89626DCC
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNVwiZC6_oUu9FLVQDQqMWi1gqCcCIMuddNLWySRrvkgsoO8el8I_IuFSl5Oou3moKD5fbbCEu-eALgqZLQ6oR4IUizuWzbmsOLm55hIRX0CAwSPShshIrv_--8hlFGj5zSEuf6jplON7KtmhrIcj5OVjTFpGQq8v4SJNwk5tQ1dZZAPZY4
Frame ID: 95710ADF277A322542BDD327AB67FDDB
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: B712BE3D31109D24829F05DCAC5E7565
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNU_rcv-O7Nb869fK5h6D9qYg00NcAjVFEEoartiDzuZz45McfPPdnMQPsoUMysgbW6dkJcfvp_68wgly3TcAhbpJ89fe_14ROUMl8VOLXJ_k8YDIO6VnBuqvUys6ftM6mZatk1SEVP7r7aHsg1Ar6SMoO_Dh2k4_xuybGkOZlLOIWI406k
Frame ID: 969B4ADB818B756D2ABE772A7C210297
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 0549F7FBE9A11D292B17E3124694AB75
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F9FE4523EE1CF55F0BC680E90E4A8738
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D250FADA7B14D913C77E774A9F063A6C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F59773CC5DE8D383AC868BE5FA99EAAE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1C57AC35BE200FA7226A704E8C54A337
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: BAE368C3BB56556014AB880ABF9E131A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

彩妝_化妝_彩妝教程_彩妝步驟_化妝步驟_怎樣化妝 - 色彩地帶

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

175
Requests

65 %
HTTPS

58 %
IPv6

18
Domains

32
Subdomains

31
IPs

5
Countries

3397 kB
Transfer

5627 kB
Size

16
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/%E6%99%82%E5%B0%9A%E8%B3%87%E8%A8%8A-1542849085944229/
Title: 臉書

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

http://connect.facebook.net/zh_TW/sdk.js HTTP 307
https://connect.facebook.net/zh_TW/sdk.js

Request Chain 30

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=false&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc4b7ce18ceffc%26domain%3Dwww.beforeout.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.beforeout.com%252Ffca8af0caa54e8%26relation%3Dparent.parent&container_width=0&height=150&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25E6%2599%2582%25E5%25B0%259A%25E8%25B3%2587%25E8%25A8%258A-1542849085944229%2F&locale=zh_TW&sdk=joey&show_facepile=false&small_header=false&width=300 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc4b7ce18ceffc%2526domain%253Dwww.beforeout.com%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fwww.beforeout.com%25252Ffca8af0caa54e8%2526relation%253Dparent.parent%26container_width%3D0%26height%3D150%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525E6%252599%252582%2525E5%2525B0%25259A%2525E8%2525B3%252587%2525E8%2525A8%25258A-1542849085944229%252F%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dfalse%26width%3D300

Request Chain 60

http://count.xxxssk.com/s?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&sid=527&dpr=1&appCodeName=Mozilla&appName=Netscape&appVersion=5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/119.0.6045.199%20Safari/537.36&maxTouchPoints=0&platform=Win32&product=Gecko&productSub=20030107&vendor=Google%20Inc.&deviceMemory=undefined HTTP 301
http://count.xxxssk.com/s/?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&sid=527&dpr=1&appCodeName=Mozilla&appName=Netscape&appVersion=5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/119.0.6045.199%20Safari/537.36&maxTouchPoints=0&platform=Win32&product=Gecko&productSub=20030107&vendor=Google%20Inc.&deviceMemory=undefined

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHk9GiDCVPjtx4eZtCU7sOA&google_cver=1

Request Chain 85

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWeHoOY17IlISJKmWHi2vgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEECeI3mrFQWunpm_dzmjuX8&google_cver=1

Request Chain 87

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNzUwODYxMjA3NzAwODE5MQ%3D%3D

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

Request Chain 89

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWeHoOY17IlISJKmWHi2vgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAyEn88G_-Fd1XwUs_eYS4c&google_cver=1

Request Chain 91

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5MTQ1Mzk1MjYzMjcwODQxOA%3D%3D

Request Chain 122

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202303_ds_paddington_dv_pros_371805496&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 127

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202303_ds_paddington_dv_pros_371805496&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 137

https://gcdn.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/7CA6C454E8097A39DC99AA94A10EE2A1F4777AEB.129B66D53CB1E123C6EC09D6EF3540B4F7D5E8D8/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/804E3DA2890B60C79395B4B91C8F17E1CF593C32.60645D0C361DBBDE00712D3066786C7E5A99FD39/key/cms1/cms_redirect/yes/mh/J0/mip/2001:1b60:1010:3:1011:70ec:376d:8c6b/mm/42/mn/sn-4g5e6nsr/ms/onc/mt/1701281644/mv/u/mvi/1/pl/44/file/file.mp4

175 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.beforeout.com/ 59 KB
11 KB 561ms
283ms Document
text/html 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 64b7698263dfebbb3c0a29b8fdfff9fcac2712ebb96e6a0e9e2eda3e20fad2c8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 29 Nov 2023 18:49:02 GMT
Server: nginx/1.12.2
Transfer-Encoding: chunked
X-Powered-By: ASP.NET

GET
H/1.1 200
OK global.css
www.beforeout.com/content/20170228/css/ 33 KB
6 KB 253ms
253ms Stylesheet
text/css 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/content/20170228/css/global.css
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: a6bdc585c3b518451b10670d9ab66312b6adc5090a09b37fbcc8faccbf8050d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Dec 2017 12:27:31 GMT
Server: nginx/1.12.2
ETag: "803bae10e7fd31:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization
Content-Length: 5828

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/ 28 KB
6 KB 72ms
29ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 59156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5324
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7187"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfTFo8YqQeOcADq52v0e3BkQBZjgKEYbx68wUzDLImW%2FtM7uqXRN5HjXxrUJnZDB2bv7mLIG7Ji7MLsn1WNoEo44lzFxtVK%2F7Cik5BpYHdaPn2sVyM0lzYpo3EHpIwZkZZAHOiJWFjy5NP5peiBpKh8q"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82dd073e7f1071cb-FRA
expires: Mon, 18 Nov 2024 18:49:02 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ 85 KB
27 KB 73ms
30ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 682067
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27192
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-152b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFWNouRlNPnLvTp72SLwlYHO%2BOHwWLrwJM5fpaU36%2FvdFqsVo8Oeq%2BCIxh6Uh1ixa28W3jB%2Fr97t9hla%2BA6%2F16RDrfG2lVOt9Lud93lImwGEZIgmsZRR9J9%2Btkk9e%2Fm0pYZuNhp49OLN1HE6TTfwJQBX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82dd073e7f1471cb-FRA
expires: Mon, 18 Nov 2024 18:49:02 GMT

GET
H/1.1 200
OK global.js Show response
www.beforeout.com/content/20170228/js/ 5 KB
2 KB 254ms
254ms Script
application/javascript 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/content/20170228/js/global.js
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: ce0322b200a5c8dc72040c6ffc2ce323975c0b12c66e3149779a71b60850661d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 14:09:01 GMT
Server: nginx/1.12.2
ETag: "807cad8a5e93d21:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization
Content-Length: 1647

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 129ms
76ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20155aac4b10cd62ea67ce2179e59c312104c43db0f292fa042f411f3eb35d34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52683
x-xss-protection: 0
server: cafe
etag: 10887766563077513710
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK 6987575AEE23w640h426_660x300.jpeg
pic.beforeout.com/uploads/20200901/69/ 11 KB
10 KB 215ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20200901/69/6987575AEE23w640h426_660x300.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 832584b85607234b4469d6b788fd6c72935f794d8c8e8513b34cb3d945461724

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK 373DA8409A28w640h426_660x300.jpeg
pic.beforeout.com/uploads/20171025/37/ 23 KB
24 KB 216ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20171025/37/373DA8409A28w640h426_660x300.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: c88cda9e285d02910c2022112205f2dce3d13f53d5742bdc1cb2e1c8b09b5fdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK 3FF0820EEF6Cw600h880_660x300.jpeg
pic.beforeout.com/uploads/20231128/3F/ 17 KB
18 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231128/3F/3FF0820EEF6Cw600h880_660x300.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 5501498a453b4acc4caef1891f9080c2bb35c61a09d605b5cf62d2fd70233b58

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK 2231490A9B23w600h309_660x300.png
pic.beforeout.com/uploads/20231128/22/ 18 KB
16 KB 154ms
101ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231128/22/2231490A9B23w600h309_660x300.png
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 3bfe63a441a2059439cdbdf3c67fc19887b7cd16cd8abc87b741f255aaddd864

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK 349C9C2EA6D9w640h425_660x300.jpeg
pic.beforeout.com/uploads/20180609/34/ 17 KB
17 KB 159ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180609/34/349C9C2EA6D9w640h425_660x300.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 4bf4ac09d0875116b852e903eb2c170ea19c8863eeb6ed687c2d88eb9dede93a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:02 GMT

GET
H/1.1 200
OK lazyload.gif
www.beforeout.com/images/ 3 KB
3 KB 474ms
252ms Image
image/gif 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/images/lazyload.gif
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 2b0e9f761266ecee6bc574f4611340b3eebd332a1817313e2541126349bd10c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:58 GMT
Server: nginx/1.12.2
ETag: W/"5386de293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK lazy200x120.gif
www.beforeout.com/images/ 1 KB
2 KB 486ms
257ms Image
image/gif 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/images/lazy200x120.gif
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: c0de6043a752abe45ec46b7a17d89e25bd49b6026bc4b3d7f166478ce7e4ee3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:58 GMT
Server: nginx/1.12.2
ETag: W/"5386de293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK stat Show response
www.beforeout.com/ 8 KB
2 KB 255ms
254ms Script
application/x-javascript 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/stat
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 8c3b28a9e6529041cf0eef8f276221f3a0b44ddb15b31384e4cac09f5049f65b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK layer.m.js Show response
www.beforeout.com/js/ 3 KB
2 KB 259ms
258ms Script
application/javascript 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/js/layer.m.js
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 003626a91e4224455a9749ef15b4bb3b2bc76d827712167b2932c493e1891a20

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:59 GMT
Server: nginx/1.12.2
ETag: "804b85e293d21:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization
Content-Length: 1481

GET
H/1.1 200
OK lazyload.js Show response
www.beforeout.com/js/ 4 KB
2 KB 257ms
256ms Script
application/javascript 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/js/lazyload.js
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 4245858d3bdafb53a75d02f84a7eb56c211bada3da377a13802777c05d25035b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:59 GMT
Server: nginx/1.12.2
ETag: "804b85e293d21:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization
Content-Length: 1367

GET
H/1.1 200
OK jquery.royalslider.min.js Show response
www.beforeout.com/js/ 63 KB
18 KB 520ms
260ms Script
application/javascript 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/js/jquery.royalslider.min.js
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 348b3c95daa5a7b6068804aff6dd4f7cdecc25010eaff48fc4b9c90148e1b7af

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:59 GMT
Server: nginx/1.12.2
ETag: W/"592298e293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK royalslider.css
www.beforeout.com/css/ 4 KB
1 KB 517ms
257ms Stylesheet
text/css 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/css/royalslider.css
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 4391971c3ad563f8b8a385ff3acab20d716080862e8d6c3d5e1e0d13afc213e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:55 GMT
Server: nginx/1.12.2
ETag: W/"d1af9ec293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK healthway.js Show response
static.intentarget.com/ypa/pcbt/ 15 KB
5 KB 69ms
37ms Script
application/x-javascript 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://static.intentarget.com/ypa/pcbt/healthway.js
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98088b111a40a403858b806584046bc19ca889ed2a96002dbb67631365e7655a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:02 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 123318
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 20 Jan 2018 13:11:50 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPBMbbF4hiONl2l2wYVt8I3L8OevAEb%2BCYjaWWmgK0nG0QBNnohOHaDELrBo75U6rE67bWYbmznzfPlv1xLW044stdX3fYHESev9bnq4mLA3K%2B0tGcK3ODrySVDKWLx%2FYLHibxm37tWZGwhaHma0JbrWiwJe"}],"group":"cf-nel","max_age":604800}
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: max-age=259200
CF-RAY: 82dd07401e3f03b0-FRA
Expires: Fri, 01 Dec 2023 08:33:43 GMT

GET
H2

200

sdk.js Show response
connect.facebook.net/zh_TW/
Redirect Chain

http://connect.facebook.net/zh_TW/sdk.js
https://connect.facebook.net/zh_TW/sdk.js

3 KB
2 KB

71ms
20ms

Script
application/x-javascript

2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f9e8bf5919cfb25f76a2ba0126e58158523e8a5f035a1f20251edb6227a73c20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 29 Nov 2023 18:49:02 GMT
content-md5: 5dsECqK/UHWdF2K943UYSQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints
x-fb-debug: xNBMsmIXxOIZHQ8vV8Ho5v4xmdXaw2MGKQfl+MLPnxLwpyP0H/NZJmPN7nW5WmBeNkq8RgUrV7NUB98pf6p0vQ==
x-fb-content-md5: 2e03d5d4af4f0fdf884e8d312261aa8e
cross-origin-opener-policy: same-origin-allow-popups
etag: "b9d014bfaefaf48a8d7097219d9c2f79"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:31 GMT

Redirect headers

Location: https://connect.facebook.net/zh_TW/sdk.js#xfbml=1&version=v2.9
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK make-logo.gif
www.beforeout.com/sp/ 7 KB
7 KB 754ms
253ms Image
image/gif 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/sp/make-logo.gif
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: d476e5a745310adec1e9711ec14bff34eaece1876095cb1b43f4eeeef1439f00

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 04:10:33 GMT
Server: nginx/1.12.2
ETag: W/"a15366f0a93d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK popwinbg.png
www.beforeout.com/images/ 933 B
944 B 488ms
259ms Image
image/png 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/images/popwinbg.png
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/content/20170228/css/global.css
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: aca1df6fb68584fbe9dba66bea256334c075056b76a76e0f0d46eee8d6ab4c2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/content/20170228/css/global.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:58 GMT
Server: nginx/1.12.2
ETag: W/"5f9a6fe293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/ 70 KB
71 KB 58ms
31ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9682aff0dfb2932f5273721abd9190df39eeb0f42c37a24566aa4ac5753219c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css
Origin: http://www.beforeout.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:02 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2559974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 71896
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-118d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVugjUyK0TDe5OfItMfxI1Roi4O9e3U5z09BiXyJQDGNOLUTN6l9DW%2FUzaSWdwXGXBwy6mCJmmjNLuFBmNc36Cs7zIKTudXBy%2BTMrlr6fRQwJl6IcT9DXFh7Mhe%2B7njkdAO97kQf9rn4sN6gu9y3l1PW"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82dd07401fc72bc1-FRA
expires: Mon, 18 Nov 2024 18:49:02 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/zh_TW/ 303 KB
87 KB 43ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js?hash=b3a2a4597d9dd246f592c035fb59efbf

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/zh_TW/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

acb93883449b830dc1f167ebc96e36c56f2a600fb6c148f4bf58989b3ebe1aa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://www.beforeout.com/
Origin: http://www.beforeout.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 29 Nov 2023 18:49:02 GMT
content-md5: 6Xi6Qh3GoF7dEN9r1YE6lg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88490
reporting-endpoints
x-fb-debug: SmhrvRwSf8UCQLLDkzaqVYypJxjjaNfCmL5RBUSA2p0ao4ql32dZ8qxgXS5c0z4s5NALrj+Er8PNCQAQo8q1YA==
x-fb-content-md5: 195af792159290d16eff728fb5f69ea6
cross-origin-opener-policy: same-origin-allow-popups
etag: "7871e12999bc6bc5bc38ea302a58815b"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 28 Nov 2024 17:49:24 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 397 KB
134 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7582387081038556&plah=www.beforeout.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35bd0e0f6355f2090389efa56bb4b8ad1c854dcd8f58dd46fabe71b21629c739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137285
x-xss-protection: 0
server: cafe
etag: 4736196987180504942
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:02 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 14FE 9 KB
4 KB 74ms
22ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9058
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:04 GMT
etag: 16674218716276178799
expires: Wed, 13 Dec 2023 16:18:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK layer.css
www.beforeout.com/css/ 3 KB
1 KB 254ms
248ms Stylesheet
text/css 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.beforeout.com/css/layer.css
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/js/layer.m.js
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: e870ca4631b981754a48b0c4bfd347ef86d10a5d716c4a3c91799b0c55a2c915

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:55 GMT
Server: nginx/1.12.2
ETag: "80f122c293d21:0"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Authorization
Content-Length: 1074

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 46A0 194 KB
48 KB 699ms
698ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7582387081038556&output=html&adk=1812271804&adf=3025194257&lmt=1701283743&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x945_r&format=0x0&url=http%3A%2F%2Fwww.beforeout.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&dt=1701283742860&bpp=2&bdt=439&idt=187&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2420082694635&frm=20&pv=2&ga_vid=1863617504.1701283743&ga_sid=1701283743&ga_hid=643941317&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078301%2C44807754%2C44807764%2C44808149%2C44808284%2C44809071%2C318512601&oid=2&pvsid=4220443653273820&tmod=254759768&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=205

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7582387081038556&plah=www.beforeout.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

076d642726f5eb51481c7715bd4e428163ddceca4df953fd43e58b9fa09f8b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 48779
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:03 GMT
expires: Wed, 29 Nov 2023 18:49:03 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=new-head&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK city_json.php Show response
static.intentarget.com/gemini/ 60 B
745 B 527ms
526ms Script
text/html 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://static.intentarget.com/gemini/city_json.php?callback=pcbtCountryApiCallback&_=1701283742685
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bda081602a3c75358275709c5e102bd5ca3ae0801f331e9c22c60e59908cd7da

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZInLQGerSpjSOW9jR1zN3YgaJ9%2BVQsRXLj%2F7CyK%2FXMn6dfXqLyBCNtoM6v0f%2Bo9yYH2SgAPOfTWlyQtoQVgwTbV9QJ1f4IhyzGi9YFJof5%2FglFSLBwuBy%2BT5XpDQveBEvnnQGDqUamyqol5OBgdjvFvaOyI"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 82dd07432c9003b0-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 like_box.php
www.facebook.com/v2.9/plugins/ Frame 51F6 0
0 205ms
147ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.9/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df43c45294b308%26domain%3Dwww.beforeout.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fwww.beforeout.com%252Ffca8af0caa54e8%26relation%3Dparent.parent&color_scheme=light&container_width=336&header=true&href=https%3A%2F%2Fwww.facebook.com%2F%25E6%2599%2582%25E5%25B0%259A%25E8%25B3%2587%25E8%25A8%258A-1542849085944229%2F&locale=zh_TW&sdk=joey&show_faces=true&width=auto

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js?hash=b3a2a4597d9dd246f592c035fb59efbf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:03 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v12.0
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: PhqIm/JXddjg3CB7CvH2CYdFUrVG0htz1rf9KOgl0ZNkLzz41CjjEflaF1yBzAGHMXwW16Rr250yXowiVc4m8g==
x-frame-options: DENY
x-xss-protection: 0

GET
H2

200

/
www.facebook.com/login/ Frame 862C
Redirect Chain

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=false&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc4b7ce18ceffc%26d...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fcon...

0
0

179ms
178ms

Document
text/html

2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc4b7ce18ceffc%2526domain%253Dwww.beforeout.com%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fwww.beforeout.com%25252Ffca8af0caa54e8%2526relation%253Dparent.parent%26container_width%3D0%26height%3D150%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525E6%252599%252582%2525E5%2525B0%25259A%2525E8%2525B3%252587%2525E8%2525A8%25258A-1542849085944229%252F%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dfalse%26width%3D300

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js?hash=b3a2a4597d9dd246f592c035fb59efbf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Nov 2023 18:49:03 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 6s4G7bh9pRsH9cRnYULpFn52VhOTcgBcZ1Sv10OEvwbqVb/yOEXRIkTeXebuTwbj+VEhLxkWJm7lQ2Z5/xu6iA==
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:03 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v12.0
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfc4b7ce18ceffc%2526domain%253Dwww.beforeout.com%2526is_canvas%253Dfalse%2526origin%253Dhttp%25253A%25252F%25252Fwww.beforeout.com%25252Ffca8af0caa54e8%2526relation%253Dparent.parent%26container_width%3D0%26height%3D150%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525E6%252599%252582%2525E5%2525B0%25259A%2525E8%2525B3%252587%2525E8%2525A8%25258A-1542849085944229%252F%26locale%3Dzh_TW%26sdk%3Djoey%26show_facepile%3Dfalse%26small_header%3Dfalse%26width%3D300
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
pragma: no-cache
reporting-endpoints
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: wT9L6SQVU04k41gEWW7VQ8aGg6cRmvKtUDxp4jQ886RA5wD3PNdSEkoSzO0vVJcfBjeLuf/0w8dNM5XBbIAQ5A==
x-xss-protection: 0

GET
H/1.1 200
OK grab.png
www.beforeout.com/images/ 99 B
475 B 249ms
249ms Image
image/png 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/images/grab.png
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/css/royalslider.css
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 0bbc958f25216ff5c2fe09e3acae81c47b34b1308a1899b9f4444b4577bd2204

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/css/royalslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:58 GMT
Server: nginx/1.12.2
ETag: W/"5386de293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK slr.png
www.beforeout.com/images/ 1 KB
1 KB 256ms
256ms Image
image/png 43.154.91.28
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.beforeout.com/images/slr.png
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/content/20170228/css/global.css
Protocol: HTTP/1.1
Server: 43.154.91.28 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 89b55b54d0def6ac799d6347583bdd7887883d9154e4faf390d21f23228478d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/content/20170228/css/global.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Mar 2017 03:06:58 GMT
Server: nginx/1.12.2
ETag: W/"5f9a6fe293d21:0"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization

GET
H/1.1 200
OK 6987575AEE23w640h426_360x180.jpeg
pic.beforeout.com/uploads/20200901/69/ 5 KB
5 KB 104ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20200901/69/6987575AEE23w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: a03695035126cf434b28444d4db969710ccf8d9fb45c10f6d4bd6e4b35236cd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 373DA8409A28w640h426_360x180.jpeg
pic.beforeout.com/uploads/20171025/37/ 11 KB
11 KB 409ms
407ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20171025/37/373DA8409A28w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 4ff5292e5440cea62515da6e7b86b6571205e0248ee4afc84f82156ef4c8003d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 3FF0820EEF6Cw600h880_360x180.jpeg
pic.beforeout.com/uploads/20231128/3F/ 7 KB
7 KB 105ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231128/3F/3FF0820EEF6Cw600h880_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 0dcb55e52791603a4d8e9e2093be3ce90feffb0725dbf1dd012db8d15e590ff2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 2231490A9B23w600h309_360x180.png
pic.beforeout.com/uploads/20231128/22/ 8 KB
8 KB 106ms
104ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231128/22/2231490A9B23w600h309_360x180.png
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 028996f94e2f0b9152c683453e70613e942cd9133713bf79b35bf3fb3380d973

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 349C9C2EA6D9w640h425_360x180.jpeg
pic.beforeout.com/uploads/20180609/34/ 8 KB
8 KB 206ms
104ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180609/34/349C9C2EA6D9w640h425_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 9e27d3cc1c147eb1a87d454f3d8f8fe44594d570ab500f55539ef713c664597b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 27AB8AC0EC16w600h800_360x180.jpeg
pic.beforeout.com/uploads/20231127/27/ 13 KB
13 KB 207ms
105ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231127/27/27AB8AC0EC16w600h800_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 90677c05e184d5e0b0becdcfa850900703dba97da0ecf143fcbb469d987fdc41

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK CDF281C68FC0w640h426_360x180.jpeg
pic.beforeout.com/uploads/20180502/CD/ 7 KB
7 KB 105ms
104ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180502/CD/CDF281C68FC0w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 986ba57bd8a40f6db1d093dfa660db96bfdcc3a40dfacfa5326829f2c6903405

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK A3C5ECCC3209w600h400_360x180.jpeg
pic.beforeout.com/uploads/20231127/A3/ 9 KB
9 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231127/A3/A3C5ECCC3209w600h400_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 1c3d877d7c88c7afc3b7a221875d4629a2a68b4f1287370bbcad1b8ba03f27c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 6016033B0CE5w640h426_360x180.jpeg
pic.beforeout.com/uploads/20180401/60/ 15 KB
15 KB 103ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180401/60/6016033B0CE5w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 0c1cd3389ff6be7c76051cff06321224dd926c1a5d70d7a22aeb15acc7e2c302

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 47D19A1E0FAFw600h800_360x180.jpeg
pic.beforeout.com/uploads/20231127/47/ 9 KB
9 KB 103ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231127/47/47D19A1E0FAFw600h800_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: cf59d5514762293d74fdd47e4d791e9192d7570a92445173f8b370c4e66d7b04

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 65C279004BF7w640h959_360x180.jpeg
pic.beforeout.com/uploads/20180609/65/ 6 KB
6 KB 426ms
426ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180609/65/65C279004BF7w640h959_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 2970fbdbec66d709f58d250120791485159c5f2d91837efc08015f59fe1a9190

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK E1C345FED166w640h425_360x180.jpeg
pic.beforeout.com/uploads/20170922/E1/ 15 KB
15 KB 104ms
104ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20170922/E1/E1C345FED166w640h425_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 0d9bbac10d7ddafa894b7382fa4eb798243d986e1a94fab2ba5d96573363cbb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK E9BCA1F5DA69w640h425_360x180.jpeg
pic.beforeout.com/uploads/20180406/E9/ 8 KB
8 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180406/E9/E9BCA1F5DA69w640h425_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 55cfd8d5a1302f51b9eecbcbf943f9d8d0298ecd4b93e98af3cc5abfa32bb049

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 6FCE19C94E76w640h426_360x180.jpeg
pic.beforeout.com/uploads/20171001/6F/ 8 KB
8 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20171001/6F/6FCE19C94E76w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: bedd982cf3579291a3b2e8a3fd1979a278f001204b8420b43b014be9f4d886ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 89DD53992A29w640h426_360x180.jpeg
pic.beforeout.com/uploads/20180317/89/ 10 KB
10 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180317/89/89DD53992A29w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: cdebc15059d89fe3290681540638720f33f8fa1d991e90f57218b10d7c2fc869

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 55437744FE35w640h426_360x180.jpeg
pic.beforeout.com/uploads/20180702/55/ 9 KB
9 KB 101ms
100ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180702/55/55437744FE35w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: ce3e08db332ad23880088c76b9a006bb7bf10828fa9be3e5ad04e4dd81820e08

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 5205F4F50280w640h426_360x180.jpeg
pic.beforeout.com/uploads/20171025/52/ 8 KB
9 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20171025/52/5205F4F50280w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: c99565f5e053982ec48bdfe93e09091890612398d52cee668e87720175262882

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 8B094EF20386w600h600_360x180.jpeg
pic.beforeout.com/uploads/20231122/8B/ 22 KB
22 KB 104ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231122/8B/8B094EF20386w600h600_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: c24a32711ea331375ea7ced3051d70d5d8d4e1867e6c7bf6232141f4f4640cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 231A0C3A39FAw600h400_360x180.jpeg
pic.beforeout.com/uploads/20231122/23/ 15 KB
15 KB 103ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231122/23/231A0C3A39FAw600h400_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: c69ac6c4f5f3b640052eb9f35cbd47ec9ed1c53caf898554487741db50b3d0a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 806405D64073w640h480_360x180.jpeg
pic.beforeout.com/uploads/20181003/80/ 14 KB
14 KB 101ms
101ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20181003/80/806405D64073w640h480_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 707d673cf249a44dc5052ff3ba6bf1e7cd70968ae9c35f329a4e77b81aebe392

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK D752E50AB0B8w600h400_360x180.jpeg
pic.beforeout.com/uploads/20231122/D7/ 14 KB
14 KB 102ms
102ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231122/D7/D752E50AB0B8w600h400_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 7d6d9bea8514ef31d3ebca98fde7e5e43147c53ddc4185e852efbdb501bf4834

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK C45E91EAB70Cw640h454_360x180.jpeg
pic.beforeout.com/uploads/20180416/C4/ 6 KB
6 KB 101ms
101ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180416/C4/C45E91EAB70Cw640h454_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 107ca278aeb4fee5843e841d05880d377a1f1b887bc4d1f164ac57ec3dae3af1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 322451A30FF5w640h427_360x180.jpeg
pic.beforeout.com/uploads/20180608/32/ 9 KB
9 KB 101ms
101ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20180608/32/322451A30FF5w640h427_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: b2f660e43fc4fc902eb18db871351ff91c21a64232daa33b9ffed2f85b4ad653

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 74111FE1709Fw640h454_360x180.jpeg
pic.beforeout.com/uploads/20231121/74/ 13 KB
13 KB 100ms
100ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231121/74/74111FE1709Fw640h454_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: e4f648c93003eb7dbd29f5d7edc29509b62d9dfd50dda533b217ed58debdd65e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 760F52F8FF36w640h426_360x180.jpeg
pic.beforeout.com/uploads/20231121/76/ 10 KB
10 KB 101ms
101ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231121/76/760F52F8FF36w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: ff060e584f8a383678aecc2b9bd77d8de26f6f165a1719db70540ec43044665e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 0211CE546618w600h400_360x180.jpeg
pic.beforeout.com/uploads/20231121/02/ 15 KB
15 KB 103ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20231121/02/0211CE546618w600h400_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 0005a9ae18f3b5cb95b9fc05855604348d45854e4a71538ccf03f47e4a8d4947

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1 200
OK 89FA3FC5EF37w640h426_360x180.jpeg
pic.beforeout.com/uploads/20190122/89/ 9 KB
9 KB 103ms
103ms Image
image/jpeg 139.60.161.80
HOSTKEY-USA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://pic.beforeout.com/uploads/20190122/89/89FA3FC5EF37w640h426_360x180.jpeg
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 139.60.161.80 New York, United States, ASN395839 (HOSTKEY-USA, US),
Reverse DNS
Software: nginx/1.12.2 / ASP.NET
Resource Hash: 89acd13d7e44059c48762d598462deb5ceeac59aee49a3094381d3a3a8d4077a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Expires: Thu, 30 Nov 2023 18:49:03 GMT

GET
H/1.1

200
OK

/
count.xxxssk.com/s/
Redirect Chain

http://count.xxxssk.com/s?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&sid...
http://count.xxxssk.com/s/?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&si...

338 B
565 B

262ms
262ms

Image
image/jpeg

119.28.16.172
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://count.xxxssk.com/s/?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&sid=527&dpr=1&appCodeName=Mozilla&appName=Netscape&appVersion=5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/119.0.6045.199%20Safari/537.36&maxTouchPoints=0&platform=Win32&product=Gecko&productSub=20030107&vendor=Google%20Inc.&deviceMemory=undefined
Requested by: Host: www.beforeout.com
URL: http://www.beforeout.com/
Protocol: HTTP/1.1
Server: 119.28.16.172 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e93636d3ef399dc7d33a87e01495e525303cdcb7f443dbfa77f05e4c80825407

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:03 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/jpeg
P3P: CP=CAO PSA OUR
Cache-Control: private
Content-Length: 338

Redirect headers

Location: http://count.xxxssk.com/s/?isentrance=true&guid=cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122&resolution=1600,1200&colordepth=24&location=http%3A%2F%2Fwww.beforeout.com%2F&referrer=&rd=0.8839406819664588&sid=527&dpr=1&appCodeName=Mozilla&appName=Netscape&appVersion=5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/119.0.6045.199%20Safari/537.36&maxTouchPoints=0&platform=Win32&product=Gecko&productSub=20030107&vendor=Google%20Inc.&deviceMemory=undefined
Date: Wed, 29 Nov 2023 18:49:03 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 688
Content-Type: text/html; charset=UTF-8

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 160 KB
55 KB 89ms
89ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3e3d91c1049ef2c6fe0a210bc08b1a8f094c41687ace751adf3e5135220fefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55853
x-xss-protection: 0
server: cafe
etag: 13388769084283554526
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:03 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame B9EC 9 KB
4 KB 21ms
20ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Tue, 12 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame E826 9 KB
4 KB 22ms
21ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Tue, 12 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 9540 9 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Tue, 12 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9571 624 B
246 B 61ms
60ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNVwiZC6_oUu9FLVQDQqMWi1gqCcCIMuddNLWySRrvkgsoO8el8I_IuFSl5Oou3moKD5fbbCEu-eALgqZLQ6oR4IUizuWzbmsOLm55hIRX0CAwSPShshIrv_--8hlFGj5zSEuf6jplON7KtmhrIcj5OVjTFpGQq8v4SJNwk5tQ1dZZAPZY4

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:03 GMT
expires: Wed, 29 Nov 2023 18:49:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B712 89 KB
31 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B712 3 KB
1 KB 91ms
44ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22065
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B712 20 KB
9 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B712 202 KB
64 KB 83ms
30ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BwMdA_cnlSMt-8MiZyxpqdMQlzt8gxLAnbuIVsCiOgVhgmuEFrN6R_Dir6FTfrlgVDrlKCBWv_MbLoQFGqJ5oJ6pzDG8JCw5XknIsKnlaR7n9cLx8

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4381121664958547365&x=1&ct=76

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 969B 624 B
246 B 63ms
62ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNU_rcv-O7Nb869fK5h6D9qYg00NcAjVFEEoartiDzuZz45McfPPdnMQPsoUMysgbW6dkJcfvp_68wgly3TcAhbpJ89fe_14ROUMl8VOLXJ_k8YDIO6VnBuqvUys6ftM6mZatk1SEVP7r7aHsg1Ar6SMoO_Dh2k4_xuybGkOZlLOIWI406k

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:04 GMT
expires: Wed, 29 Nov 2023 18:49:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0549 89 KB
31 KB 127ms
127ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0549 3 KB
1 KB 73ms
45ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22065
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 0549 20 KB
8 KB 54ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0549 202 KB
64 KB 98ms
64ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0549 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AumUc5c7FQxA5FrFr_xAtwzCcBFbfNJ7tDce7plIHeHIhl5F8b-_fylPX8KyucxcyDpnJvB3kr3aDDYgJ_hmfMLE3Q08mU5_RBE6KXVx7bPtWVDDQ

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0549 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6029218334113285388&x=1&ct=76

Requested by

Host: www.beforeout.com
URL: http://www.beforeout.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 9540 23 KB
9 KB 63ms
40ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 07:50:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39496
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 07:50:48 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9540 8 KB
1 KB 78ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 18:28:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 9540 15 KB
3 KB 79ms
22ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:27:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382912
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:27:12 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 9540 376 KB
131 KB 80ms
24ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 11:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370495
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 11:54:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 9540 20 KB
8 KB 45ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 9571
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHk9GiDCVPjtx4eZtCU7sOA&google_cver=1

43 B
336 B

37ms
37ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHk9GiDCVPjtx4eZtCU7sOA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNVwiZC6_oUu9FLVQDQqMWi1gqCcCIMuddNLWySRrvkgsoO8el8I_IuFSl5Oou3moKD5fbbCEu-eALgqZLQ6oR4IUizuWzbmsOLm55hIRX0CAwSPShshIrv_--8hlFGj5zSEuf6jplON7KtmhrIcj5OVjTFpGQq8v4SJNwk5tQ1dZZAPZY4
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJmL2Pcy1s1V9GhE0vTq0YrREW0RmYUalapVmAc67%2FgXnSAs8QP%2B4q3ljdRHRKBqRV4kU8%2F%2BzcrgJ2k43w4jNB5wEK1%2FcVSb9qtY6%2BMmDq%2FOPfHlJSVpagi4%2B%2BNJ2RYrS0ymWIik%2FHkXSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dd0748ec5365d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHk9GiDCVPjtx4eZtCU7sOA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9571
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWeHoOY17IlISJKmWHi2vgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

43 B
774 B

39ms
39ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNVwiZC6_oUu9FLVQDQqMWi1gqCcCIMuddNLWySRrvkgsoO8el8I_IuFSl5Oou3moKD5fbbCEu-eALgqZLQ6oR4IUizuWzbmsOLm55hIRX0CAwSPShshIrv_--8hlFGj5zSEuf6jplON7KtmhrIcj5OVjTFpGQq8v4SJNwk5tQ1dZZAPZY4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BD1nGCQm5%2Fszw2K8KWXUqP5fKIrh53v5R6bBrOtJwcUW5tipL2wILm89ju%2FE4IP69DqKO1R7VOxjcwSSQxIf1zKAW7W2SbKxeep3xHv1%2BUUgky0CmDWi2w9SF%2F09hb19Z7%2F7vsNKj%2Baaw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dd07495ba71e6e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 9571
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEECeI3mrFQWunpm_dzmjuX8&google_cver=1

43 B
843 B

34ms
34ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEECeI3mrFQWunpm_dzmjuX8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNVwiZC6_oUu9FLVQDQqMWi1gqCcCIMuddNLWySRrvkgsoO8el8I_IuFSl5Oou3moKD5fbbCEu-eALgqZLQ6oR4IUizuWzbmsOLm55hIRX0CAwSPShshIrv_--8hlFGj5zSEuf6jplON7KtmhrIcj5OVjTFpGQq8v4SJNwk5tQ1dZZAPZY4

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
an-x-request-uuid: 2ab129f4-56ba-4dd2-a098-d6351381838b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.215.131; 217.114.215.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEECeI3mrFQWunpm_dzmjuX8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9571
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNzUwODYxMjA3NzAwODE5MQ%3D%3D

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNzUwODYxMjA3NzAwODE5MQ%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
an-x-request-uuid: 0d13eda6-7185-475b-9447-1560fb3a90a7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNzUwODYxMjA3NzAwODE5MQ%3D%3D
x-proxy-origin: 217.114.215.131; 217.114.215.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 969B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

43 B
340 B

36ms
36ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNU_rcv-O7Nb869fK5h6D9qYg00NcAjVFEEoartiDzuZz45McfPPdnMQPsoUMysgbW6dkJcfvp_68wgly3TcAhbpJ89fe_14ROUMl8VOLXJ_k8YDIO6VnBuqvUys6ftM6mZatk1SEVP7r7aHsg1Ar6SMoO_Dh2k4_xuybGkOZlLOIWI406k
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDHr9VKHv9stOUGNTuP4v7mLcUaEEr%2F34qkyx70mwZh6NTd7zILfsYf530e2%2FpNArmE58pyPFQMm5F5I%2BXcD%2BrpqUNiRyuJuO1ogUkko8ImlqfNF8PzMqBtOCzP%2BBzapoiek6kjITkIzdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dd0748fc5565d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 969B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWeHoOY17IlISJKmWHi2vgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1

43 B
737 B

43ms
43ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNU_rcv-O7Nb869fK5h6D9qYg00NcAjVFEEoartiDzuZz45McfPPdnMQPsoUMysgbW6dkJcfvp_68wgly3TcAhbpJ89fe_14ROUMl8VOLXJ_k8YDIO6VnBuqvUys6ftM6mZatk1SEVP7r7aHsg1Ar6SMoO_Dh2k4_xuybGkOZlLOIWI406k
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7yVQ2jSNypWQF9W2bCQnoII4UDm2bBxBk4Zw%2BUZCCwkRQaZ7J1WGLB0xdarSIHOXN9My8GNWmzBcq9B0be1icf90x717GCw%2BGzJ9nJ1f6ZcXR%2F4K2%2FXWCHq2faLvay6dC8ks2SGXrPf%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dd07495ba81e6e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPeBnz95wp52lIkelUYeKKo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 969B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAyEn88G_-Fd1XwUs_eYS4c&google_cver=1

43 B
843 B

35ms
35ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEAyEn88G_-Fd1XwUs_eYS4c&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY6uuc8QEwAQ&v=APEucNU_rcv-O7Nb869fK5h6D9qYg00NcAjVFEEoartiDzuZz45McfPPdnMQPsoUMysgbW6dkJcfvp_68wgly3TcAhbpJ89fe_14ROUMl8VOLXJ_k8YDIO6VnBuqvUys6ftM6mZatk1SEVP7r7aHsg1Ar6SMoO_Dh2k4_xuybGkOZlLOIWI406k

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
an-x-request-uuid: 89e53060-5fb2-472e-8c39-c938b7c681dd
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.215.131; 217.114.215.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEAyEn88G_-Fd1XwUs_eYS4c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 969B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5MTQ1Mzk1MjYzMjcwODQxOA%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5MTQ1Mzk1MjYzMjcwODQxOA%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
an-x-request-uuid: e5fcf650-a4b4-4bc5-8376-ef43ffbca90f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjA5MTQ1Mzk1MjYzMjcwODQxOA%3D%3D
x-proxy-origin: 217.114.215.131; 217.114.215.131; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1171168359953&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1171168359953&version=m202309260101&ct=76&x=1&cor=4381121664958547500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B712 85 KB
39 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHuF66j3adRzn6XaJNyHAVFEU2fTNhtd73ZiyKT_h9QjIczDuk9ltbolfJCGZrWFL_HLoysT_xyVNrSC3GVTdYdPixApxHiD1KbaKLOoiu4JJN4wh0StaK5y7lK7eaCc5nQHw_nSJ5MH4KDYtCsfb47C-oCfS37YLGsxJbqd0TMWQhzfs&dbm_d=AKAmf-AGYpFYbY8vbz23Mbj1z8P2AJFYOWjI7FtyQ8yTsuOL6537fYl1dhPkFSEZgOqD1H7pSkEOCokIbGtEo0wgQ8mVUW16V1EHrznertdOwGFCef1w9SroFuvnRjaQfiO4exoKyKE5CvnY_1ajKWmSKvfhP8wunHeYqvmA5z5PewJvYJl1rd9q67ONH00cyxjd_JCr_xnrVGJD4Q_oIJbNGCo-PH3Jy8Pe_D7qVi1G8tENNLgOmo8RwZeFlPD4sYzgSXeJplTOI-nbTC7C0SE8EeS1G3pDu_hwTqiCFk1B32uKViqmdNWGBqDxkSzmx5ul1xto9BoO9aAApEjb4ALc5qJ7BMl8j_uuly_-P0tMFe0qmwcWIC9mkPnmXyKPpt51zMN6kysaaMsDZRUhremlT4Xtmw1PsxnjtY4dlp-oUnQvIIp1Ph8dg56nojxUOsrIXe3UXsyDTDGAWjvBNMpOXarP_WezRJ-DcL2tdWEcDJ5tiDat5BMp-q507rsdZMq1iERacpAPijFwoUqfWRa-WG7_2PBo-xi31rutgf8zUc7UqV9ppqfg3BtqxY3LeKm9dASFuBQjDlK9KkmnUNVOKQobhX2SKzBvOgmPNmQxgsM15INAWvEmxvEE_dJJYbf06UGoxPR_fsAkMhMwvFR6Su1GC7YGPy0_wbp7BNS3-GmZz4f0gJ7vfIrwT01qnspKQUh-sekw3yN0oHuY1N7vkAGprDLIeClsrGLpNxJPzlBcfhTQh8wO2qPbT4mSTA_PUxMyc9SdqzMsasdoES7XN0N-adycCJoNZ65pHuZ2hbe5XwJyO_3ht_YCTegvaz0QMrfYNDg7tjisVHbCHjfMAgZkSGQ5QC1EdWpjGPIMXL9UdL5GhSQZT8duBrLYZxH89oeYFcdWcjT8HgpnBE-nlPUWUr-pqRQmnGA1SGSH-oR_emTUNeLY79cffbiALFiRMVKheP1yL1QPJtbjqLnzvh0RabyjBCYuifMxRsOGrfO6mMl7Xw4t1a-fHDIWuCE1F21tl-5dgIR81Ex0PaNE6ahUpyOF0n8V7WuMWvWmFt65p11Bc4_yyymJxag0nqc6UktpREJMdcLAW3lHTm546aYbuEukR-JYwN9MZIvrjq473t7LkaGl4tbIbB4v83TjA_ymi-Zga3Mik3KJVM2RpFD82XySvt3Yud7VqSSaOcBS2r0sd2dn49SjiNzTo5KvfEr9GlOwrNOD8sC33zIGciNy3c_Jr48Uf3Kyk1lm85ss2Eg4H_jh6vR0LLn0EAN3ZiExpOflb-T7WKsQdAHCP73gUzKpzPwk64AA84Zz7uVUHPTIMdi2AXRXU9OWVQ9M51vX4Z1sRmqC2czxxk4r3f9MX-unENP5QEgcwGUsXYJ_HV1gG2dZLZSYjIBuAsDN-kEwCrqZ4WiFqI9FPayPwO0ML5y1A3Np0Lf2HZ3j2gbeB9w88gXZB6f7ui2ICSTjk5ae3qNfehfIfKiByzUQnqxec8l3OSHhsgs4E4bms9COHCIkiLF6KgxzjdPP7D3S-ovojpOwof9f_lyEFjKOnBlgGCChUYJMFmpBfFHiDX0yB9afZ6MOLqHbPevIHE6JhlU2nEZ2i5Pj6zAdGaZRLpGwdPqXEEHMaY-Q7qcN4_3l7RjIPf2QlyjFHxlWo3EsY-mQJwUtDv5jUuvypKnuQKgzuJrPcyfQC5uG8Ghvf_ijyxR0tPVyYBXhvxth4p1KecVHY-1fHO9P2jkNmN6UmFUf11XudT-q50AkDZWFF9ib4G1LXbIzDwPb5MQdbx696SkYriRG2B6d8hexZx_IQovXp46bQPbw5TmWpN0PC6cvlwd5DsvzCh64_KIh6tkkvWzZ11ZZQSPUmKDyHzRvhGJBCesqPaFe8nN-4XN9S9KDldia7FHNH5G4scAxs9p_kBsGSi5RdUshyL9R-9LbPWZwTURVhhvJyatqMIfIRjvsUT_yGyN6MAxJ-zx5FhDn-79Bns1rZaSg2ohLU2B4Kog3cIVlyxYXNC2utVlPRRAYGpWTTmrMedATMVPvmuhoijmzlOzyls8Vjj10Vfw07ofEXG7wwzQRlqeBvR_RMu1kZMiYsF6Gw9-KAgz-GQMD7-6SgiKP_m0T8wEHaAMUfQIrT0mT49ZMRriPCvi_oFVF4nJ8Cmtz9jFw3P45SAv290CdS2PBNEcIRaTxuy_W2RJEDUvOXAvIiE0TqwD6FXO9uxX1y_4e8aCL5sCis9dz1JjrWzmrlU6JNXFAdUWUCk0PuDBBG9z0dXpPgks0RhOs_NrZKbXe_ohtPjG5FUcnpPv5Y-ZSKHN_wYc6yZQJx8ZQqtchVDQcKvg6QPO0sdXlRjm4ZwF7d8EO7rbIiw3ZLlotF9L40ZEouDwAmvimPFLXElrBsggoW4tIOLcd1TB2xwpkr1pc1WwtlTPXFWCdq6isbR-isctgDKlemZ_SF2xThrxV_LSX87FwhkWH7mk00znfPXPy7TRxGYzJy5YJlNrqZdyY0JTgk4i5Trvgar9Q2Jjfg-UYxrvyb3hxR2j9VLGVlVKdA9C6VCBLbZKc89eTZy59v_wGZkLcfpXI3MbJcA2Pl2lVa1uqXTNGIBz9YW09W1M-QwF9CNjdvFmISQqG4iVD_YId7zYGAscIygOM_UlcV_dJH7WZJ7YfuFwJsLrHu6tkG_5Pyogpy4gUhPAnzn9j8L591DSCadpdmlxwIbRI7sQJsOBAiRBI4Ae7_3xQpdL2XI-_ydF5JqhdupGDsvLZB_xSZFoXz97qCzT83x1vOQkch43W5jxQDFDas4t7q7LDWLBVvIn0KckXd8WgYQVKl1oaaLlE7Sl2TAtlQACF1hxr1kB8Nw51hw0CEvd6XDJOM07OSGb5-HJVOLYWSjcAmplHzrP77lc7kToSfK2uYOepx1b8Dc0b1VnoUGI7gJCKJh5by2JXp-6M3zmru7mQ3dgFm5VlJEqV7brFle5oCnOLNFy3T3bAFSNxuoN6WH8x14x0AGn7UmN4eg6u6XfmCbsyAnVK4HrdIYx2FtFzNQ5ba3ZCNMk7Y3fYJx_vBrkrbq34TpzT4SYFMx7fmGhfkFmTfFa47iipKSlDWQLmGQi-EZoUDE48TAPbokcTYUUReUlk6uI8GPQ6CP2cc3TwWQ2L-zoMkZd42pWBVbfaBntvMpnC8MB5yY1jRjCK0AmfyaF4o-yi5HxupgV-cW0z2aXbkDxXbaq0mMyyf2BcwwomkS9ymXlyhsDnehzS-IlbC1XTsyejIYjrml815_YqyVumjQOelZ4DHVzhkYTlwiJ-QDkDcCkaMweviBqA91K1gWV_y94r9v3q9HbqH-uf_43ciAvF5822reBZpqWXJoBvU0FDTU_kCqYfDNkKIax0Hx4eH1HQVdYvoFjmuNYQVyriNF5FVvQzDZEjFnil68fUxRWFNmI18MzqaOSPo1KCCQsGktU98YCHll3cNkdyL8X9Lm6LDYA7cDYiGvyWYGfGdtVq3yW40PfZ1SN2CnEBQ2HarGvxsD_QEBNOfATVS6MN21aLIrmVCczhV_KqNMTHZnmpOTtS4l04h1HhQC8wyFAMXbbvDkqnVk24KkTNeguJXF21S6Y97T1QRRCjRo2p60bVWdeekgDLWkANNY36rfoYC-rZYWcWECbPscU1GHiKkoXcXNQnI6WXOetXNvcz_8u4hjMrRuY_qULL7yDruF9e_XG4Pw-B9XiuNlRXOy54a7elSgjPBjtCbeSg0Q&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.beforeout.com%2F&ds=l&xdt=1&iif=1&cor=4381121664958547500&adk=1761367587&idt=104&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3e9ab27e6d1b54c4cd8052bebe96bcddd2b88309f1b96d32d5b7110cf51d813

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39644
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 9540 0
54 B 136ms
50ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=1~lpk4eydk&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&sei=44752538%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9540 15 KB
16 KB 76ms
23ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 439783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 16:39:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9540 15 KB
15 KB 79ms
28ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:37:09 GMT
x-content-type-options: nosniff
age: 364315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 13:37:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9540 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&eventType=clickstring&clientTime=1701283744145&ai=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 9540 0
234 B 123ms
50ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=2~lpk4eydu&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.ub&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 9540 28 KB
18 KB 143ms
70ms XHR
text/xml 64.233.184.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DUDJP0w6kmAiLaMNPWJ4iWZv89g0Q4XiX9j99tuE3cM7LjP74PIShxJQWgE6DuPPZ8JVIZx3mNsIEiPDX3QTn4T-z4Gw&dbm_d=AKAmf-CXLuTHMMoCAew5U24yK6dye039tnUzY-1EWjQSzcAKD4cU_fYtDOsZxfrrvM5Gm6Dbvgccz1_R4Zj_RAz1x1tO4gQsK6Fa0W1rSA-LkuUPJAppswWR0JMEtNXAIrdmlvs5d-jd66vdKWMOmz7Cdw_nXYoHHT3uiSHHL4unSUC3KI1CDWFj3bdg75fFYt0wCnFC80HFmowBhTUFXOK8-DN1bfpwviN5TY520A1Uae3PWGdxPOsMU5t_OncfeBXgOmbGXIL56Vt3lOI0yVfsEsvgehrEKIYGc-VKJ6PkEeqXf9eS9dlFXnUJ99ppxHEs-HsyXSlySwP9pQ-sZzbmY6FLVdFSKHLuHVfLabOhbZYi7bJ7NjU90299m6tXOzhfixOukm4KFYgAzwNHcGNpU__lk0sSPZ9lMEQHnaKFACZcbOjsd4Jbj57tPPxHqGdkjHHTikQaupQuZGV1Oc2IpmcTctvaUdXxe-UErmsjeGXTrYFqfX2o4jnWCKARbIxDA0mZI8-q3DXByI-7CpulxUGTtzqqHqx0CFaNLxyipad6PnwVCO2fF2BoASRN59QhrhqmzlYjBCCRKFeuyPCNcisgpiEh7aQyb54SyY39XjvTO-2mBwgC4x_WLGPXpP6T-CKNTBVtbsFuc0Ju23BxH1HMqhiJvmXtGxQn7HShJGeJ3yr6tmNx1pW85UAIDlnFwnMWcd0o2EbfFq3AmNTqR5qVGMhwfJRMnYgUwp2j5OeY6L8Ro1GLNgm9yCVgYIzq9EQ20HDSF6UNOAO_aJlJShBBjuYolw_1kRxfz_8IdjJ-RUW-TEriVPIcdAKkMVAurBaqPcwJ1nU1KXRwBNPpCWmU_3pyVsuqhTfPb83jGfZMNMqLBwqi2L2NCZhUFbHPOAzPdxivew-pKfQBxnsvJCBTqRfFL9hhwCHyguWcwQPUKnKo8YCdrbJpD3MiHriAmFfLCHtyWLzpM1zlWhuB8N9iX5YUuMSRSSBArEaQITsC8QTDngYMb_GKbjxEph9Mu0IzQZVHyguVeaVbPeSovv515aCbujNP20K-b0cMQud2MwWUie_o80eacKqYYsk7aU_UyvZXcriS6HUkUp2Hhtu3_IbKldgIfhFxvAA841OEq4Yafkt6eo1wuuZp0XKS3h4QAQTthWhQCvSMwYhwkHSQRxL2BbBPVD6Y7oZCKe10Ovh3ULSvLoNLjpxlFO-x9cO4jiZcv6YuZfqhbqb4pDDlL0su_B9Jl0ngJNE8uhVVlbHdYeAk52Xyej8MdWKarwJ_aUivMe06aloMsRVLRRvUwGfSLVm2DUTE29sccYENJMc0DAA9S7HURMx-apiFe4kNhfR37zsVo63cCKbgVj1wSfOoWN77gwy3eieCgO6ClVY8XGmdJOUpbG4aWb_IYvfL3CGD8Ahj_fmfeIuQG0j89w-HeVpg7HSfjbFfXQODERTtkAh33va4yNLvkyogZsBsId-bOZcFXCeVxPB1T4pL5mHhbhZU65IYaPD2EIfnClrJoSQAEpMBZmIduZoE8WS7c23n9IpXvjNZx1wwe8dB9JLbcQPMNKZJBjjK7PcRDAv8rbkAybc1cSUs3zXPVFVT3SNxuREU94xIrgzkzVmGam0hhbfpjA1uwLC9ZvyOuw-BXS95K8R8EbK9F5WBYqQ7IiYbpJsESabZtCk4ju6kCZUFQTCipQjsRgut5sLlXWW5E89XY5WQ-qdLwBV9QYMEu-VklmX5mUR_NHpHTGHu0Na-oijf_aipYshDu-7S3eH8XVoqsuabOcwjfGQfG73AeLZtIouTfuiiPuImTdWNV1_eAPkVVvr39RwE8HmU0uVJHWWb7jqsgdsVsD998sABYrMdP6nokLXpWJrXDvaFroxJYpYdA1ved4quF5PPOUcpHnhba9bbcSfIpyuE29A8fIKMTRcefNOv1Dn2Rdjm3iDSczQwV7mjkpenKC0E6SZT5ru9adjf1RU1Lcv_7SfbdZW2oJb4tWxChmuKZJyQxaOdydkaDpLY__X_QG2L7yMza1U4glSB6dua1jQxjhYOl_ybo_q2k1IsO2ggbgntJly5QeJ41YMhawSbIhzIJ0dsZoXXVWkXfXeB3AjJxuvjsH8NQscY5Wh97r_OcHwv0_Psmmu5SYwvV6IclmPFJ5HnCgDGky4w0FdvQSl0RRRUJ7SYvfouYt2q28IGDjY_G73LsJQiiIVQf7mrG89bsTVbCAqLZeIy-i8EOIdcDsnYrF3s_2UZInv8yzrQ60oMyo4d7wbaap9m841EXLuH8SG4NGJrp5erfi7Pt0dDKm3iQKYB5unoHB6wqkNKuKdy-ESVm86ale9WsCnE1vd9-ht2Vv0dR8qoElA6arcOCOW-tJDW8A7NVO1xbXU2WPSQRv8B1jT0R1UWXY56QKTaJ2wqp2kSt2mxR0-1GWuhz3YfvFFSv9HJMhgSKMrQBQyNWSIXVbdl0S7b0S09NGyHYq7e0iJ8-TyprrwNwUO9M8EiGsC5B6jEQHJCKGTIuOnGGJhSJNeqP4wCw3JnPl1O2TnZrKfkhjxNW6ks9ocv0SiWjgZWs6j3LbPup59nR2HyvQbUe5ayqU8DpuOrEG1G1N5-5kZqXctPZbtozpOafpyfCeHDUt5kptlNiUz63k-HcoZAtaKHY9au8_p5KrAQuTNdxHY8O42B847T9HqWXwfiShdfBXgVraobjFcGcEMyZkcsD9i_D9MQEZcX9FzkNeq4rAmcOa6LgPV0vEj-whL6v_3JfLvzNmhJj-GHjKJ41wh4InosBn8ccYobA-mSJmChTW71CQpZv8GqfvUZfNxlIFDon_rs5JT_GZaM1L9Kn2Ww0YPkgsTBkrFjmfXBktKoAb1VotZKuVmkQLzisurD50OobmDKzOQSR-QeEtOIYeDIqKmWG6IYiExd-FsxvWpDig16Lz000vzp4kH4M1Mc26z7yAtWUtAb42anDXHUHJlXaQJjr4vLU26iWwtfDcNmQSsQ66D4HeGk8FLLWL9aSvfYr1uOltP25soxEhRzoQwfJCzBZ4WFJaOFbEuweKxbFQE5rbeY-apK1QP3vFCE4aExjV02Kg014i-VOwhkJ0juhjleWuN7zgLLXO7z1RYc4h_HDKkqzN7eRzqhCb5mzBksC1zypAkJ8RqfQYNrthSBXSaBRDByk0CGoXSjb3exk5uiFCsr9tFfuzf_pGqUZPKfYIXa2raMPQyWoJyjsdJLBATGrwA2WlS7izprWx_2G0pQdgzOR6rDFX9SdvDqUCDDVVVUMeJc0mrjzxg8c1OhV_zZhO-FwRQuKewwLAdIW3nCOrySdaiSdXXXJbZ5WPTneK3ARnImtiXTTRliGnOdVkSRmcogZ33gVTCejslivIqCdXaM4jHZPq7VM7SIqjjpXdnfnN2gD4Ux3TnNFG3aOM1peflM8Ejl1mLle-RYM40x0jaiQj5R2Us3zOnHnA7apRNL9FcZHi69_9btoBbAEbnK5TaPXLzYpoOEi3EDJEstispXJzZbdVzaP7rPiVmbB1hd4UmpmnaPeye55IU8Y_lblrB8AzZPV53Yk2Kperk-8Ct-fe3aMDwyiRrIGPWn-1-ww5g3Xx42Cd3GktDpM6g_0XuI617rlTBoVVegjxSFn_Oi_ZADU10EgczleLVoP2osCmp49vKO9wtf7e8minYJcpX6KycgWz_krexwz-iDsxuwQIGPNPEPkhEBBgYgYGL0jhfzFxBR0yT_TM8XeMM2LUkLesM_WH2XoU1Z940o29NKch6JZQ3TLb9OdMgStivhjpW4xwV_m748I-9-pg&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.184.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f154.1e100.net

Software

cafe /

Resource Hash

c406ab20ef9a8e8589236f9a4bd5e78a0f228a6182ff4d5d1b209da93b1807af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17505
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0549 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7443036629281&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0549 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7443036629281&version=m202309260101&ct=76&x=1&cor=6029218334113285000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0549 86 KB
39 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPaYjHdm3y_Q5x1Q7wglPvbgEEID_7u4I9teEDnLhLSbgati0wMngTo3QasUNKJEA0qKk9gSTwIK9GyvZXTeGvRswtRlXWEl14SC5M2cY0PjdLNGGOTYAo7rzkv-juuwAoC-WYn_Ohu-Wi2Mof8zfqi2VMTDqjIMNpGwjSag5e02hxHH0&dbm_d=AKAmf-AZ5_FGB-okZLLmBRwfpPFUNp05lSOUKyElt65WmN7p6l1WhLPQIIYPisELheuZEH80HzkXZ18Oshb3K3HZ26UDC8p4AsMu9-ZHyhmdcj4xb0ONnbBGEp4rAHQQ0iSJ4bj7dVFSk718CzWk8CiKS7Ngs6PZZCHwW8Z-LE7N3fOGjv7qOxmo1ahGkBB-YoQ1Sboi1OTYQ0aNtbLN4zy4Lb1Ec-PaNcch7JLfijv2xDzju7bgOKgZmSI0B_l3Fw8Q_n1pSbCwY4XGTBjhZcWd2puz1SIwdO3W4oWSn34mxuRo6IwxocUEDT_9fNf1PQEh2zsS_D5psooq1wplE8mM9kYQzW5HdiUSpoCMPhnUG5B63lKkwItcXbiq1_Q8487LI5_fTFnugM9JIug2qeS0LxCU9AEE-bGWI8gw8lMXOT1lpbpfM_AxelAbK-m5nlapN2o1cHoxI_HUzmqnlA2l2BDYfM0wCJ14urglWibDm-xwtnaV6aY6RntVqh8Jn8JGBwCx-CHlLmBzXa4sqaN9Xo-cYxq1U8yDZpXAzgRnxsueTN2o9LDtg9gfkv-fEyrBF0og3lftpsSky3LV43SIPgGr6xK-WTp2RsvdE6EQ24KywDS4P2GTK7IvDpcB0qBEIBRT1MxOdMcZ17ckH54l60j8ETlZfuOBczwgTDo2LqXHeO8GB--8zTohOyn5lrzn98E7BsR_v_4QdhLisoTccHGHZjAc3RLueAqu9XqxMBB1c759v99ZYxny5yRpEnN9At1SP5ftK1Q9NAD33HW0pdVbmlmctuX2dQtPAgE2VSkY8TDIPKXmM1Ovd-t-qomskjJiQuNFuwX1yHKWjrsMIKfEOsWFoKjSSJfdRqleo1Wm9xvOzkTvnEb6CBDdasTeMyw5Iwx8K-gKa6uLCf-7hdjOu8Pu5LrPSUrfEoQimS0e6pOvdis7XNtwBNRWA9PA7Hd3X3viCAzRjIs6a_ZLobUldeFo9Qjm9U4DZllDwWByRcLtbF_y8rThCfF16Y3qHMUDjwmaGo74QhRZucs9rq6oj89RN-EcVdgBDelgsuWs8ubmYnbl-Hhn2qkAFgyuFJSof8xT4EAnCOVhiQZVMrkdR5Y5d_B2BjeNwazspVx-1NqbA3BtGJBO5cF_uMrERJs4_v-kZDuWpceCe-Rim_C7pq8ZSqZjUZ-XzQm2_BUMa5OOLNMUE4W2b-iH8iCnxRDrg67vgABmWFnK6g-2LerBkkLaxMTPYGGcrS2NJHsei616FOVjF1oCRspI3PvBlRYR2yxntqSjmme8I4-XAmrVm5-NniVad60oa-0OgdHvHsTRP3TIqXcPVhAC8j9HOP2U38bJYTxjrmSuYEVsNC93ovoF6ytTz8ewuxkFKgANOUwl8h5I0-DBgJZJapfZ5v8SXJqpyWtRaXTrqmO65lIOiqHitiCp9AW1XjUNE2Dur0RhRd5v8aKZqOeHXTg84YUEvqEktzbIVy-4kcjm4KEUVXktxPqLjoRlye9_0Zyfs2Yft90gnyNXDDl3CIMxOG_XQMcqIOj46xxQcsL14yf3Qa2ZfJANaie9QDMEnA6Fo9o3XUuM81-42cLJ8leqe5IH_B5HSCy35t2_XdFZz5BbQ4vUpljtEQYKiUwlaCpn6vr2saCV0YKJWNSb-5QMUepYIclH5QQAwshCvGk669MvK3AxdA_W0quiP7apNKPn6wA0ipV-hcwf-rDr8HxlLBOuThgjWq_GJqKhZ8L9Q3nQMPTW2spA6twTgVsS55ZWqHtzaZWTWUCkONyk7z7aEu26mNLvbD-XLe3LoQ5ArIYx6CtL4ILmh2DcHjgILvQILnV2xcxF8xpK2R8WiP-w9TGr8n7HjTthnh1H6NaN0jTp_v6vZXX8l2Ygi0281YSGHUqof8ak4qVOGy82sykJd4oP3hy_VCSF9WuJFJm-c6DXdBnXHCQS44IhvyXlGM4w_388pv_3gYLvylT9IGcQcTuN-H_hxjkaa4WpSj1btvLBRn0VzmYioUDsiR4xkyh1s9W-rJIZrlfE-qKZgpO_yGFBhMvZCHxzvIYKpGCKVTU_5SJVuTgrf1_oOQnHEKMU143by9IF2UAPRZKhlERXfUcWKmHIPDOJKCQVr2yjgYO3JMtoAGCiHBi7VaT6CoJzCHaWbDbAkQW5zfuKfa-dtA2urenSEXUWswXjzdupUyVEcOXXO4QmJScW3zjtMHSwfAB9BQUxmmaKUA7qqi4Akzy8qTKcHl3kvcIehoRftJR9AdMS64SKaIk2O-S6cHBW4ZKaCzJU6bThLT7OCKDb3jYs3nj8QBMkD5XG9WVJ4F-00JloqKzhx4OJkZWvZcXifjMDvm0EGFTDP8RXk7BBYgsIT-MQuiLBu-nt4WLRCqzfSFEyFSwhSnlXqMH5AXeiFGsgUvESmKwRIpH3VP6k5xstfqdUI_JBMwlmHgWMDNY44sFyEctQwspQyOTa24SGBl9SilvLemCLYtT1C12h5pKg1pzq6CAbb1FzfcnNwLxome6qtLEYgwGLdxampitzXxM3swizAEcSm0Oap4FXDyeFuSx9X5U0-pj3kg0uvWcJaditHTPPtbqHhzZaNnJm5qAak2syU_sBtcukgjJdxwt9oCccILEDyVM3Db3DJAiwj9KPM6LNR5TZz6FFL9hSfUOR6w1oerwm40OzwD__OAavAPIkIFcVXy9wOjFHxAi9T_1PMuhcruNvHRAn2O3lwkDzfoPddY-N67r0cJBAvF8HggAIzt3alaPUCSuTRWmUxKUC_R6UOdbLWz4bk2PVSR-YnzN3o3X0R6r1TAo8vH8vVgndDvb66nUyQ-gSpzR9Ib3N4hFI4mIbvXQYhfvVkjXGzW1Cih0TtNp0ORvZ5NAGetZ3viakwxDVXHgqKK6YjeRCwAGBmWQ0mzAu5EiZ0oSKpynXIkUAQOs2RenJM06EosPOreS_-lZa3pC-zQMmAr99oDT1PzoMyqyHztGuRgtmwcy7PMs17xg8fFCy3Y-4GVtyuwnJFJk3RwNY8d1dG_MkR1CBKvQn6KoIlmh9_u18IpGSO192GI1CAK5aAeB9ke7ZFKMsanh5IP9K69qM7wg1yv0MDDFav8e-saZehIvrj-YFUcLnIU_Oz-BFt9JoxKDyF63-rQ1c2bJszpxAvOpf6RTSJJU1yU4PrMywPdllV6PCQxpk5TIDCVX9bAwtn_KlFVeVN51FFKjoP3aKyAjkjwOIcevfNjE8xQyba-9IQQNyThCjlXR_qoBnxp_vmcjFkIifvMXJwrqOqRKeD5PzTk34JASFIkMYUgdmE4xPBNG7cy3xGlgi9LcFnZnUdw-2br4Ti5wKtpyfkbmuMo62K0lB57gmxLZ0l0HAEMp9nv9UhrS5lYFWaqSuoVKDfCRW3ikEVbXZy-5e8xwe-KwSkpy_chNEFP4Kb-ezsv8AZp7I0EqsPxX_OeJfz4zDImwqxCtBZlsWO9BXPD61M_8MR1cEsoK9lZUcq_xOXeGA-MhYKAJKMr10-ydYl4SadESqeQq6EsTs7Xw1VEu7g5RjvHIfIAWHMVjrrUWihA_vbo_AR2IfAcvsEIWq9Mro1lbohFrVUxbwrUpQZ93IyyPG0OqmiVRJ9eZqruJNFJOPONmMMQ8c9s8mtbOWYG_Z-dG0Q0Ry0SqlFxGsUhE-tqRNARhT6CLoGW3AugZEJMxjhnO3DBlXX_Rw4bpD7arrwaPN4xP1sjsXoIyRTcWfFSAT3A&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.beforeout.com%2F&ds=l&xdt=1&iif=1&cor=6029218334113285000&adk=1726166460&idt=160&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7612c5f07834881b134cc16bbc232fd0512dfc24830cf00b989c9ea796861093

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39810
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9540 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a531b7056bd61a8f5e0beab3081f6df46976d3fe26baff449a7d44105ec0abed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame B712 31 KB
12 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHuF66j3adRzn6XaJNyHAVFEU2fTNhtd73ZiyKT_h9QjIczDuk9ltbolfJCGZrWFL_HLoysT_xyVNrSC3GVTdYdPixApxHiD1KbaKLOoiu4JJN4wh0StaK5y7lK7eaCc5nQHw_nSJ5MH4KDYtCsfb47C-oCfS37YLGsxJbqd0TMWQhzfs&dbm_d=AKAmf-AGYpFYbY8vbz23Mbj1z8P2AJFYOWjI7FtyQ8yTsuOL6537fYl1dhPkFSEZgOqD1H7pSkEOCokIbGtEo0wgQ8mVUW16V1EHrznertdOwGFCef1w9SroFuvnRjaQfiO4exoKyKE5CvnY_1ajKWmSKvfhP8wunHeYqvmA5z5PewJvYJl1rd9q67ONH00cyxjd_JCr_xnrVGJD4Q_oIJbNGCo-PH3Jy8Pe_D7qVi1G8tENNLgOmo8RwZeFlPD4sYzgSXeJplTOI-nbTC7C0SE8EeS1G3pDu_hwTqiCFk1B32uKViqmdNWGBqDxkSzmx5ul1xto9BoO9aAApEjb4ALc5qJ7BMl8j_uuly_-P0tMFe0qmwcWIC9mkPnmXyKPpt51zMN6kysaaMsDZRUhremlT4Xtmw1PsxnjtY4dlp-oUnQvIIp1Ph8dg56nojxUOsrIXe3UXsyDTDGAWjvBNMpOXarP_WezRJ-DcL2tdWEcDJ5tiDat5BMp-q507rsdZMq1iERacpAPijFwoUqfWRa-WG7_2PBo-xi31rutgf8zUc7UqV9ppqfg3BtqxY3LeKm9dASFuBQjDlK9KkmnUNVOKQobhX2SKzBvOgmPNmQxgsM15INAWvEmxvEE_dJJYbf06UGoxPR_fsAkMhMwvFR6Su1GC7YGPy0_wbp7BNS3-GmZz4f0gJ7vfIrwT01qnspKQUh-sekw3yN0oHuY1N7vkAGprDLIeClsrGLpNxJPzlBcfhTQh8wO2qPbT4mSTA_PUxMyc9SdqzMsasdoES7XN0N-adycCJoNZ65pHuZ2hbe5XwJyO_3ht_YCTegvaz0QMrfYNDg7tjisVHbCHjfMAgZkSGQ5QC1EdWpjGPIMXL9UdL5GhSQZT8duBrLYZxH89oeYFcdWcjT8HgpnBE-nlPUWUr-pqRQmnGA1SGSH-oR_emTUNeLY79cffbiALFiRMVKheP1yL1QPJtbjqLnzvh0RabyjBCYuifMxRsOGrfO6mMl7Xw4t1a-fHDIWuCE1F21tl-5dgIR81Ex0PaNE6ahUpyOF0n8V7WuMWvWmFt65p11Bc4_yyymJxag0nqc6UktpREJMdcLAW3lHTm546aYbuEukR-JYwN9MZIvrjq473t7LkaGl4tbIbB4v83TjA_ymi-Zga3Mik3KJVM2RpFD82XySvt3Yud7VqSSaOcBS2r0sd2dn49SjiNzTo5KvfEr9GlOwrNOD8sC33zIGciNy3c_Jr48Uf3Kyk1lm85ss2Eg4H_jh6vR0LLn0EAN3ZiExpOflb-T7WKsQdAHCP73gUzKpzPwk64AA84Zz7uVUHPTIMdi2AXRXU9OWVQ9M51vX4Z1sRmqC2czxxk4r3f9MX-unENP5QEgcwGUsXYJ_HV1gG2dZLZSYjIBuAsDN-kEwCrqZ4WiFqI9FPayPwO0ML5y1A3Np0Lf2HZ3j2gbeB9w88gXZB6f7ui2ICSTjk5ae3qNfehfIfKiByzUQnqxec8l3OSHhsgs4E4bms9COHCIkiLF6KgxzjdPP7D3S-ovojpOwof9f_lyEFjKOnBlgGCChUYJMFmpBfFHiDX0yB9afZ6MOLqHbPevIHE6JhlU2nEZ2i5Pj6zAdGaZRLpGwdPqXEEHMaY-Q7qcN4_3l7RjIPf2QlyjFHxlWo3EsY-mQJwUtDv5jUuvypKnuQKgzuJrPcyfQC5uG8Ghvf_ijyxR0tPVyYBXhvxth4p1KecVHY-1fHO9P2jkNmN6UmFUf11XudT-q50AkDZWFF9ib4G1LXbIzDwPb5MQdbx696SkYriRG2B6d8hexZx_IQovXp46bQPbw5TmWpN0PC6cvlwd5DsvzCh64_KIh6tkkvWzZ11ZZQSPUmKDyHzRvhGJBCesqPaFe8nN-4XN9S9KDldia7FHNH5G4scAxs9p_kBsGSi5RdUshyL9R-9LbPWZwTURVhhvJyatqMIfIRjvsUT_yGyN6MAxJ-zx5FhDn-79Bns1rZaSg2ohLU2B4Kog3cIVlyxYXNC2utVlPRRAYGpWTTmrMedATMVPvmuhoijmzlOzyls8Vjj10Vfw07ofEXG7wwzQRlqeBvR_RMu1kZMiYsF6Gw9-KAgz-GQMD7-6SgiKP_m0T8wEHaAMUfQIrT0mT49ZMRriPCvi_oFVF4nJ8Cmtz9jFw3P45SAv290CdS2PBNEcIRaTxuy_W2RJEDUvOXAvIiE0TqwD6FXO9uxX1y_4e8aCL5sCis9dz1JjrWzmrlU6JNXFAdUWUCk0PuDBBG9z0dXpPgks0RhOs_NrZKbXe_ohtPjG5FUcnpPv5Y-ZSKHN_wYc6yZQJx8ZQqtchVDQcKvg6QPO0sdXlRjm4ZwF7d8EO7rbIiw3ZLlotF9L40ZEouDwAmvimPFLXElrBsggoW4tIOLcd1TB2xwpkr1pc1WwtlTPXFWCdq6isbR-isctgDKlemZ_SF2xThrxV_LSX87FwhkWH7mk00znfPXPy7TRxGYzJy5YJlNrqZdyY0JTgk4i5Trvgar9Q2Jjfg-UYxrvyb3hxR2j9VLGVlVKdA9C6VCBLbZKc89eTZy59v_wGZkLcfpXI3MbJcA2Pl2lVa1uqXTNGIBz9YW09W1M-QwF9CNjdvFmISQqG4iVD_YId7zYGAscIygOM_UlcV_dJH7WZJ7YfuFwJsLrHu6tkG_5Pyogpy4gUhPAnzn9j8L591DSCadpdmlxwIbRI7sQJsOBAiRBI4Ae7_3xQpdL2XI-_ydF5JqhdupGDsvLZB_xSZFoXz97qCzT83x1vOQkch43W5jxQDFDas4t7q7LDWLBVvIn0KckXd8WgYQVKl1oaaLlE7Sl2TAtlQACF1hxr1kB8Nw51hw0CEvd6XDJOM07OSGb5-HJVOLYWSjcAmplHzrP77lc7kToSfK2uYOepx1b8Dc0b1VnoUGI7gJCKJh5by2JXp-6M3zmru7mQ3dgFm5VlJEqV7brFle5oCnOLNFy3T3bAFSNxuoN6WH8x14x0AGn7UmN4eg6u6XfmCbsyAnVK4HrdIYx2FtFzNQ5ba3ZCNMk7Y3fYJx_vBrkrbq34TpzT4SYFMx7fmGhfkFmTfFa47iipKSlDWQLmGQi-EZoUDE48TAPbokcTYUUReUlk6uI8GPQ6CP2cc3TwWQ2L-zoMkZd42pWBVbfaBntvMpnC8MB5yY1jRjCK0AmfyaF4o-yi5HxupgV-cW0z2aXbkDxXbaq0mMyyf2BcwwomkS9ymXlyhsDnehzS-IlbC1XTsyejIYjrml815_YqyVumjQOelZ4DHVzhkYTlwiJ-QDkDcCkaMweviBqA91K1gWV_y94r9v3q9HbqH-uf_43ciAvF5822reBZpqWXJoBvU0FDTU_kCqYfDNkKIax0Hx4eH1HQVdYvoFjmuNYQVyriNF5FVvQzDZEjFnil68fUxRWFNmI18MzqaOSPo1KCCQsGktU98YCHll3cNkdyL8X9Lm6LDYA7cDYiGvyWYGfGdtVq3yW40PfZ1SN2CnEBQ2HarGvxsD_QEBNOfATVS6MN21aLIrmVCczhV_KqNMTHZnmpOTtS4l04h1HhQC8wyFAMXbbvDkqnVk24KkTNeguJXF21S6Y97T1QRRCjRo2p60bVWdeekgDLWkANNY36rfoYC-rZYWcWECbPscU1GHiKkoXcXNQnI6WXOetXNvcz_8u4hjMrRuY_qULL7yDruF9e_XG4Pw-B9XiuNlRXOy54a7elSgjPBjtCbeSg0Q&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.beforeout.com%2F&ds=l&xdt=1&iif=1&cor=4381121664958547500&adk=1761367587&idt=104&cac=0&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 16:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame B712 11 KB
4 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 16:17:22 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B712 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 434636
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 16583039641439002251
s0.2mdn.net/simgad/ Frame B712 38 KB
38 KB 87ms
22ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16583039641439002251

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f4e30ca8e31b99a6672e2a6a9b0e498c50b1aa0a3660a258f53b47e6ae55e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 03:59:56 GMT
x-content-type-options: nosniff
age: 398948
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38743
x-xss-protection: 0
last-modified: Thu, 01 Sep 2022 11:14:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 24 Nov 2024 03:59:56 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F9FE 38 KB
13 KB 20ms
19ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 315024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 16583039641439002251
s0.2mdn.net/simgad/ Frame 0549 38 KB
38 KB 46ms
46ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16583039641439002251

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPaYjHdm3y_Q5x1Q7wglPvbgEEID_7u4I9teEDnLhLSbgati0wMngTo3QasUNKJEA0qKk9gSTwIK9GyvZXTeGvRswtRlXWEl14SC5M2cY0PjdLNGGOTYAo7rzkv-juuwAoC-WYn_Ohu-Wi2Mof8zfqi2VMTDqjIMNpGwjSag5e02hxHH0&dbm_d=AKAmf-AZ5_FGB-okZLLmBRwfpPFUNp05lSOUKyElt65WmN7p6l1WhLPQIIYPisELheuZEH80HzkXZ18Oshb3K3HZ26UDC8p4AsMu9-ZHyhmdcj4xb0ONnbBGEp4rAHQQ0iSJ4bj7dVFSk718CzWk8CiKS7Ngs6PZZCHwW8Z-LE7N3fOGjv7qOxmo1ahGkBB-YoQ1Sboi1OTYQ0aNtbLN4zy4Lb1Ec-PaNcch7JLfijv2xDzju7bgOKgZmSI0B_l3Fw8Q_n1pSbCwY4XGTBjhZcWd2puz1SIwdO3W4oWSn34mxuRo6IwxocUEDT_9fNf1PQEh2zsS_D5psooq1wplE8mM9kYQzW5HdiUSpoCMPhnUG5B63lKkwItcXbiq1_Q8487LI5_fTFnugM9JIug2qeS0LxCU9AEE-bGWI8gw8lMXOT1lpbpfM_AxelAbK-m5nlapN2o1cHoxI_HUzmqnlA2l2BDYfM0wCJ14urglWibDm-xwtnaV6aY6RntVqh8Jn8JGBwCx-CHlLmBzXa4sqaN9Xo-cYxq1U8yDZpXAzgRnxsueTN2o9LDtg9gfkv-fEyrBF0og3lftpsSky3LV43SIPgGr6xK-WTp2RsvdE6EQ24KywDS4P2GTK7IvDpcB0qBEIBRT1MxOdMcZ17ckH54l60j8ETlZfuOBczwgTDo2LqXHeO8GB--8zTohOyn5lrzn98E7BsR_v_4QdhLisoTccHGHZjAc3RLueAqu9XqxMBB1c759v99ZYxny5yRpEnN9At1SP5ftK1Q9NAD33HW0pdVbmlmctuX2dQtPAgE2VSkY8TDIPKXmM1Ovd-t-qomskjJiQuNFuwX1yHKWjrsMIKfEOsWFoKjSSJfdRqleo1Wm9xvOzkTvnEb6CBDdasTeMyw5Iwx8K-gKa6uLCf-7hdjOu8Pu5LrPSUrfEoQimS0e6pOvdis7XNtwBNRWA9PA7Hd3X3viCAzRjIs6a_ZLobUldeFo9Qjm9U4DZllDwWByRcLtbF_y8rThCfF16Y3qHMUDjwmaGo74QhRZucs9rq6oj89RN-EcVdgBDelgsuWs8ubmYnbl-Hhn2qkAFgyuFJSof8xT4EAnCOVhiQZVMrkdR5Y5d_B2BjeNwazspVx-1NqbA3BtGJBO5cF_uMrERJs4_v-kZDuWpceCe-Rim_C7pq8ZSqZjUZ-XzQm2_BUMa5OOLNMUE4W2b-iH8iCnxRDrg67vgABmWFnK6g-2LerBkkLaxMTPYGGcrS2NJHsei616FOVjF1oCRspI3PvBlRYR2yxntqSjmme8I4-XAmrVm5-NniVad60oa-0OgdHvHsTRP3TIqXcPVhAC8j9HOP2U38bJYTxjrmSuYEVsNC93ovoF6ytTz8ewuxkFKgANOUwl8h5I0-DBgJZJapfZ5v8SXJqpyWtRaXTrqmO65lIOiqHitiCp9AW1XjUNE2Dur0RhRd5v8aKZqOeHXTg84YUEvqEktzbIVy-4kcjm4KEUVXktxPqLjoRlye9_0Zyfs2Yft90gnyNXDDl3CIMxOG_XQMcqIOj46xxQcsL14yf3Qa2ZfJANaie9QDMEnA6Fo9o3XUuM81-42cLJ8leqe5IH_B5HSCy35t2_XdFZz5BbQ4vUpljtEQYKiUwlaCpn6vr2saCV0YKJWNSb-5QMUepYIclH5QQAwshCvGk669MvK3AxdA_W0quiP7apNKPn6wA0ipV-hcwf-rDr8HxlLBOuThgjWq_GJqKhZ8L9Q3nQMPTW2spA6twTgVsS55ZWqHtzaZWTWUCkONyk7z7aEu26mNLvbD-XLe3LoQ5ArIYx6CtL4ILmh2DcHjgILvQILnV2xcxF8xpK2R8WiP-w9TGr8n7HjTthnh1H6NaN0jTp_v6vZXX8l2Ygi0281YSGHUqof8ak4qVOGy82sykJd4oP3hy_VCSF9WuJFJm-c6DXdBnXHCQS44IhvyXlGM4w_388pv_3gYLvylT9IGcQcTuN-H_hxjkaa4WpSj1btvLBRn0VzmYioUDsiR4xkyh1s9W-rJIZrlfE-qKZgpO_yGFBhMvZCHxzvIYKpGCKVTU_5SJVuTgrf1_oOQnHEKMU143by9IF2UAPRZKhlERXfUcWKmHIPDOJKCQVr2yjgYO3JMtoAGCiHBi7VaT6CoJzCHaWbDbAkQW5zfuKfa-dtA2urenSEXUWswXjzdupUyVEcOXXO4QmJScW3zjtMHSwfAB9BQUxmmaKUA7qqi4Akzy8qTKcHl3kvcIehoRftJR9AdMS64SKaIk2O-S6cHBW4ZKaCzJU6bThLT7OCKDb3jYs3nj8QBMkD5XG9WVJ4F-00JloqKzhx4OJkZWvZcXifjMDvm0EGFTDP8RXk7BBYgsIT-MQuiLBu-nt4WLRCqzfSFEyFSwhSnlXqMH5AXeiFGsgUvESmKwRIpH3VP6k5xstfqdUI_JBMwlmHgWMDNY44sFyEctQwspQyOTa24SGBl9SilvLemCLYtT1C12h5pKg1pzq6CAbb1FzfcnNwLxome6qtLEYgwGLdxampitzXxM3swizAEcSm0Oap4FXDyeFuSx9X5U0-pj3kg0uvWcJaditHTPPtbqHhzZaNnJm5qAak2syU_sBtcukgjJdxwt9oCccILEDyVM3Db3DJAiwj9KPM6LNR5TZz6FFL9hSfUOR6w1oerwm40OzwD__OAavAPIkIFcVXy9wOjFHxAi9T_1PMuhcruNvHRAn2O3lwkDzfoPddY-N67r0cJBAvF8HggAIzt3alaPUCSuTRWmUxKUC_R6UOdbLWz4bk2PVSR-YnzN3o3X0R6r1TAo8vH8vVgndDvb66nUyQ-gSpzR9Ib3N4hFI4mIbvXQYhfvVkjXGzW1Cih0TtNp0ORvZ5NAGetZ3viakwxDVXHgqKK6YjeRCwAGBmWQ0mzAu5EiZ0oSKpynXIkUAQOs2RenJM06EosPOreS_-lZa3pC-zQMmAr99oDT1PzoMyqyHztGuRgtmwcy7PMs17xg8fFCy3Y-4GVtyuwnJFJk3RwNY8d1dG_MkR1CBKvQn6KoIlmh9_u18IpGSO192GI1CAK5aAeB9ke7ZFKMsanh5IP9K69qM7wg1yv0MDDFav8e-saZehIvrj-YFUcLnIU_Oz-BFt9JoxKDyF63-rQ1c2bJszpxAvOpf6RTSJJU1yU4PrMywPdllV6PCQxpk5TIDCVX9bAwtn_KlFVeVN51FFKjoP3aKyAjkjwOIcevfNjE8xQyba-9IQQNyThCjlXR_qoBnxp_vmcjFkIifvMXJwrqOqRKeD5PzTk34JASFIkMYUgdmE4xPBNG7cy3xGlgi9LcFnZnUdw-2br4Ti5wKtpyfkbmuMo62K0lB57gmxLZ0l0HAEMp9nv9UhrS5lYFWaqSuoVKDfCRW3ikEVbXZy-5e8xwe-KwSkpy_chNEFP4Kb-ezsv8AZp7I0EqsPxX_OeJfz4zDImwqxCtBZlsWO9BXPD61M_8MR1cEsoK9lZUcq_xOXeGA-MhYKAJKMr10-ydYl4SadESqeQq6EsTs7Xw1VEu7g5RjvHIfIAWHMVjrrUWihA_vbo_AR2IfAcvsEIWq9Mro1lbohFrVUxbwrUpQZ93IyyPG0OqmiVRJ9eZqruJNFJOPONmMMQ8c9s8mtbOWYG_Z-dG0Q0Ry0SqlFxGsUhE-tqRNARhT6CLoGW3AugZEJMxjhnO3DBlXX_Rw4bpD7arrwaPN4xP1sjsXoIyRTcWfFSAT3A&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fwww.beforeout.com%2F&ds=l&xdt=1&iif=1&cor=6029218334113285000&adk=1726166460&idt=160&cac=0&dtd=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f4e30ca8e31b99a6672e2a6a9b0e498c50b1aa0a3660a258f53b47e6ae55e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 03:59:56 GMT
x-content-type-options: nosniff
age: 398948
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38743
x-xss-protection: 0
last-modified: Thu, 01 Sep 2022 11:14:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 24 Nov 2024 03:59:56 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 0549 31 KB
12 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 16:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0549 11 KB
4 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 16:17:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0549 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 434636
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9540 0
0 60ms
60ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CwXMen4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAaoEkgJP0Ki1yS48XN1TYp7O0l9BZtz1s9hgejtU-fSmmmWVus7IDwHCBvPsschO7YORrEz3w1cEJKz7MwMdSGRi_SFb4sXj6AHQChbMpNSuQbs7AP7k0OfEqdRrr9bhpcOxay-wvj0DMBLErbDlDI3Y3c2PFeikKE7i8JZP1UCAPnAw3D6uuPFeUfecEYYWSFmxH23KjMiUtgWHm_d1ovIrwt-RbWEt-hOW5b9IL6Fx0tGQzu2WBEO-wNw5WUcnf6rta2vDKUWiyyjcWBaSum4fA8jOuljj7pVT2kFKhFcbphRCPPmVPEGvp4jVg3UFq4inq0n2ZKK37rh7pK2THZyZ5ekt3GqWkCfQUrjAFlPIEsAhqD1OwATfh6rFyQTgBAOIBf6_lslMkgUECAMYAZIFBggbEAEYAZIFCwgiEAIYAUiPk8cBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAeakujVAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcKENrHEBjZnJb9AdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYx9et6e_pggOACgHICwGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKwE6WM3hXIE7-kxOMD2BMKiBQC2BQB0BUBgBcBshccChoIABIUcHViLTc1ODIzODcwODEwMzg1NTYYAOgXBQ&sigh=GiRYOHz0cq4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&vt=10&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F9FE 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:19:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 16:19:51 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D250 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 315024
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame D250 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:19:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 16:19:51 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 9540 0
54 B 51ms
51ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=3~lpk4eye7&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
vast.doubleverify.com/v3/ Frame 9540 21 KB
4 KB 113ms
36ms XHR
text/xml 172.64.151.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vast.doubleverify.com/v3/vast?_media=3&ctx=10242044&cmp=30443038&sid=5513185&plc=380566222&adsrv=166&_redirect=1&psf=0&_vast=https://ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/B30443038.380566222%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttp://www.beforeout.com/%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNzAxMjgzNzQ0MjgxCmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc01lWWdTazNqOEdPV0RSOWdaRE9ENjdTU3J5aFVvYzIwQ3RBSGMwZk1FanFCYVZxTU52WjFYWHZtdDhZMVo0MGdpMG8xUVNKd3hvZ280SWdXWHBGbjhxSjF5RGE0U3ViS013OUdrTG5kd1hlTFRCRFZxVGJjeDF1VlV4eDZKRmlYZkh6aUZKdEtESktzT003ZzdRWmdaZVpOU25RYWVCYWFETHBVemNQaDIyRUhBc0tXYVFHREJIVXFUSWhIZV9PTTZ0bmZFS0ZIMDJzQ0lON0tPb1JYcTVSNHNRY01HOW5hdDJsVkc0V1k5SFFPVGEzczAyUjlwT0ZWZUhfZ1o1X3F1ck1MR3VfWGtJNFhEbVBNY3k5VWtjUkdnTV9Oc2tnWTd5dGNzQkFkS1c2UnYydTBxX1JMX0locWtxUVlwZ0tZUmxiS0Y1MWI5NmptME5HbndnRWszSUN5Q3BsS3FsTVAtcEZfWldHVHotY3Y0d2MtdlZyS3cta1UzX2lyRG1UV0VyeVMwbkc4TFc3M0toRk9PZUNUUHpaeW1qZjdBdTlvZGdhZzZ3SzBJNWEzTDFLckZMNkJJNTlFZXBRczhrQUZaNXd6eFVXa2NDRm9LVFJZQTNaRE0td3FLRDg4R2RfQm1VT1NLbHBiVUJJcFR4S0FuWmRQbnN5QmJ6NHJBN0xIMEJIYnczNVE3TDEyQVdVdW0tRmNNa0QyUnRIQ1g1ZWV3bjdOTTZEcmpteXU2ODRCUnl6UG01WktqSzJ6QXZFVVY3VEs2WnBJNm0xakVpSk0xb01IUllpa0dZMVhMNHVsZmpUTHRndUxrSm94VGdWMU42V0dBa01zWmdyTDlZLUJFNXQ5S3BxeEIwaEJfc3B1SEpETHdnQldLWFl4Y3BlV293SkR2cksyZ0lEVUpxN2pfQjJXUGNRdjA0X2NBS1R0cV9sUmpyZktUaDlLaDhwVGJuM1dyY21KY3VYVll3bmdaZlE2cDVzMVlGSENndFVxaEV1aGFLRE1mZlZDZzFYWlZGTmFGLUJsX0tFcXFEVGFybHhrZmN2ckhyWHhRMXJqOGdsb1d6RHpGSWE4VXg3cEcweWJkZXZvQXRDSXhLaUxZd3RqUzJQOWNXM1VrM1VfY2ZHNlNmNThSa29MMEpISElNV2NQOGhDaTFnWmNQc1QwYWYxNndNOThlRWZfbHl4S0hLWXJCZVVvekVrRlItQmlFNE5CZ2l5RWNEa1ZYdUQ4UVZqYkd6bHkzckF2dFBucjVXM011alBTcmNKcHIxbWZ3WmFacTZhMTlrSEltOHBncWpkS00tUVdvZ3Y4Yl9ELXl6RTZ6ZG5nNXB5UjFXaTZNMGFMOG55V05oX0lYNWtBUUJqVDNyY2NsNll5WTdYZ3ZjRUtpM2VkYmRYcFlJc2xlTlFpZGR6WW83bEJRdUgyeUU1VUNzM2tJQWs5UjNJcl9YYk9xQVFma0VsdmEycE80d2IyZ2ZNa0V1djFVUWpSS3diODlDN2VGVU5HNGI3bFN5MXRKbWtyYWxscjF5b05EYUg4Nlc0UE83cENxd0FjalhsUXMxeF9KSG5kbUhBY2VkbjFiM0xTWVB5YWVDOUlidkhld3hGb0o3TVUwdUpWcU5qaHd0UVN1RmEtTlJrQmZacVEzQlFfRmhZWVliQ3ZBVUZTckpSaWExZ2M3TGdwSXNwS1dOeGgyVG9PbkxaemdfRExvb0JSTmdzdFo3UkZMcTRGSEtpMzd2cThOQ3llM2MxWnpDS191OFlYNmdBVFFXSmZzS0VWUXg0NGM1SE9MMlRCd3RnJnNhaT1BTWZsLVlTZXRJN0h1SGtYdld0ZGJGTi1uNk5QclpURFNrdVpQd2JFTG5QeVVXUHFFTWI1VjhtUzkxUE9DMnNEVDZ3TGI3WUJ6T1c4akZNSnRPbURiV0NuVVlHaU1uSS0zWWpJbFZQOUU1T3RvMEJkckY1N0V3Yms4b2liOWlRbFB6ZUw2SjNoOXFabDhyMVpockF2ekVRRXhjUmJWN1JPODRiQjdKYmNZOTJJNWNjeXlER1gyc1ItYjBlelhFc0FzVC1wdk9HN1JfY09NYnVlZGdMT2FoNlNNdDk1dTdFa1lSb1NmZWFMV2R2V3pabElQZ1AzczJscmJISnpETGY3dl9LZHgzVjRpaDFneW1xdUtJVnRuX1NfREVSRk1Uejg2WDNhbHZCNVpubV9Fd0hvdnktOHhQbyZzaWc9Q2cwQXJLSlN6QVlDemdQYW1HR1pFQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D204899594%26dc_adid%3D572283934&_api=[APIFRAMEWORKS]&_ssm=[SERVERSIDE]&_tsm=[TIMESTAMP]&gdpr=&gdpr_consent=&_abm=[APPBUNDLE]&_pum=[PAGEURL]
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f86dce0aadf07f7b0bcc69605afa242126278c08b448af8731c4100f3144ccf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
server: cloudflare
vary: origin, Accept-Encoding
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 82dd074a88274d86-FRA
link: <https://cdn.doubleverify.com>; rel=preconnect, <https://tpsc-video-eu.doubleverify.com>; rel=preconnect, <https://vtrk.doubleverify.com>; rel=preconnect
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ Frame 0549 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c69b71f6c8f7565b06dbb66c365dfc4646016170d64b915f83c7d6fa3e774c18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0549 0
0 135ms
67ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssNOiD45LxlcgK-0VA3StYTbFIDD0tzQDdhENDRAr3n1WmFMi4w6DkYPCxTmKzQo1_G6oK7V84opYlhI-DEGE3Fs6u2mKFu75_nEZRs3wIBSpie-NBEmqRwfnGdMlEG2OL7oI0PidJCGG2_Pb7fXNpVlDHYHGr2SG9eNKGBPcBJUCamSQ8WFtqvCpYg85nXxcS2aKkouLKz-rGh0URSiGFMpaUdlFxk-jix7hbcxeO7PCVUhNBXZr-1Lwg1SXPRdquoyZqckOQRYIoyFj4fnq1e2ij3VT4U3NsuKh6Ff82TQRH_1FJFzCwE2D4KxctLHWVPQObok6wWCFAohpRYld0ajpnwr2ghiaBU0Yb3-XTufIHdQ4ppyWAU9vZCnnZaEnFLc9XL8gEJTKTQAfpaT5R8PvPT1UgGCbtyV1B2K3jLnIIp57BB581bl9W8JhOMmTX6SVgB7fK6t4xscYKRY9pYPBcPL6-DTdMf2JAKKTAt6s8nkqyHDrBHpp0Yza15dCQqcAzveFMe252WnX8JdwgGOIKmWagpQ-D_PJdhnwShlJOwVVQxwwfdKj87gqGUZxU3FfC5fk7vJCR2DyCr117YQ_865U9CnCY2kkqQNji-yNzbyBr0fbWyVh5NYgMr4w6sl4tr-9-8AfiuujT_kNHYM7VsbESB4TDizCjZKv7eeYPWRtyc1pLc2WgbL_tdk9elvgHWpjC-ps2VIEvZ515B311MAPCGUFT5vNb2C8PY8nMEo9Dye7lPlyg-T-PX80F8L_MIJUAcPs55iPqvDLbUHK-pdFWLOfsB17ehHOPNggcbMMQPW24z9-jSsgcxLT2v7S7nijmiE0YjiI7t0t-s9mrMF2jkRd89J-oTp5YR8yUy7qqA34SkjnrM5UojY5Qfh2-9vuST4ErjLoef3S8om57milKfenYav8z7V14Nm_Jilj_eyZoduX1QrT-vG5KJWNGG-Bs3Jj6BJGrskmYCTpZ-1zMQxr1B1H2J2z2DuB6YTXD9Dp84vZgKmxJfSehgqyBbkUr65MpCzM-oUGqfY_ATkZU-ddI_2hBcNsq9NCIx8E8XdACY5DqQzOzItEG75zI2mTFC9KS3mMVfj1HiP61FCNmzevsOXfgNcUbeEFB2JI2VDbpKduXxjsfLCy8a0VR__VaIoApPMNvUfKYiXLTvBDoC-kyJ9sicDYxBCPwvu4AjtMBhI4RwTErhBMIGwYjaxoRxLiqcVZ0XM87efQn6vfpaekemkG8E-3cmmi7lv8LY7zNUXkK1pQsUcyQs-et4rtgguh-AsD7phuhwA0t67fU-_psywvnZNLtkyOjjQPn0dyEW0lKtyvdnv6NOV-Vyv251UM7h6LkJ3ro7QZhIf71HxfLmmbGn6XBPm7EWV1Kim2mH_GVO&sai=AMfl-YQuM4W4fRXrlk_4XR-jr6tuRAQF0gfhUlvZLJlCi2BDj_Y8dGMKyxqCrSEYZu2uI4OGRe9f19fI4vYA-ce5SWJXyfLrXFPytkbnANBNlZROpvz5sLvoRUdIX-uvtyEs3Gxb3RRnKc3kGGIYWpwDzP_bpy3osv2xWFwFbReYcynDDo4SbbQWRea6rBBzQwjY8WPxmCMYGSd7wzP8mwjgcAslVYpU12kuOgB_kgZHooIgc0FvukktGyUtdWHFGSRmuaqYcAokXpTROWQ_puannMuIMpu37p6iXlVqkw&sig=Cg0ArKJSzOXBOfkSQB8fEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=77&cbvp=2&dett=2&cstd=0&cisv=r20231109.67524&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame 0549
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202303_ds_paddington_dv_pros_371805496&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

25ms
25ms

Image
image/gif

3.123.186.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Protocol: HTTP/1.1
Server: 3.123.186.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-186-116.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:04 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Wed, 29 Nov 2023 18:49:04 GMT
Last-Modified: Wed, 29 Nov 2023 18:49:04 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 116ms
71ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66787c9f1fc9e289c4c2e0eaf282a48e6cad08b089d01c0e22941936e6246877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12273
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B712 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c65245690f89ebeb16a143e38ff17f98610c7c390258349131ce806030425fd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=58&version=r20231109&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B712 0
0 103ms
66ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2J4dtqLvDNfwtOGSxrnnenneeDXEzeZ_mSdR-W18GmkupUwuob1wPGwGHfjBeuWC1UAusz_HemyEubRqXczDgWFyqDxi_oEdK4_kfJ48DJcz_BI3VwcwMFP6ko_s8Vx3ZnEdVbGoL6OKPtTZQCIAYnnk2dniA0-dL7BHLJpzbb_aHI7Ksu72SdX2SQayFcXyeLrsmXjWXh_0_hZlLtzNihKrSV2bEPld2cbzOid8fHW-Qn3kBIJZxdiuX_5fxunFwE5UDWR2hQlWMKpB3AkqPgjxtoQ5UHIi5W8egzVvWxcDLlm-Ae3uTAX_dBDeK2pgCRWgfKmgCNBJGfifioGD45XwABWgCXJfH1MUfV6bm8MyIoaH1KPLf721q_qDOj2CIkPKgq72UTpELf3AQT1i-wI7izHEN_MIihjXhWNKICaeYdFUjFC63zFrcbY1rndw6KlbJxJE7AqoPqwi7tYtjmc7-oVaoL-3A-Vlx6g2dtHUol7gbI5WmzhU2KKouDsQUB5eRhxsu0jebEU7DQz50qzFjJTX1kfWEgm5HWNyJl9FfaX-YZGFX8MyP2uP1FSdW92XLTNi3gxsFxWswDfRk4y4uClRohXTdhr3DJqruy88xPcTKjq5wiAKLZusuEBtFNS43Mv8C09HFwDXJY6ANXs_Ygkmd3R8B7ZlqwukY5rpGmt20zAYxx0cLsoHF_dx37EuxqBqkeYr89ypvgpiL6-QCZOvQPOrjLrs2eGJqPh9nP_X8BEVA_BMs4Dgqv_nR4F4eEHkjjAOef1TeEgwOElbe_hwHo992yilPriD3q_zkdbMjbTP-bgcTNebK9TgaOTPjUzoSTsfViKhpA1zfHTP1wPNsi4JAfAf-tibhjzAPi9RjIoBB1lU82KCUChy4TlNDqd8-eF1JcA0O37sqQHusXKi2siU-s0jzllJ3OIn0z6ekXoCr-wPv7so-nezpYB-T6LznyueqdaeoGRymvDuPN2BA_zrZzIFv2w4ACQdtA4sFhjElnfq2leRyFY1wnGAfOt9Fwsw6kVRDT0WtwiiDKq4uIQKUOsqo704PNt90rPqIVRhTBRU8c2p6v_N-aFzgXo8BFKG0EPkybmbSrzU3MPMzNGE_-cI1qrzG6H1R6xcNYywUy6amNPTxyBJp8HJGlOXni8rJm4fuuOE2-fFz5l3lBjSOL6kIoMXJDVae5LRdmACPKYZodYgq-mAIVe3GwKr9ZUCr9rUKIcV5ijFfP9f5FeMM01Kt91a2OxxDllywfKu_KLPSC39ZkXu3vmejNYsnDtIm49dapGXnx34nFyUAKjIsPQOoUiEypOJnQj_upebeSpHH06WGlf9dA6BAIte8KhwgmBLLRH7XooDzAsguYTHLILC422X43o6GX1jpYKTaiXxO&sai=AMfl-YRnKipIN_gNB2vw16A4FlGcYAypPyRizJaDhianavBci1BXEYHDOX7n3TRbXr9TgNRHjeimZkG5W2Mtj5EBxQcMG2A0jggHDbf_6iUnIc309N1oe7GkKanMH7bdrjERWBIVLzfyeBeQbRnAZ1B8DDJTwPc2p97qgjUcjGTpuOc4bjzFefMInN_Z6qvc_zNtzPx92zdu0nD9M6D8jG_8CnjL963lezhuVoTVwCbhGe9avLc8Xs5PkTUy1yfnJDwMP6yJ6UX7f6nUN6g2x156TD7PHmWe5OOwKg6z0Q&sig=Cg0ArKJSzAdbwd077bHYEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=176&cbvp=2&dett=2&cstd=0&cisv=r20231109.42008&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame B712
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202303_ds_paddington_dv_pros_371805496&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

29ms
29ms

Image
image/gif

3.123.186.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Protocol: HTTP/1.1
Server: 3.123.186.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-186-116.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:04 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Wed, 29 Nov 2023 18:49:04 GMT
Last-Modified: Wed, 29 Nov 2023 18:49:04 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F9FE 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bbp7zoIdnZejMBoHNgQfgm63gCQAAAAA4AeAEAg&bg=!YWKlYi3NAAZxrfrxUa07ADQBe5WfOAEHdep27Esp3oxoa7onXWtETXA4SVFQYU3pF4RPtRxwlYAzk3WW3DFjB2fO1L_lAgAAAE5SAAAAAmgBB5kDEucmRPrZF_rwr_lFWq58mCU_x9ERLMEZV5onP05zE2lKJUnQaxo9sZqgvBoEQVCJ-2cirBhuEHoeXepH94BQg8pO7v0A4UrJ6UEy7sqL0-xbHz4bQvO4zgsHUaM-3NkXS3yN4NvdiVBoGNISe1VuFgycXqOt1uHrWwhp46uxs1knrKb8ReCrm6bsMzEsrvFBW0Trri9T0zDAPP9RwoP4s8UCE-4kQqBS-jfkjM3kXCtdex7rMwn3FAT8LFPgkM930e2Ucpv5rzVHBb_IFqVqC1sWdTX0HrH8JRnFISZ7yTHAO2vz6OdrKay2ohC7ylIw6MKfmW3gngrX_jROvPHTi6qbv3WLVUy9lWaRM72nQjeyji9pRMzfAqtpTpdHqJyzmbdr3LeMN75LF-d0mMD6uBQ113mpXkyLQttl6pqqLi4hg8WSYODQonElV-5JZXvy8JKogsXoptodOS8dKg_DBB7GRNrnbI2oxowRDT8EQkVG546WWwGKO-PM5n5lTsNFcljJQSH7wmVUeA9k4_c5oXX2EY2EcQA0Xfv22WrhWBKlevXhcw5OaRVrMnVjOudDtayZzrMgcZzJGvLAlugaoeRZ0sb9usTOCWvhU5QpR4WDfdrJVl5sH1XA5BjDkuyPxwgQtP16CsNlzLbKhvPJ7BQ0NQHppqq5SC9Bk4IF1rfqcsc_LIo3PjcXfrmgGsOxqgWDjxR_2uKhzxSOiZU0klCZTO8DM8pHOBg0wr2U6DAwXQYQzkXEN8JsZWlH00YXTcqJWg9roKETdYX3M4GkvpYY7YLxpA9L677o4zzwZt9lBSDj9BXbS2zhlUVXUZuqEQjDfkk45jrZXKt5mBPQzOy-K87EofBBTdZexhg2P9uxD39Tlifl3U6UqKZioizpFevbYxRjvrkc-M-XMYn-ZKlOzyYAsT2sclSEH6NH5GhkXi6cR5U0pw1DuDYt7bEP3kz_Nviq0k60AgMeTaVo6mYJJauS0COGb4ia2oiGjl5UJSL0qoVpkgXlPWEAY4WdCXHWVzrW9Ufhi0hxRmA-VguGAA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D250 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRGaloIdnZZS6C9qhjuwP-d29qAgAAAAAOAHgBAI&bg=!x8SlxIvNAAZxrfrxUa07ADQBe5WfOFMcYx67-35SxTJrnws9tuXjvcI9ix_XB0TO0TFI6EiK6U36iXvDEn-FrQymgdd4AgAAAD5SAAAAAWgBB5kDAdCc8BFzUTrgVJUqyG3Wo34kpq6LCIFK__KvxKJwKSd6FqH0oAOktL-LwS89L_tcWKy4CaMwCmNCNjQ3R7bj3yHtDKsooarH3vjHvwRwntjmxD261ngg5o4Y0Um8FbLNibLR6ewdaKfCnAZ3u_l4o8I__QX5fTzC1fTH9PO8X5Ay7VRSTnZ9s2XRa81G_8yPI_gQ4PWMEr0jGnEdug277M665jFhYGEAf1gKzQTW20o7W6Pdkj8_YAUYfbTDvY1SJ8UWbdNvPBu1joTqvTbf_3jUSydTPlKnNBpxOHm0LGXcXGpyEoW03G31VglXn_wWcL4763lBNcCQf0Hd18AF5wRlH2cxYcxF45rnyjC_xp7gnnZ2K9Pqv7dNIiamCheMWHr0QLshOOxwK_T-b8egK-SxhDWpT5A-3WdLOCLhA5nvXzqNeXC0_wY6GC7cVNA5jk94vvvuaQanMstl2qTtOTNG8GQLzymoPSWB3-xxsXtFJRmWzacCtoh1sCzqYIAlV8vLyNuui_N7OqLgzjsKH2Io48ayuOzPiCGslSyOkqMdBrrNmnvLGooNi74cEK-lUsZijgI2dyCzlVKjlJ5kaxNasbWNdBobauEbN2wRKYRcAyO3K_MQUdEdJCKZCtUVHwf6x8FcA4LDnBYKpnkeDJvlJlYeoVQkKI5bkceUMjumFnMyzAIHO8S313QaIDnE4yMN5kodTjaStkw3xv8MLpGydO6ANuGwfFNUJMKzQpie1lQRps3_e_n-lKMtSX5aYjmDxjv8-8j1upaSjTB-zMSo1SeODOH69Bxt3hECuVvIdu18gGofCibkMmgT7KDswHzaMXeT5Ljk6iNp3KFEyo5rNPwz1QcTEodzYin6hi32JnVhAYgIOlBNf9oABrjnTbyGIgNaKCZdn0nPQGxMtWMQ6X3shZOT9ihO06YrKJ1DYjL-qyUF5rr4rl1JwVvE2w1Fa17eyLdL_igdCMIjrTOGvNHR5aVuX8XCKJIqCME9E-SkWNaHOJ9Sk4MhwU7_zZw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 B30443038.380566222 Show response
ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/ Frame 9540 42 KB
17 KB 142ms
72ms XHR
text/xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/B30443038.380566222?ves=dGltZXN0YW1wOiAxNzAxMjgzNzQ0MjgxCmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc01lWWdTazNqOEdPV0RSOWdaRE9ENjdTU3J5aFVvYzIwQ3RBSGMwZk1FanFCYVZxTU52WjFYWHZtdDhZMVo0MGdpMG8xUVNKd3hvZ280SWdXWHBGbjhxSjF5RGE0U3ViS013OUdrTG5kd1hlTFRCRFZxVGJjeDF1VlV4eDZKRmlYZkh6aUZKdEtESktzT003ZzdRWmdaZVpOU25RYWVCYWFETHBVemNQaDIyRUhBc0tXYVFHREJIVXFUSWhIZV9PTTZ0bmZFS0ZIMDJzQ0lON0tPb1JYcTVSNHNRY01HOW5hdDJsVkc0V1k5SFFPVGEzczAyUjlwT0ZWZUhfZ1o1X3F1ck1MR3VfWGtJNFhEbVBNY3k5VWtjUkdnTV9Oc2tnWTd5dGNzQkFkS1c2UnYydTBxX1JMX0locWtxUVlwZ0tZUmxiS0Y1MWI5NmptME5HbndnRWszSUN5Q3BsS3FsTVAtcEZfWldHVHotY3Y0d2MtdlZyS3cta1UzX2lyRG1UV0VyeVMwbkc4TFc3M0toRk9PZUNUUHpaeW1qZjdBdTlvZGdhZzZ3SzBJNWEzTDFLckZMNkJJNTlFZXBRczhrQUZaNXd6eFVXa2NDRm9LVFJZQTNaRE0td3FLRDg4R2RfQm1VT1NLbHBiVUJJcFR4S0FuWmRQbnN5QmJ6NHJBN0xIMEJIYnczNVE3TDEyQVdVdW0tRmNNa0QyUnRIQ1g1ZWV3bjdOTTZEcmpteXU2ODRCUnl6UG01WktqSzJ6QXZFVVY3VEs2WnBJNm0xakVpSk0xb01IUllpa0dZMVhMNHVsZmpUTHRndUxrSm94VGdWMU42V0dBa01zWmdyTDlZLUJFNXQ5S3BxeEIwaEJfc3B1SEpETHdnQldLWFl4Y3BlV293SkR2cksyZ0lEVUpxN2pfQjJXUGNRdjA0X2NBS1R0cV9sUmpyZktUaDlLaDhwVGJuM1dyY21KY3VYVll3bmdaZlE2cDVzMVlGSENndFVxaEV1aGFLRE1mZlZDZzFYWlZGTmFGLUJsX0tFcXFEVGFybHhrZmN2ckhyWHhRMXJqOGdsb1d6RHpGSWE4VXg3cEcweWJkZXZvQXRDSXhLaUxZd3RqUzJQOWNXM1VrM1VfY2ZHNlNmNThSa29MMEpISElNV2NQOGhDaTFnWmNQc1QwYWYxNndNOThlRWZfbHl4S0hLWXJCZVVvekVrRlItQmlFNE5CZ2l5RWNEa1ZYdUQ4UVZqYkd6bHkzckF2dFBucjVXM011alBTcmNKcHIxbWZ3WmFacTZhMTlrSEltOHBncWpkS00tUVdvZ3Y4Yl9ELXl6RTZ6ZG5nNXB5UjFXaTZNMGFMOG55V05oX0lYNWtBUUJqVDNyY2NsNll5WTdYZ3ZjRUtpM2VkYmRYcFlJc2xlTlFpZGR6WW83bEJRdUgyeUU1VUNzM2tJQWs5UjNJcl9YYk9xQVFma0VsdmEycE80d2IyZ2ZNa0V1djFVUWpSS3diODlDN2VGVU5HNGI3bFN5MXRKbWtyYWxscjF5b05EYUg4Nlc0UE83cENxd0FjalhsUXMxeF9KSG5kbUhBY2VkbjFiM0xTWVB5YWVDOUlidkhld3hGb0o3TVUwdUpWcU5qaHd0UVN1RmEtTlJrQmZacVEzQlFfRmhZWVliQ3ZBVUZTckpSaWExZ2M3TGdwSXNwS1dOeGgyVG9PbkxaemdfRExvb0JSTmdzdFo3UkZMcTRGSEtpMzd2cThOQ3llM2MxWnpDS191OFlYNmdBVFFXSmZzS0VWUXg0NGM1SE9MMlRCd3RnJnNhaT1BTWZsLVlTZXRJN0h1SGtYdld0ZGJGTi1uNk5QclpURFNrdVpQd2JFTG5QeVVXUHFFTWI1VjhtUzkxUE9DMnNEVDZ3TGI3WUJ6T1c4akZNSnRPbURiV0NuVVlHaU1uSS0zWWpJbFZQOUU1T3RvMEJkckY1N0V3Yms4b2liOWlRbFB6ZUw2SjNoOXFabDhyMVpockF2ekVRRXhjUmJWN1JPODRiQjdKYmNZOTJJNWNjeXlER1gyc1ItYjBlelhFc0FzVC1wdk9HN1JfY09NYnVlZGdMT2FoNlNNdDk1dTdFa1lSb1NmZWFMV2R2V3pabElQZ1AzczJscmJISnpETGY3dl9LZHgzVjRpaDFneW1xdUtJVnRuX1NfREVSRk1Uejg2WDNhbHZCNVpubV9Fd0hvdnktOHhQbyZzaWc9Q2cwQXJLSlN6QVlDemdQYW1HR1pFQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg&dc_cid=204899594&dc_adid=572283934;sz=0x0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dcmt=text%2Fxml;dc_sdkv=h.0.0.0;dc_osd=2;dc_frm=2;dc_sdr=1;dc_ref=http://www.beforeout.com/;nel=0;vis=1;dc_sdki=445;dc_eid=420706098%2C44752538%2C44807615%2C75259414;ord=[timestamp]

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

fee66174a561d617cca0350e37df79812974b0c09021a75a117bb454c860ed8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16470
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Nov 2023 18:49:04 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F597 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 21216
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 12:55:28 GMT
expires: Thu, 28 Nov 2024 12:55:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1C57 829 B
1 KB 81ms
31ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

81fe36ae60a892e03c8bb7b92325cdf1b8d5a9515ee9217e8cf71b3241e0f123

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2io51DdJOQ5rWJs0lzui8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.beforeout.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-2io51DdJOQ5rWJs0lzui8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 18:49:04 GMT
expires: Wed, 29 Nov 2023 18:49:04 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F597 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:19:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 16:19:51 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 9540 0
17 B 52ms
51ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=4~lpk4eyih&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&vmfc=13&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 9540 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 15:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358947
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 15:06:37 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 9540
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signa...
https://r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

109ms
22ms

Fetch
video/mp4

2a00:1450:4001:63::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/804E3DA2890B60C79395B4B91C8F17E1CF593C32.60645D0C361DBBDE00712D3066786C7E5A99FD39/key/cms1/cms_redirect/yes/mh/J0/mip/2001:1b60:1010:3:1011:70ec:376d:8c6b/mm/42/mn/sn-4g5e6nsr/ms/onc/mt/1701281644/mv/u/mvi/1/pl/44/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:4001:63::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 18:49:04 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1714331
Last-Modified: Wed, 15 Nov 2023 16:02:03 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Wed, 29 Nov 2023 18:49:04 GMT

Redirect headers

date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 666
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/804E3DA2890B60C79395B4B91C8F17E1CF593C32.60645D0C361DBBDE00712D3066786C7E5A99FD39/key/cms1/cms_redirect/yes/mh/J0/mip/2001:1b60:1010:3:1011:70ec:376d:8c6b/mm/42/mn/sn-4g5e6nsr/ms/onc/mt/1701281644/mv/u/mvi/1/pl/44/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 9540 0
17 B 52ms
51ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=5~lpk4eypx&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2074&mt=video%2Fmp4&vs=1024x576&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.165~videopreviewvisible.16b&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1C57 0
0 56ms
56ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=4220443653273820&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame BAE3 23 KB
8 KB 22ms
22ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 368492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 12:27:32 GMT
expires: Sun, 24 Nov 2024 12:27:32 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F597 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vvQtzw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame BAE3 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:19:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 16:19:51 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAE3 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BnaMnoIdnZcjnD8Sk2fcPmMywsAsAAAAAOAHgBAI&bg=!ysmlyYbNAAZxrfrxUa07ADQBe5WfOEy3Fv6Y0AEzT718AauVoGHcAgHVcZuBTMlN66MjOiRCb5zmBmvMgwY2bqHEilwNAgAAAC9SAAAAAWgBB5kC7H6tDcIxy9sCzZuHKBMSkuTxP7lYIj2rMuOEnqJb6DKhk1rI9BRbgYfYMpiBmPZEYQQ8XPyEWsogQ2YmQ3NNuIKO2Aqf_g2K5OGD2lfn47909vRRWANdYdYbSrkAPS66Jpk8jYyAtn3t89Xibx3xiBxcdrb69G9MD4AXD6DUvRxV40wuZonvnQqavMKct2E5kAD40x1jmCwcXw8CUIGAQ3DsbAgENBKYADXTMpG7yUbKXs3fBM1EI6A_GucavFOfBnnLGuW1TT1qrcCyhdFc3Jp6HedftUsLJqp3PigpOSxmnQhUW05uyGjxJL_6lXSJiUFqPED3uh6t6RilQaY6haycLybMzjjiOgejyk9yh15uCLNCXmmgGz-7adrYmXfYS0elesqgqghplmdNXTXizTXs3tLJhBrehkLRbC2pR0yEr-8WxeAX7wbolnu1eao2DdqOCIXDcAmZVIWwXTMJQhYKM3ZkuLoriY67BnTiC5ZGcUI4ic3lpBlzpn60JEyjlFSydPVeW0TgOenVQD3snd21cwDxYo9AlqTUHIdOuyAdDLaHjtum79u3S7uSgdqXk2fKtDOjZKvdwymoHqMo9IQyq5_6Cc2htO7Ftfu4h11kNvjHajgyLtD3zMtSvJ0GuPyWVG0S8bUis1_Gv3MjpdELCO39GAaNG5C7ttsrD6Kz4RxHAcN8VQOUzfkNf0UcvPTQj0vIE8JrLAf_qywaVlxNMP-5XwnRv4lI5sgK35l3tKCjYjppuK5P7CZuh0xiQGoQCeEHfo5ADL4Gl8vaXh6SdHTwW_M5KCACzAwCxxCljD6MuzBSZGcaaf9WayP7gT31Cg1_-KgiJpOu64Txvhm-wnuaOgqWHXLpgErtqG8-TylCZ_i2JGr5mQWEb4Cq1TNrJr-pul4xmoiX37L-QtFdEkwx-LzzVs3ju-8BnsL7EUkZhWIqvG1fRRU6WIZUk4eiPANCJIbpiNdnUndy2Le69OAn1YjNnhcfEyk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 206 file.mp4
r1---sn-4g5e6nsr.c.2mdn.net/videoplayback/id/c33dd5d50ee195a3/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3844512259/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 9540 2 MB
2 MB 48ms
23ms Media
video/mp4 2a00:1450:4001:63::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:63::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

cc805c5b4fb2e3ba3124f64a44760c47e3a9a6b6d932337e2f88a93dffc0f623

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Range: bytes=0-

Response headers

expires: Wed, 29 Nov 2023 18:49:04 GMT
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1714330/1714331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1714331
last-modified: Wed, 15 Nov 2023 16:02:03 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

POST
H3 204 csi
csi.gstatic.com/ Frame 9540 0
17 B 54ms
53ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=6~lpk4eyq5&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2074&mt=video%2Fmp4&vs=1024x576&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fvast.doubleverify.com%252Fv3%252Fvast%253F_media%253D3%2526ctx%253D10242044%2526cmp%253D30443038%2526sid%253D5513185%2526plc%253D380566222%2526adsrv%253D166%2526_redirect%253D1%2526psf%253D0%2526_vast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN7657.3553448DISPLAYVIDEO360%252FB30443038.380566222%25253Bsz%25253D0x0%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttp%253A%252F%252Fwww.beforeout.com%252F%25253Bnel%25253D0%25253Fves%25253DdGltZXN0YW1wOiAxNzAxMjgzNzQ0MjgxCmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc01lWWdTazNqOEdPV0RSOWdaRE9ENjdTU3J5aFVvYzIwQ3RBSGMwZk1FanFCYVZxTU52WjFYWHZtdDhZMVo0MGdpMG8xUVNKd3hvZ280SWdXWHBGbjhxSjF5RGE0U3ViS013OUdrTG5kd1hlTFRCRFZxVGJjeDF1VlV4eDZKRmlYZkh6aUZKdEtESktzT003ZzdRWmdaZVpOU25RYWVCYWFETHBVemNQaDIyRUhBc0tXYVFHREJIVXFUSWhIZV9PTTZ0bmZFS0ZIMDJzQ0lON0tPb1JYcTVSNHNRY01HOW5hdDJsVkc0V1k5SFFPVGEzczAyUjlwT0ZWZUhfZ1o1X3F1ck1MR3VfWGtJNFhEbVBNY3k5VWtjUkdnTV9Oc2tnWTd5dGNzQkFkS1c2UnYydTBxX1JMX0locWtxUVlwZ0tZUmxiS0Y1MWI5NmptME5HbndnRWszSUN5Q3BsS3FsTVAtcEZfWldHVHotY3Y0d2MtdlZyS3cta1UzX2lyRG1UV0VyeVMwbkc4TFc3M0toRk9PZUNUUHpaeW1qZjdBdTlvZGdhZzZ3SzBJNWEzTDFLckZMNkJJNTlFZXBRczhrQUZaNXd6eFVXa2NDRm9LVFJZQTNaRE0td3FLRDg4R2RfQm1VT1NLbHBiVUJJcFR4S0FuWmRQbnN5QmJ6NHJBN0xIMEJIYnczNVE3TDEyQVdVdW0tRmNNa0QyUnRIQ1g1ZWV3bjdOTTZEcmpteXU2ODRCUnl6UG01WktqSzJ6QXZFVVY3VEs2WnBJNm0xakVpSk0xb01IUllpa0dZMVhMNHVsZmpUTHRndUxrSm94VGdWMU42V0dBa01zWmdyTDlZLUJFNXQ5S3BxeEIwaEJfc3B1SEpETHdnQldLWFl4Y3BlV293SkR2cksyZ0lEVUpxN2pfQjJXUGNRdjA0X2NBS1R0cV9sUmpyZktUaDlLaDhwVGJuM1dyY21KY3VYVll3bmdaZlE2cDVzMVlGSENndFVxaEV1aGFLRE1mZlZDZzFYWlZGTmFGLUJsX0tFcXFEVGFybHhrZmN2ckhyWHhRMXJqOGdsb1d6RHpGSWE4VXg3cEcweWJkZXZvQXRDSXhLaUxZd3RqUzJQOWNXM1VrM1VfY2ZHNlNmNThSa29MMEpISElNV2NQOGhDaTFnWmNQc1QwYWYxNndNOThlRWZfbHl4S0hLWXJCZVVvekVrRlItQmlFNE5CZ2l5RWNEa1ZYdUQ4UVZqYkd6bHkzckF2dFBucjVXM011alBTcmNKcHIxbWZ3WmFacTZhMTlrSEltOHBncWpkS00tUVdvZ3Y4Yl9ELXl6RTZ6ZG5nNXB5UjFXaTZNMGFMOG55V05oX0lYNWtBUUJqVDNyY2NsNll5WTdYZ3ZjRUtpM2VkYmRYcFlJc2xlTlFpZGR6WW83bEJRdUgyeUU1VUNzM2tJQWs5UjNJcl9YYk9xQVFma0VsdmEycE80d2IyZ2ZNa0V1djFVUWpSS3diODlDN2VGVU5HNGI3bFN5MXRKbWtyYWxscjF5b05EYUg4Nlc0UE83cENxd0FjalhsUXMxeF9KSG5kbUhBY2VkbjFiM0xTWVB5YWVDOUlidkhld3hGb0o3TVUwdUpWcU5qaHd0UVN1RmEtTlJrQmZacVEzQlFfRmhZWVliQ3ZBVUZTckpSaWExZ2M3TGdwSXNwS1dOeGgyVG9PbkxaemdfRExvb0JSTmdzdFo3UkZMcTRGSEtpMzd2cThOQ3llM2MxWnpDS191OFlYNmdBVFFXSmZzS0VWUXg0NGM1SE9MMlRCd3RnJnNhaT1BTWZsLVlTZXRJN0h1SGtYdld0ZGJGTi1uNk5QclpURFNrdVpQd2JFTG5QeVVXUHFFTWI1VjhtUzkxUE9DMnNEVDZ3TGI3WUJ6T1c4akZNSnRPbURiV0NuVVlHaU1uSS0zWWpJbFZQOUU1T3RvMEJkckY1N0V3Yms4b2liOWlRbFB6ZUw2SjNoOXFabDhyMVpockF2ekVRRXhjUmJWN1JPODRiQjdKYmNZOTJJNWNjeXlER1gyc1ItYjBlelhFc0FzVC1wdk9HN1JfY09NYnVlZGdMT2FoNlNNdDk1dTdFa1lSb1NmZWFMV2R2V3pabElQZ1AzczJscmJISnpETGY3dl9LZHgzVjRpaDFneW1xdUtJVnRuX1NfREVSRk1Uejg2WDNhbHZCNVpubV9Fd0hvdnktOHhQbyZzaWc9Q2cwQXJLSlN6QVlDemdQYW1HR1pFQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%252526dc_cid%25253D204899594%252526dc_adid%25253D572283934%2526_api%253D%255BAPIFRAMEWORKS%255D%2526_ssm%253D%255BSERVERSIDE%255D%2526_tsm%253D%255BTIMESTAMP%255D%2526gdpr%253D%2526gdpr_consent%253D%2526_abm%253D%255BAPPBUNDLE%255D%2526_pum%253D%255BPAGEURL%255D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI4vuE6u_pggMVB4qDBx3ClwIAEAAYACCKitph;dc_eps=AHas8cBRXjyslzbS49YoNiXkkN4earS_7wA8g4u-hflIzbmvWk0sPI1_lPmxcVHY02bIKrL50R9L;met=1;ecn1=1;etm1=0;eid1=11;
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
107 B 124ms
59ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI4vuE6u_pggMVB4qDBx3ClwIAEAAYACCKitph;dc_eps=AHas8cBRXjyslzbS49YoNiXkkN4earS_7wA8g4u-hflIzbmvWk0sPI1_lPmxcVHY02bIKrL50R9L;met=1;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 9540 0
162 B 111ms
31ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=0&dup=407011fc-8c53-4a36-a843-02b23cd5e813
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 18:49:04 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-11-28T18:49:04

GET
H2 200 dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G...
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
401 B 123ms
58ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1701283744881;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 9540 42 B
64 B 62ms
60ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&sigh=8xMJCfaHgZ0&label=part2viewed&ad_mt=4&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1701283744881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9540 0
63 B 62ms
60ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsszqjoFMjuPgWdFro5nzHyvTn5JqWXXk_Yb32QXsd-MQgg6y9BTq4n_dviI-y58KUGztLxr1eLns-CXzhsLrX4_H8ZdA7rZ-8TaFKmN-9a_osgnNCJpWb2ssPa4WCd_ft-YM3O59mTDl8h6lRZBZZMCKRLpGlB3ECNx47JeOw45Csk&sai=AMfl-YSzpe8IXh12DIBb26n13DcimOHE4cfJTbFUnxecgr9To-RDF3bFRcX8_qx22NbM3gbGSSCFXCnlu_5rw_Gchcyw-lh6WBRO0xTkpQ&sig=Cg0ArKJSzKHYeWn8Cx7_EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 9540 0
162 B 151ms
39ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=10242044&cmp=30443038&sid=5513185&plc=380566222&num=&adid=&advid=10957991&adsrv=1&btreg=572283934&btadsrv=doubleclick&crt=204899594&crtname=&chnl=&unit=&pid=&uid=&tagtype=video&dvtagver=6.1.img&
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 18:49:05 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 11/28/2023 18:49:05

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 9540 35 B
2 KB 184ms
82ms Image
image/gif 2a02:26f0:3500:58c::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=11784158&siteID=N7657.3553448DISPLAYVIDEO360&creativeID=204899594&placementID=380566222&rnd=3423508769&gdpr=&gdpr_consent=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:58c::1ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 29 Nov 2023 18:49:05 GMT
P3P: CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection: keep-alive
Content-Length: 35
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: unsafe-url
Vary: Accept-Encoding
X-Frame-Options: ALLOWALL
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Expires: Wed, 29 Nov 2023 18:49:05 GMT

GET
H/1.1 204
No Content visit.jpg
tpsc-video-eu.doubleverify.com/ Frame 9540 0
162 B 116ms
39ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/visit.jpg?vstevt=2&tagtype=video&ctx=10242044&cmp=30443038&sid=5513185&plc=380566222&adsrv=166&dup=407011fc-8c53-4a36-a843-02b23cd5e813&dvtagver=dvot_2023-11-29_d1fa6c977_7bc8cb9&dvp_cfbs=99&dvp_infra=cloudflare&dvp_zjsver=0.21.17&vstvr=2.0-r&dvp_redirect=1&dvp_psf=0&app=-1&essd=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 18:49:04 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 11/28/2023 18:49:04

GET
H2 204 /
vtrk.doubleverify.com/ Frame 9540 0
184 B 108ms
29ms Image
text/plain 2606:4700:4400::6812:2aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtrk.doubleverify.com/?v=1&t=event&tid=ZW-12000000&ec=vast&cid=407011fc-8c53-4a36-a843-02b23cd5e813&el=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fpfadx%2FN7657.3553448DISPLAYVIDEO360%2FB30443038.380566222%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext%2Fxml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttp%3A%2F%2Fwww.beforeout.com%2F%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNzAxMjgzNzQ0MjgxCmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzc01lWWdTazNqOEdPV0RSOWdaRE9ENjdTU3J5aFVvYzIwQ3RBSGMwZk1FanFCYVZxTU52WjFYWHZtdDhZMVo0MGdpMG8xUVNKd3hvZ280SWdXWHBGbjhxSjF5RGE0U3ViS013OUdrTG5kd1hlTFRCRFZxVGJjeDF1VlV4eDZKRmlYZkh6aUZKdEtESktzT003ZzdRWmdaZVpOU25RYWVCYWFETHBVemNQaDIyRUhBc0tXYVFHREJIVXFUSWhIZV9PTTZ0bmZFS0ZIMDJzQ0lON0tPb1JYcTVSNHNRY01HOW5hdDJsVkc0V1k5SFFPVGEzczAyUjlwT0ZWZUhfZ1o1X3F1ck1MR3VfWGtJNFhEbVBNY3k5VWtjUkdnTV9Oc2tnWTd5dGNzQkFkS1c2UnYydTBxX1JMX0locWtxUVlwZ0tZUmxiS0Y1MWI5NmptME5HbndnRWszSUN5Q3BsS3FsTVAtcEZfWldHVHotY3Y0d2MtdlZyS3cta1UzX2lyRG1UV0VyeVMwbkc4TFc3M0toRk9PZUNUUHpaeW1qZjdBdTlvZGdhZzZ3SzBJNWEzTDFLckZMNkJJNTlFZXBRczhrQUZaNXd6eFVXa2NDRm9LVFJZQTNaRE0td3FLRDg4R2RfQm1VT1NLbHBiVUJJcFR4S0FuWmRQbnN5QmJ6NHJBN0xIMEJIYnczNVE3TDEyQVdVdW0tRmNNa0QyUnRIQ1g1ZWV3bjdOTTZEcmpteXU2ODRCUnl6UG01WktqSzJ6QXZFVVY3VEs2WnBJNm0xakVpSk0xb01IUllpa0dZMVhMNHVsZmpUTHRndUxrSm94VGdWMU42V0dBa01zWmdyTDlZLUJFNXQ5S3BxeEIwaEJfc3B1SEpETHdnQldLWFl4Y3BlV293SkR2cksyZ0lEVUpxN2pfQjJXUGNRdjA0X2NBS1R0cV9sUmpyZktUaDlLaDhwVGJuM1dyY21KY3VYVll3bmdaZlE2cDVzMVlGSENndFVxaEV1aGFLRE1mZlZDZzFYWlZGTmFGLUJsX0tFcXFEVGFybHhrZmN2ckhyWHhRMXJqOGdsb1d6RHpGSWE4VXg3cEcweWJkZXZvQXRDSXhLaUxZd3RqUzJQOWNXM1VrM1VfY2ZHNlNmNThSa29MMEpISElNV2NQOGhDaTFnWmNQc1QwYWYxNndNOThlRWZfbHl4S0hLWXJCZVVvekVrRlItQmlFNE5CZ2l5RWNEa1ZYdUQ4UVZqYkd6bHkzckF2dFBucjVXM011alBTcmNKcHIxbWZ3WmFacTZhMTlrSEltOHBncWpkS00tUVdvZ3Y4Yl9ELXl6RTZ6ZG5nNXB5UjFXaTZNMGFMOG55V05oX0lYNWtBUUJqVDNyY2NsNll5WTdYZ3ZjRUtpM2VkYmRYcFlJc2xlTlFpZGR6WW83bEJRdUgyeUU1VUNzM2tJQWs5UjNJcl9YYk9xQVFma0VsdmEycE80d2IyZ2ZNa0V1djFVUWpSS3diODlDN2VGVU5HNGI3bFN5MXRKbWtyYWxscjF5b05EYUg4Nlc0UE83cENxd0FjalhsUXMxeF9KSG5kbUhBY2VkbjFiM0xTWVB5YWVDOUlidkhld3hGb0o3TVUwdUpWcU5qaHd0UVN1RmEtTlJrQmZacVEzQlFfRmhZWVliQ3ZBVUZTckpSaWExZ2M3TGdwSXNwS1dOeGgyVG9PbkxaemdfRExvb0JSTmdzdFo3UkZMcTRGSEtpMzd2cThOQ3llM2MxWnpDS191OFlYNmdBVFFXSmZzS0VWUXg0NGM1SE9MMlRCd3RnJnNhaT1BTWZsLVlTZXRJN0h1SGtYdld0ZGJGTi1uNk5QclpURFNrdVpQd2JFTG5QeVVXUHFFTWI1VjhtUzkxUE9DMnNEVDZ3TGI3WUJ6T1c4akZNSnRPbURiV0NuVVlHaU1uSS0zWWpJbFZQOUU1T3RvMEJkckY1N0V3Yms4b2liOWlRbFB6ZUw2SjNoOXFabDhyMVpockF2ekVRRXhjUmJWN1JPODRiQjdKYmNZOTJJNWNjeXlER1gyc1ItYjBlelhFc0FzVC1wdk9HN1JfY09NYnVlZGdMT2FoNlNNdDk1dTdFa1lSb1NmZWFMV2R2V3pabElQZ1AzczJscmJISnpETGY3dl9LZHgzVjRpaDFneW1xdUtJVnRuX1NfREVSRk1Uejg2WDNhbHZCNVpubV9Fd0hvdnktOHhQbyZzaWc9Q2cwQXJLSlN6QVlDemdQYW1HR1pFQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D204899594%26dc_adid%3D572283934&ea=impression&cm114=0&cm115=0&cd101=vast&cd102=src&cd111=wrapper&cd112=csu&cd117=-1&cd170=166&cd182=vpaid-transformer%400.21.17&cd188=FRA&cd189=cloudflare&cd190=10242044&cd191=30443038&cd192=5513185&cd193=380566222&cd196=3&cd141=%5BAPIFRAMEWORKS%5D&cd142=2023-11-29T18%3A49%3A04.887Z&cd143=2023-11-29T18%3A49%3A04.887Z&z=98849034
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2aef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 82dd074e1b6f693a-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9540 0
65 B 68ms
66ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuwRbsTfF3lXl8sB9jJg2Mylaq8TkPLjc8jE2PmucK4m49JHrAmw7seYlFOmSJuGBKU7NK3kSC-FR4aHqdnoNWjTaK93PUcPrw_2R8b7T0rzax9vocs9DcRMQR4r1QTcHXcqtsGvGCYhEfVIHOxeKA41EpQBuk8AuLjX1yyOCPwKK0MvCEXIdMiGOsIr-AzZ7uSQdoxHVT9GntpsbyQchXx9rswcwLW20B1FKNh0XqVFGY3Omfvw16Csc0eH9EO9G1h3aQ37DMQT8MkgbcoD0OD6u8b8yC7zByOxE7EtSy6LV5jHlo9svujXzqJjZOl4rVVubAcuR6n_aPZSzm0xGkaRBSv2vRbHnrLYmx-mgKRNhpfyPSr2rIR45GSgTw9teew9Du1vJPatbTRxhUDHH3vWvDjbxqzkybJvfiW2P2U63P6qFvZ1uZV182NCjZFnK3Ut_Ux6R_3AM1gTFfx5tx7eSYx92krwpeJnMw7aqbe9ISfUBYJ3oX7RWLu7WueAfK9REuBYI1KoyutIaPyKBGI6gcwpsSHCUIOihjFZPzMbPmo603jkt6MuXENLaec6iJbCcpTQOoktmacnC1jKKlT0IEmdwO3U17aBbsdZFa8WgJ5SveVIE-byDPFC0Fbfvusl0cFxv_I_RdKc0ChwVdVsE5-9ytdf2tMLPBqS3yVOUJp0lHVo7VhmMX7_FaJby8D8I-9JUsN6XOSsf3zKPAN5wWdW8vlyI7ceqW4pI_gM0LJKWIWDFFxvykanljNFwUUo5nr24FxUOCtgy6fDBNKEIxHM2Q7BqCOl1xC72v5t-VA8rP9JJMyMy2ImWE-OjfKYOPc6FGyqgVZ5saTfFfi_LVWhNmuve9VzsxR6m9cUqiIXFLe0ONTF9-edJuGc9nXKCw7re44syqIyA_h10RqDK-s7Ux8gEw1E4tlZfBXLgTpU0YVz_6AmjkEHrg4qN9Qb6zgmLMY5hkI1nkBX790oodlTSreX9HiPp1g2v1tw8Dopd1cZPmblnA6oGYjb7P9kcKohI_fRTvZuGI39BnVZaMG90wgfMGg1y4P_kOMJbbzZ2WqpWqqOvj4VjmOzreLKmiq1HEy1qLcs1zB3JWBn7ui-M2316zT9TOS5vRsZx8tdY5f7ua-PSQM6iaNHLFJnlWL-LIN0gJLqTMLHMW9PmI0Jq0Y1njbLvl1qCTT-LX6rsg3ZeJ5jxN90giGOZV5YraQhpk9Nlhp2n8-EOO6X_9jut5jSeo5e1pvRNcXbBoCmwzNSOPZDUH0NhLh7nliYv7hrhBYJqMdMbnR5o_y0x8n7le8BLGLdH2YLQfmGP48nEUvESk&sai=AMfl-YSYYxflcMa8uA3d7zOWSazCAbF4QCj742HbO65KTkU_cpled-Vorl-GPFstV8kcXPOCQCdtO5SzL_KRx7ig8sL-xp64eX0F7TA1qrwNZ73XciR_wIKy26Pk-WrjZZOkBy53M3yKQ8c4WntsqC6_-Up5up6EFuZHTy-Egh0g2ISqeDapC63mYOc4gxKmUkzcduMW0ZDjaeaVa0FhOavUCoedh6ytcVlGGNxe5ZHrQ4prhxEdGVPSqhAmEJpHFQNR4yvtEwpkKTdf0NEVpDxRySsP93zQ3yenB58sug&sig=Cg0ArKJSzAqqXVjG7zt6EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 9540 35 B
2 KB 177ms
87ms Image
image/gif 2a02:26f0:3500:58c::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=11784158&siteID=N7657.3553448DISPLAYVIDEO360&creativeID=204899594&placementID=380566222&rnd=606980898&gdpr=&gdpr_consent=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:58c::1ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 29 Nov 2023 18:49:05 GMT
P3P: CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection: keep-alive
Content-Length: 35
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: unsafe-url
Vary: Accept-Encoding
X-Frame-Options: ALLOWALL
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Expires: Wed, 29 Nov 2023 18:49:05 GMT

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 9540 0
16 B 62ms
61ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJyAIxC6hdDWAhjZnJb9ASABMAE&v=APEucNWup06YpFO3r6ry9mWrjNZYenNdVzXrsDrGPBVrjAgRWhOiUNq4otayWbxeD5bo6GTGuc2bP6ROnr53iv7uLUPMIBWBKQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9540 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9540 42 B
64 B 59ms
59ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7ZqHhDPk0aN7x6fKM6ZG67hiztyksXd5QNm-fxrkyNa4w2wjj6s21CwYl0ZR9Lawh0CO4VwRZ4qfIFLzrQtUtN-5zw8C3Fx7jP5S07O7azz1v5iSILXv8xEU3ClYKZKo&sai=AMfl-YROOcZstUpI2dno4urSzoDK8qB-jhsH5gIsauGVbQCCmk8C5VNYretx2EpDRDfz7JBOEBoLubGUVM4xLSukN_lz7UpVbNI3P8RC3LlMK9kGznt63pgI8-OSUxVVN6F-S7Z7Luqhb_b_f_cvNxaX4tPD1FLbLFciIHg&sig=Cg0ArKJSzNQO1zZrdupEEAE&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D4%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1701283744881&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 9540 42 B
64 B 58ms
58ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&sigh=8xMJCfaHgZ0&label=vast_creativeview&ad_mt=4&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D4%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1701283744881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 9540 0
17 B 52ms
52ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=7~lpk4eyw3&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2074&mt=video%2Fmp4&vs=1024x576&dm=6000&event_name=first_play&asset_bytes=215318&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.1ee~ff.1em~videopreviewstarted.1en
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 61ms
61ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=4220443653273820&bg=!xsWlxYrNAAZxrfrxUa07ADQBe5WfOHu2kSlh3C6AmSf8Lvn75t9bNJWVwm9aRiSsMGnLVw7cY09B3DkVXC_afGzT5UlFAgAAAFFSAAAAAmgBBwoARuK5Za1btYISa8T52AmJcVL-SXWx1YE0M8BMRS0nKeKCONMKVyjRBM2_Xwf8OvTpeBmXWxczAmNHP1EBYD8S5VBPKvLAcLiZAsp5W0YjjxCvtR7Qj1h1lT6nLAXnUrxaExx14Z02buU6J-SgI5P9Xb0pFpQuiNXAkLlnOoXq_4rfUwYxUcAV8EAacU77AX9we4IbAjjftSB6CNm0igsRwNcJaE0r67K4Jlaru84U3b1zvGFuFkYfUb3I_supdrTLHHqTNmjeTpDPdetdEbYRxZdEUz_pEdZahsyGxQ-Z2Rh3-Zv2cQVs0elt6mDb9Ha5nQYhQArjorshVVsR7ZTV63hhxCdh-mxA44FthWWIrMKz4kymcuIVYOVaKPyib42xJXMV2nQ6WHcJoKbkzZ1QdP0rBUI0c7gxoDGIw8A3PaKxQNPFVaXaFVMnAHqHzHJR45vJBax7QfPRAG2FDUmxE6SSqM266oVnA3BSPpdypSbqKLxo9XOtqSOJAMnzxN0bst0f8LdQ9eU1CpWsNWgy_zvPrz0izjU4FYd5AO9yLa6Ci7Z5SRWL-vaxw_Og1UA7T7GgOWjQPqTzuy0nRfJ6yZPE96q11on7L2SRqD-VkJOdcy10hZh663XzKZtIxJwLxCD6FUiaSBVFG_lEUlZ2W0dXkInMMMet61YFgxPKINlDWfPH8gMk2UoFiWHjzvE7XPdwQp8JNNdAieJ53y8erpUj-ozeJ9LexTSb-m8N8_DtAgLunT2h4SpX7Cwwrn1E8cZpSkt5iwgGYuiqxstUWlv_jZtlNvRucdqg8h20mScwg5piQ1662FbyASaDBQNAaoDW-xMbE0FLEjMxRFMfBEIxZy0qIM7gu_CimLj3Q5JeiVaUiUFP5_cApTIF-PGwUiwznVF_8wsy5oSjzt3tfqshqFotOiHnEqYDuRKVRrTvjOazHct3MNPyAbmaBiRVlJVG-7qlIzniqdBT6s0ziqL-t88CvIWQqhtIaj2UbgmAq7Xl5PdridgXWMkyOZCmhLArjJB-lO7vEYW-M0fTmKZDVkw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.beforeout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B712 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1171168359953&version=m202309260101&ct=76&x=1&cor=4381121664958547500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0549 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7443036629281&version=m202309260101&ct=76&x=1&cor=6029218334113285000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0549 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwJVdP3xNcObZhXj44Ppwy1i5mJzL8mZ4eZ2mrTi-vdais1CTQN1EMSeXW-YfpZeaM2k6pP1EBz2ATJ1FUT9PG3sgqELeHJqWJF9BXt0hrXKtHdfSlD0HK7Rf4fvinU3Cn2jduFJRsEMj-&sai=AMfl-YRNW50NyiLvntVtGQ4Y0bIC4X67svrck-6omoSRmfv0nl5JcM-Q0reQ8cLPzaEK5Qjnl9PFRVcYCO-vdhSHutmmWztTXaFQhP3mi8wJ0N2rTtncDpcCPOdswQ8gG0sYr2GRBjCOZN0Z6S8VXJYoW3r-O0smVqERMuw&sig=Cg0ArKJSzK1S90VlJ41MEAE&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&vs=4&r=v&rst=1701283743975&rpt=341&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B712 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss91VnNpIT_PKlp3cyZkBHXiO-FPPuw_fjGpXbAVqe4siq4hryeJHg70A4deSVmVC0hQlGcMrmuUNLh65fPo57V-dK678w5sL0mlMs-siLgPpTSwg-VJ1SWAKuU2eRUY0HUIJ2N9RKRa1DU&sai=AMfl-YRFvXeW6HmPC9htRg_bIIa8uKMm7U5aj_n4dnzL1vgQXZxvjpN-W5YiN9Rdhxu2_Ul5vEzJZVfW9QKnE5rvgUeSyLBvzoNqYhx8IkwlvX7ucJtlaCVuZbaKo_uY01EV0lEIR-6mOjkKob3XCCOMmzCyF2BGTbLkLdw&sig=Cg0ArKJSzMFOg0B_iYVDEAE&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&vs=4&r=v&rst=1701283743956&rpt=358&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 9540 0
17 B 52ms
52ms Ping
image/gif 2a00:1450:4008:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&puid=8~lpk4eyyh&c=6386588196123&slotId=3193294098061.5&qqid=CNXTsunv6YIDFU89RAgdit4Now&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2074&mt=video%2Fmp4&vs=1024x576&dm=6000&met.4=vfl.1hx
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4008:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI4vuE6u_pggMVB4qDBx3ClwIAEAAYACCKitph;dc_eps=AHas8cBRXjyslzbS49YoNiXkkN4earS_7wA8g4u-hflIzbmvWk0sPI1_lPmxcVHY02bIKrL50R9L;met=1;ecn1=1;etm1=0;eid1=960584;
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
107 B 60ms
59ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 9540 0
162 B 29ms
29ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=4&dup=407011fc-8c53-4a36-a843-02b23cd5e813
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 18:49:06 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-11-28T18:49:06

GET
H2 200 dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G...
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
107 B 59ms
59ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,169,119,378%26tos%3D1373,0,0,0,0%26mtos%3D1373,1373,1373,1373,1373%26amtos%3D0,0,0,0,0%26mcvt%3D1373%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1534%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D201%26dur%3D6016%26vmtime%3D1538%26dvs%3D1373%26dfvs%3D1373%26dvpt%3D1534%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1373,1373,1373,1373,1373%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1373;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1701283744881;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 9540 42 B
64 B 58ms
57ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&sigh=8xMJCfaHgZ0&label=videoplaytime25&ad_mt=1539&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,169,119,378%26tos%3D1373,0,0,0,0%26mtos%3D1373,1373,1373,1373,1373%26amtos%3D0,0,0,0,0%26mcvt%3D1373%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1534%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D201%26dur%3D6016%26vmtime%3D1538%26dvs%3D1373%26dfvs%3D1373%26dvpt%3D1534%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1373,1373,1373,1373,1373%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1373&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1701283744881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9540 42 B
64 B 59ms
59ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7ZqHhDPk0aN7x6fKM6ZG67hiztyksXd5QNm-fxrkyNa4w2wjj6s21CwYl0ZR9Lawh0CO4VwRZ4qfIFLzrQtUtN-5zw8C3Fx7jP5S07O7azz1v5iSILXv8xEU3ClYKZKo&sai=AMfl-YROOcZstUpI2dno4urSzoDK8qB-jhsH5gIsauGVbQCCmk8C5VNYretx2EpDRDfz7JBOEBoLubGUVM4xLSukN_lz7UpVbNI3P8RC3LlMK9kGznt63pgI8-OSUxVVN6F-S7Z7Luqhb_b_f_cvNxaX4tPD1FLbLFciIHg&sig=Cg0ArKJSzNQO1zZrdupEEAE&cid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,169,119,378%26tos%3D2173,0,0,0,0%26mtos%3D2173,2173,2173,2173,2173%26amtos%3D0,0,0,0,0%26mcvt%3D2173%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2334%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D201%26dur%3D6016%26vmtime%3D2340%26dtos%3D2173%26dtoss%3D1%26dvs%3D800%26dfvs%3D800%26dvpt%3D800%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D16777217%26cs%3D50331923%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2173&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1701283744881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMI4vuE6u_pggMVB4qDBx3ClwIAEAAYACCKitph;dc_eps=AHas8cBRXjyslzbS49YoNiXkkN4earS_7wA8g4u-hflIzbmvWk0sPI1_lPmxcVHY02bIKrL50R9L;met=1;ecn1=1;etm1=0;eid1=18;
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
63 B 127ms
126ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 9540 0
162 B 258ms
257ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=6&dup=407011fc-8c53-4a36-a843-02b23cd5e813
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 18:49:08 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-11-28T18:49:08

GET
H3 200 dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G...
ade.googlesyndication.com/ddm/activity/ Frame 9540 42 B
63 B 157ms
156ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIyLf06e_pggMVRFL2CB0YJgy2EAAYACCKitphOhoIuoXQ1gIQ34eqxckEGL-kxOMDIL7S58OIEkITCNXTsunv6YIDFU89RAgdit4Now;dc_rmcid=CAQSTgDICaaN2vG92PUTU_ayfd0zzWTUT67sS8IG-Jg6A0aPVjcI5oHYpWOD3Cq4WGpwDUQsB3G_YfPVCrPg2KdszegRamr8XXuSkSz95I3NahgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,169,119,378%26tos%3D2964,0,0,0,0%26mtos%3D2964,2964,2964,2964,2964%26amtos%3D0,0,0,0,0%26mcvt%3D2964%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3125%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D44%26pst%3D201%26dur%3D6016%26vmtime%3D3132%26dtos%3D791%26dtoss%3D2%26dvs%3D791%26dfvs%3D791%26dvpt%3D791%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D512%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1591,1591,1591,1591,1591%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2964;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1701283744881;ecn1=1;etm1=0;eid1=18;

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 9540 42 B
64 B 69ms
68ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CGDHgn4dnZZWIC8_6kPIPir23mAqP95XDdL7S58OIEmQQASC37-IxYJXq-oGUB8gBBagDAcgDmwSqBJUCT9CotckuPFzdU2KeztJfQWbc9bPYYHo7VPn0pppllbrOyA8Bwgbz7LHITu2DkaxM98NXBCSs-zMDHUhkYv0hW-LF4-gB0AoWzKTUrkG7OwD-5NDnxKnUa6_W4aXDsWsvsL49AzASxK2w5QyN2N3NjxXopChO4vCWT9VAgD5wMNw-rrjxXlH3nBGGFkhZsR9tyozIlLYFh5v3daLyK8LfkW1hLfoTluW_SC-hcdLRkM7tlgRDvsDcOVlHJ3-q7WtrwylFosso3FgWkrpuHwPIzrpY47aUoXTSsJjF93WCY8dv_ZKo3zVhhTTaaRwPRadh_026EFlJCzZmRDOygWJ8mrDdG3sJ_EpWJ5hyM3EQXyIsEcCQu8AE34eqxckE4AQDiAX-v5bJTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljH163p7-mCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUAtgUAdAVAfgWAYAXAegXBQ&sigh=8xMJCfaHgZ0&label=videoplaytime50&ad_mt=3133&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,169,119,378%26tos%3D2964,0,0,0,0%26mtos%3D2964,2964,2964,2964,2964%26amtos%3D0,0,0,0,0%26mcvt%3D2964%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3125%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D44%26pst%3D201%26dur%3D6016%26vmtime%3D3132%26dtos%3D791%26dtoss%3D2%26dvs%3D791%26dfvs%3D791%26dvpt%3D791%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D512%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1591,1591,1591,1591,1591%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D8357975%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2964&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1701283744881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 18:49:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.beforeout.com/	1970-01-20 16:35:05	Name: xxxsskguid527 Value: cd7ab1c3-bec2-06a5-a2c5-9c8b30ebd122
www.beforeout.com/	1970-01-20 16:35:05	Name: lastlocation527 Value: http%3A//www.beforeout.com/
.doubleclick.net/	1970-01-21 01:56:19	Name: IDE Value: AHWqTUm-wAD_D5bcvh3qIKQAJWU2LBW6C_WEkEKNvBMY4lA1WHdvpH4xOPJClPxF
.casalemedia.com/	1970-01-21 01:20:19	Name: CMID Value: ZWeHoOY17IlISJKmWHi2vgAA
.casalemedia.com/	1970-01-20 18:44:19	Name: CMPS Value: 3170
.casalemedia.com/	1970-01-20 18:44:19	Name: CMPRO Value: 3170
.beforeout.com/	1970-01-21 01:56:19	Name: __gads Value: ID=46d93c3a96cb8a30:T=1701283743:RT=1701283743:S=ALNI_MYIVnLHIBcm72Vt4VhcLOEi7DkrRQ
.beforeout.com/	1970-01-21 01:56:19	Name: __gpi Value: UID=00000ce1aad79f44:T=1701283743:RT=1701283743:S=ALNI_MZrBy96CeilRkqRK4FO25tSegFZ6w
.adnxs.com/	1970-01-20 18:44:19	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>0mSaPJ!]tbPl1M>e)ZlrFUfJ+tGXxoPZ2+_ZOrYN<BHhn[L#d5JG4STC_K?pL+tYHbpRzqF1`b_=N)v^M.
.adnxs.com/	1970-01-20 18:44:19	Name: uuid2 Value: 6091453952632708418
.doubleclick.net/	1970-01-20 20:53:55	Name: APC Value: AfxxVi5N5ESSAru3ROLiy2ndR1yrf58hIe60YiTjbLYF_0Lr-356gg
.adtriba.com/	1970-01-21 02:10:43	Name: atbgdid Value: 2d21c712-ca4a-4379-87bd-823e5ae1d59b
.insightexpressai.com/	1970-01-21 02:10:43	Name: IXAI70510 Value: FTF
.insightexpressai.com/	1970-01-21 01:20:19	Name: DW_Time Value: 1701283745
.insightexpressai.com/	1970-01-21 01:20:19	Name: DW Value: 00000000-0000-0076-df09-e11701283745
.insightexpressai.com/	1970-01-21 01:20:19	Name: TID Value: 00000000-0000-0076-df09-e11701283745

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ade.googlesyndication.com
bid.g.doubleclick.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
count.xxxssk.com
csi.gstatic.com
d.adtriba.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
pagead2.googlesyndication.com
pic.beforeout.com
r1---sn-4g5e6nsr.c.2mdn.net
s0.2mdn.net
secure.insightexpressai.com
static.intentarget.com
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-video-eu.doubleverify.com
vast.doubleverify.com
vtrk.doubleverify.com
www.beforeout.com
www.facebook.com
www.google.com
www.googletagservices.com
104.18.36.155
119.28.16.172
130.211.44.5
139.60.161.80
142.250.181.226
142.250.185.162
142.250.186.70
172.217.16.194
172.64.151.202
2606:4700:3031::ac43:d208
2606:4700:4400::6812:2aef
2606:4700::6811:180e
2a00:1450:4001:63::6
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2006
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a00:1450:4008:805::2003
2a02:26f0:3500:58c::1ec4
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
3.123.186.116
37.252.171.149
43.154.91.28
64.233.184.154
0005a9ae18f3b5cb95b9fc05855604348d45854e4a71538ccf03f47e4a8d4947
003626a91e4224455a9749ef15b4bb3b2bc76d827712167b2932c493e1891a20
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
028996f94e2f0b9152c683453e70613e942cd9133713bf79b35bf3fb3380d973
076d642726f5eb51481c7715bd4e428163ddceca4df953fd43e58b9fa09f8b57
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bbc958f25216ff5c2fe09e3acae81c47b34b1308a1899b9f4444b4577bd2204
0c1cd3389ff6be7c76051cff06321224dd926c1a5d70d7a22aeb15acc7e2c302
0d9bbac10d7ddafa894b7382fa4eb798243d986e1a94fab2ba5d96573363cbb2
0dcb55e52791603a4d8e9e2093be3ce90feffb0725dbf1dd012db8d15e590ff2
107ca278aeb4fee5843e841d05880d377a1f1b887bc4d1f164ac57ec3dae3af1
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1c3d877d7c88c7afc3b7a221875d4629a2a68b4f1287370bbcad1b8ba03f27c6
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
20155aac4b10cd62ea67ce2179e59c312104c43db0f292fa042f411f3eb35d34
22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8
28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b
2970fbdbec66d709f58d250120791485159c5f2d91837efc08015f59fe1a9190
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2b0e9f761266ecee6bc574f4611340b3eebd332a1817313e2541126349bd10c9
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
348b3c95daa5a7b6068804aff6dd4f7cdecc25010eaff48fc4b9c90148e1b7af
35bd0e0f6355f2090389efa56bb4b8ad1c854dcd8f58dd46fabe71b21629c739
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3bfe63a441a2059439cdbdf3c67fc19887b7cd16cd8abc87b741f255aaddd864
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
4245858d3bdafb53a75d02f84a7eb56c211bada3da377a13802777c05d25035b
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4391971c3ad563f8b8a385ff3acab20d716080862e8d6c3d5e1e0d13afc213e0
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bf4ac09d0875116b852e903eb2c170ea19c8863eeb6ed687c2d88eb9dede93a
4ff5292e5440cea62515da6e7b86b6571205e0248ee4afc84f82156ef4c8003d
5501498a453b4acc4caef1891f9080c2bb35c61a09d605b5cf62d2fd70233b58
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55cfd8d5a1302f51b9eecbcbf943f9d8d0298ecd4b93e98af3cc5abfa32bb049
5c65245690f89ebeb16a143e38ff17f98610c7c390258349131ce806030425fd
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
64b7698263dfebbb3c0a29b8fdfff9fcac2712ebb96e6a0e9e2eda3e20fad2c8
66787c9f1fc9e289c4c2e0eaf282a48e6cad08b089d01c0e22941936e6246877
707d673cf249a44dc5052ff3ba6bf1e7cd70968ae9c35f329a4e77b81aebe392
7612c5f07834881b134cc16bbc232fd0512dfc24830cf00b989c9ea796861093
7d6d9bea8514ef31d3ebca98fde7e5e43147c53ddc4185e852efbdb501bf4834
81fe36ae60a892e03c8bb7b92325cdf1b8d5a9515ee9217e8cf71b3241e0f123
832584b85607234b4469d6b788fd6c72935f794d8c8e8513b34cb3d945461724
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
89acd13d7e44059c48762d598462deb5ceeac59aee49a3094381d3a3a8d4077a
89b55b54d0def6ac799d6347583bdd7887883d9154e4faf390d21f23228478d1
8c3b28a9e6529041cf0eef8f276221f3a0b44ddb15b31384e4cac09f5049f65b
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
90677c05e184d5e0b0becdcfa850900703dba97da0ecf143fcbb469d987fdc41
9682aff0dfb2932f5273721abd9190df39eeb0f42c37a24566aa4ac5753219c1
98088b111a40a403858b806584046bc19ca889ed2a96002dbb67631365e7655a
986ba57bd8a40f6db1d093dfa660db96bfdcc3a40dfacfa5326829f2c6903405
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9e27d3cc1c147eb1a87d454f3d8f8fe44594d570ab500f55539ef713c664597b
9f4e30ca8e31b99a6672e2a6a9b0e498c50b1aa0a3660a258f53b47e6ae55e55
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a03695035126cf434b28444d4db969710ccf8d9fb45c10f6d4bd6e4b35236cd8
a531b7056bd61a8f5e0beab3081f6df46976d3fe26baff449a7d44105ec0abed
a6bdc585c3b518451b10670d9ab66312b6adc5090a09b37fbcc8faccbf8050d6
aca1df6fb68584fbe9dba66bea256334c075056b76a76e0f0d46eee8d6ab4c2e
acb93883449b830dc1f167ebc96e36c56f2a600fb6c148f4bf58989b3ebe1aa7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2f660e43fc4fc902eb18db871351ff91c21a64232daa33b9ffed2f85b4ad653
bda081602a3c75358275709c5e102bd5ca3ae0801f331e9c22c60e59908cd7da
bedd982cf3579291a3b2e8a3fd1979a278f001204b8420b43b014be9f4d886ea
c0de6043a752abe45ec46b7a17d89e25bd49b6026bc4b3d7f166478ce7e4ee3d
c24a32711ea331375ea7ced3051d70d5d8d4e1867e6c7bf6232141f4f4640cdd
c406ab20ef9a8e8589236f9a4bd5e78a0f228a6182ff4d5d1b209da93b1807af
c69ac6c4f5f3b640052eb9f35cbd47ec9ed1c53caf898554487741db50b3d0a8
c69b71f6c8f7565b06dbb66c365dfc4646016170d64b915f83c7d6fa3e774c18
c88cda9e285d02910c2022112205f2dce3d13f53d5742bdc1cb2e1c8b09b5fdb
c99565f5e053982ec48bdfe93e09091890612398d52cee668e87720175262882
cc805c5b4fb2e3ba3124f64a44760c47e3a9a6b6d932337e2f88a93dffc0f623
cdebc15059d89fe3290681540638720f33f8fa1d991e90f57218b10d7c2fc869
ce0322b200a5c8dc72040c6ffc2ce323975c0b12c66e3149779a71b60850661d
ce3e08db332ad23880088c76b9a006bb7bf10828fa9be3e5ad04e4dd81820e08
cf59d5514762293d74fdd47e4d791e9192d7570a92445173f8b370c4e66d7b04
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d3e3d91c1049ef2c6fe0a210bc08b1a8f094c41687ace751adf3e5135220fefa
d476e5a745310adec1e9711ec14bff34eaece1876095cb1b43f4eeeef1439f00
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e9ab27e6d1b54c4cd8052bebe96bcddd2b88309f1b96d32d5b7110cf51d813
e4f648c93003eb7dbd29f5d7edc29509b62d9dfd50dda533b217ed58debdd65e
e870ca4631b981754a48b0c4bfd347ef86d10a5d716c4a3c91799b0c55a2c915
e93636d3ef399dc7d33a87e01495e525303cdcb7f443dbfa77f05e4c80825407
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f86dce0aadf07f7b0bcc69605afa242126278c08b448af8731c4100f3144ccf3
f9e8bf5919cfb25f76a2ba0126e58158523e8a5f035a1f20251edb6227a73c20
fee66174a561d617cca0350e37df79812974b0c09021a75a117bb454c860ed8b
ff060e584f8a383678aecc2b9bd77d8de26f6f165a1719db70540ec43044665e

www.beforeout.com Open in urlscan Pro 43.154.91.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

175 Requests

65 %HTTPS

58 %IPv6

18 Domains

32 Subdomains

31 IPs

5 Countries

3397 kBTransfer

5627 kBSize

16 Cookies

1 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.beforeout.com Open in urlscan Pro
43.154.91.28 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

65 %
HTTPS

58 %
IPv6

18
Domains

32
Subdomains

31
IPs

5
Countries

3397 kB
Transfer

5627 kB
Size

16
Cookies

175 HTTP transactions
3 data transactions