wsend.co Open in urlscan Pro
172.67.69.204 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.wsend.co/966542211070
Effective URL:
https://wsend.co/966542211070
Submission: On October 13 via api (October 13th 2023, 9:24:19 am UTC) from RU — Scanned from DE

Summary HTTP 57 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 11 domains to perform 57 HTTP transactions. The main IP is 172.67.69.204, located in United States and belongs to CLOUDFLARENET, US. The main domain is wsend.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 1st 2023. Valid for: a year.

This is the only time wsend.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.26.7.159 104.26.7.159	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	172.67.69.204 172.67.69.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.18.8 172.217.18.8	15169 (GOOGLE) (GOOGLE)
14	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5	172.217.23.99 172.217.23.99	15169 (GOOGLE) (GOOGLE)
1	172.217.18.14 172.217.18.14	15169 (GOOGLE) (GOOGLE)
1 6	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
13	142.250.184.193 142.250.184.193	15169 (GOOGLE) (GOOGLE)
2	142.250.74.202 142.250.74.202	15169 (GOOGLE) (GOOGLE)
2	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
4	142.250.193.163 142.250.193.163	15169 (GOOGLE) (GOOGLE)
1	66.102.1.156 66.102.1.156	15169 (GOOGLE) (GOOGLE)
1 1	142.250.185.174 142.250.185.174	15169 (GOOGLE) (GOOGLE)
3	74.125.11.103 74.125.11.103	15169 (GOOGLE) (GOOGLE)
1	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
57	17

1 104.26.7.159 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.wsend.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.69.204 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.wsend.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wsend.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.14 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.184.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.202 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.193.163 (United States)

ASN15169 (GOOGLE, US)
PTR: maa05s26-in-f3.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.102.1.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.174 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f14.1e100.net

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.11.103 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s42-in-f7.1e100.net

r2---sn-4g5e6nzl.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	385 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	124 KB
7	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 bid.g.doubleclick.net — Cisco Umbrella Rank: 1020	89 KB
4	2mdn.net 1 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1392 r2---sn-4g5e6nzl.c.2mdn.net — Cisco Umbrella Rank: 920192	945 B
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49 imasdk.googleapis.com — Cisco Umbrella Rank: 498	134 KB
4	wsend.co 2 redirects www.wsend.co wsend.co	9 KB
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1200 www.googleadservices.com — Cisco Umbrella Rank: 153	601 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	59 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	240 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	83 KB
57	11

	Domain	Requested by
13	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com imasdk.googleapis.com tpc.googlesyndication.com
12	pagead2.googlesyndication.com	wsend.co pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
5	fonts.gstatic.com	wsend.co fonts.googleapis.com
4	csi.gstatic.com	imasdk.googleapis.com
3	r2---sn-4g5e6nzl.c.2mdn.net
2	www.googleadservices.com
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	wsend.co	wsend.co
2	www.wsend.co	2 redirects
1	www.google.com	tpc.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	wsend.co
57	19

This site contains links to these domains. Also see Links.

Domain
api.whatsapp.com
www.un-web.com
www.wmadaat.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-01` - `2024-02-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-10-03` - `2023-12-12`	2 months	crt.sh

This page contains 9 frames:

Primary Page: https://wsend.co/966542211070
Frame ID: 6E0CFE8E1413D3E302649338C0AA89AE
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231011/r20190131/zrt_lookup.html
Frame ID: B05F317CFF7BCA5195AE9EB33F371DFD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&adk=1812271804&adf=3025194257&lmt=1697181854&plaf=1%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x1080_l%7C236x1080_r&format=0x0&url=https%3A%2F%2Fwsend.co%2F966542211070&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054404&bpp=7&bdt=831&idt=177&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4495472453491&frm=20&pv=2&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=208
Frame ID: AE3FDC45986F50CE047A015C886C74B9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=8638372222&adk=2644286354&adf=2420951037&pi=t.ma~as.8638372222&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054411&bpp=3&bdt=838&idt=232&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=338&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=G0SsSvYfUu&p=https%3A//wsend.co&dtd=246
Frame ID: 55B00F9C4C918C3B645C78CFAC5A6BEE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=4399507564&adk=2159958853&adf=515906585&pi=t.ma~as.4399507564&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054414&bpp=1&bdt=841&idt=252&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1090x280&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=1132&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=GsGIACRxta&p=https%3A//wsend.co&dtd=258
Frame ID: B359F251137BCBA535900B5F127273FE
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QVp2p3XlSy0Ioz_C1lJtz692ywMRVbbwNCkeEp2HkD0.js
Frame ID: 883AD346EAF3313EA68EAEAAEDCF824F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 97AB78596D5099229256BAF1BCDAD3BA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F133A3A3882BFD164937FAF48C204DE9
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 0398DF0A8CB03DCE3FEF1A5746CF400C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp 966542211070

Page URL History Show full URLs

http://www.wsend.co/966542211070 HTTP 301
https://www.wsend.co/966542211070 HTTP 301
https://wsend.co/966542211070 Page URL

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

57
Requests

96 %
HTTPS

0 %
IPv6

11
Domains

19
Subdomains

17
IPs

2
Countries

884 kB
Transfer

3378 kB
Size

8
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://api.whatsapp.com/send/?phone=966542211070
Title: متابعة للدردشة

Search URL Search Domain Scan URL

URL: https://www.un-web.com/tools/whatsapp/
Title: ارسال رسالة واتس لرقم غير مسجل

Search URL Search Domain Scan URL

URL: https://www.un-web.com/tools/whatsapp_link/
Title: رابط واتساب

Search URL Search Domain Scan URL

URL: https://www.wmadaat.com/?app=article.show.2628
Title: طريقة التواصل مع فريق دعم واتساب بكل سهولة

Search URL Search Domain Scan URL

URL: https://www.un-web.com/tools/age/?utm_source=wsend.co&utm_medium=website&utm_campaign=whatsapp_to_age
Title: احسب عمرك اليوم بدقة

Search URL Search Domain Scan URL

URL: https://www.un-web.com/tools/bmi/?utm_source=wsend.co&utm_medium=website&utm_campaign=whatsapp_to_bmi
Title: احسب الوزن المثالي المناسب لطولك

Search URL Search Domain Scan URL

URL: https://www.un-web.com/tools/gold_price/?utm_source=wsend.co&utm_medium=website&utm_campaign=whatsapp_to_gold_price
Title: سعر الذهب الآن مباشر

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.wsend.co/966542211070 HTTP 301
https://www.wsend.co/966542211070 HTTP 301
https://wsend.co/966542211070 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://googleads.g.doubleclick.net/pagead/adview?ai=Cm2BbvgwpZcKpOqnB_tMP6f2PqAab1vLAc7_wm-3MEWQQASCIvtImYMkGoAH16475AsgBCagDAcgDywSqBNUBT9D98OeH6bZ6-Aol5yeUuFrtZkY-91ioyiRG3iTRLBjax25VaNOuvMOfFRZ9ummDcFzGBVLTuuxogD7T7NjI-h9E2UrDZpXTJb_CFf3fTJ9DDNy8_a47kczdFDK1dLV5FZJlxvO0e8nUic4i7e1aU0pZwEbLTKA9gVcj4YwWXU7Mquv3qonvUIA9lMHql-_ueVemMl9qOPXK3lJZrjfnEIOtN9835fDnDEwve8oQuUDs31M9v-M5b1St2ts11ewn3bYSKKFlVO-ohBsPKkPZ4e6IxJ8mwASijZjPqASIBZn0s_tIkgUECAQYAZIFBAgFGASgBi6AB7Ky5sEBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQussI0ggWCIDhgGAQARgfMgLLAjoCgEBIvf3BOpoJxwFodHRwczovL3NlYXJjaC55YWhvby5jb20veWhzL3NlYXJjaD9wPVJOK05QK09ubGluZStEZWdyZWUmaHNwYXJ0PXlhaG9vJmhzaW1wPXlocy1nMTgwYSZnX2FwPWdndDImdHlwZT1OUCZndHlwZT0tLW1rdy0tZGMtbXQtNjQ1NDM5NDM0ODY2LXMtcHRpZC0tLXBncmlkLTE0ODM0MjQ0MTYzNC1jcGduaWQtMTk1ODYxNTI5ODUtbi1kLXBsLXdzZW5kLmNvgAoByAsB2gwQCgoQ4JyC3JPk0bcUEgIBA7gT5APYEwyIFAHQFQGAFwGyFxwKGggAEhRwdWItMTkxMTk3NTc2ODY5ODIwNRgA&sigh=_5cgDrmunBw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNgSoyhvAy-nimZrr0h72U3BfEPifDcYFZ5BsTHt4Xc1sCyGdAxi0fhaZKGeAuSrOQyAb3UjhIoQIiy9NWuWS8dukPVMd0xQkYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6ec8ba0aa37bab080000000000000000%22,%222%22:%220xefb3eb534b4e7ff90000000000000000%22,%223%22:%220xb52100c3b4a4e49f0000000000000000%22,%224%22:%220xe86860b6cad32e2a0000000000000000%22,%225%22:%220x3a697b02cc843b9c0000000000000000%22},%22debug_key%22:%227813533829965787124%22,%22debug_reporting%22:true,%22destination%22:%22https://yahoo.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22790869493%22],%224%22:[%2210-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222511534837403612417%22}&andc=true

Request Chain 46

https://gcdn.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/5AE6F02376B9B109D3D75DB9AFFF9A1ACC18E52E.AA5306B413F478ED057641941B11158322EF9D6F/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5AC081CCC46E9BA47210416AB02F8AEBAE7FB936.697BA0BFF45EF08E4F04655B652DC478259DD33B/key/cms1/cms_redirect/yes/mh/Nr/mip/176.115.237.101/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1697188370/mv/u/mvi/2/pl/24/file/file.mp4

57 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 966542211070 Show response
wsend.co/
Redirect Chain

http://www.wsend.co/966542211070
https://www.wsend.co/966542211070
https://wsend.co/966542211070

14 KB
5 KB

65ms
52ms

Document
text/html

172.67.69.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wsend.co/966542211070
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 9b35bcb3e0e0210b9b6dbf2638876a53d13ff8fcb2129d4337a7617fcf6a7863

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 815687408e4a2c36-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 13 Oct 2023 09:24:13 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XyNgkFA2bhORH21yeu2puUGKi7d%2Ftx0xZtwDkY5%2F9jojEErwnmX%2BR70JJY0NpM68PReXye3j1Yy1qCh%2FUL0b38q8gbyaBpRk%2FOGROT2PRoiYAH%2BZ3uIlSct5"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.2.34

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 815687401ddf2c36-FRA
content-type: text/html; charset=iso-8859-1
date: Fri, 13 Oct 2023 09:24:13 GMT
location: https://wsend.co/966542211070
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6lYxfATgfeL6zRiqDF2IcPIo2Dv1ahjUmFwb7e0taKlNU4e%2B%2F2Mt7k6%2FLNOHOfXSN4qjBy4cyrtgdwPGV51eF5l3VQYsmEfhzKbnApLxEQbYG36LyjwUqa6kFUstg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
83 KB 564ms
30ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2ELFHMNZ2B

Requested by

Host: wsend.co
URL: https://wsend.co/966542211070

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

222c67e039b354ee15528c7dfe036f660e85ab49d7186f3d9ecb6b13987bc69a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 13 Oct 2023 09:24:14 GMT

GET
H2 200 logo.png
wsend.co/ 2 KB
2 KB 18ms
17ms Image
image/webp 172.67.69.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wsend.co/logo.png
Requested by: Host: wsend.co
URL: https://wsend.co/966542211070
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c65b940f44dc0c0e6ccba7e4b5dfad9482a287a71d49983b8e7bc06bb513d09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/966542211070
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:13 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5689
cf-polished: origFmt=png, origSize=2383
content-disposition: inline; filename="logo.webp"
content-length: 2054
cf-bgj: imgq:100,h2pri
last-modified: Tue, 31 Jan 2023 15:47:36 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JYv4zWojmevAVId07AvyCn4eLwYU9HEh88tUOZ%2Fbx%2FLBgQx%2F0RxA9JVraOlIZLpmIgUUN7wbT1h149VRqPX5qpeaaoQ0HKwQVB4g5dJvPD3UK8UibHZoolOD"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 81568740de902c36-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 571ms
74ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: wsend.co
URL: https://wsend.co/966542211070

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ad4e24785b1103a98d8ab4a09d0105d16f97dee215255c213dcace3544a7aee3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51407
x-xss-protection: 0
server: cafe
etag: 18054535175977855835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:24:14 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 558ms
61ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1911975768698205

Requested by

Host: wsend.co
URL: https://wsend.co/966542211070

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

82ab08809aa41e060ae8d26d7b77d9433b7ddf6599ed460225f7037a8572afa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Origin: https://wsend.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51410
x-xss-protection: 0
server: cafe
etag: 9982450559159282695
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:24:14 GMT

GET
DATA 200
OK truncated
/ 428 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f711cdb3e5614a6b9c2c609f81f534bb84ae367b160147707f87815826b44b15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 tssoApxBaigK_hnnS-agtnqWow.woff2
fonts.gstatic.com/s/almarai/v5/ 46 KB
47 KB 477ms
20ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/almarai/v5/tssoApxBaigK_hnnS-agtnqWow.woff2

Requested by

Host: wsend.co
URL: https://wsend.co/966542211070

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

420c7579c1de54e20027c1fc6abda9c53ac1c0872c6d147ed2759cce872c2bd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Origin: https://wsend.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 21:42:44 GMT
x-content-type-options: nosniff
age: 42090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47520
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:42:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 21:42:44 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
240 B 352ms
19ms Ping
text/plain 172.217.18.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-2ELFHMNZ2B&gtm=45je3ab0&_p=1424198779&cid=1853331244.1697189054&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697189054&sct=1&seg=0&dl=https%3A%2F%2Fwsend.co%2F966542211070&dt=WhatsApp%20966542211070&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2ELFHMNZ2B
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra02s19-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://wsend.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/ 390 KB
132 KB 77ms
76ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1911975768698205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

be319a50249c7b704a827e655022642b5a2559d1b6fa3889c57a2759c0593062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135438
x-xss-protection: 0
server: cafe
etag: 4136311527595441721
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:24:14 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231011/r20190131/ Frame B05F 10 KB
5 KB 445ms
10ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231011/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1911975768698205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 83306
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Oct 2023 10:15:48 GMT
etag: 2603938475786422795
expires: Thu, 26 Oct 2023 10:15:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
601 B 360ms
18ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=wsend.co&callback=_gfp_s_&client=ca-pub-1911975768698205

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8786ce5ba8f6491bf854f2e1f2995b84ab8eb46347019a6ec518815358e77798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AE3F 3 KB
769 B 489ms
235ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&adk=1812271804&adf=3025194257&lmt=1697181854&plaf=1%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x1080_l%7C236x1080_r&format=0x0&url=https%3A%2F%2Fwsend.co%2F966542211070&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054404&bpp=7&bdt=831&idt=177&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4495472453491&frm=20&pv=2&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=208

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7d9ef6b136fe4c544b469d6919ba70f7edb566f6fb5de1f8ae72e3981b25d0da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 569
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Oct 2023 09:24:15 GMT
expires: Fri, 13 Oct 2023 09:24:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 55B0 112 KB
39 KB 731ms
521ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=8638372222&adk=2644286354&adf=2420951037&pi=t.ma~as.8638372222&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054411&bpp=3&bdt=838&idt=232&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=338&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=G0SsSvYfUu&p=https%3A//wsend.co&dtd=246

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b052fbf84baddbd84ae02cb6046f79d169d185a5cf17301cdf13a6ee584780aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 39284
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Oct 2023 09:24:15 GMT
expires: Fri, 13 Oct 2023 09:24:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B359 81 KB
27 KB 629ms
432ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=4399507564&adk=2159958853&adf=515906585&pi=t.ma~as.4399507564&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054414&bpp=1&bdt=841&idt=252&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1090x280&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=1132&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=GsGIACRxta&p=https%3A//wsend.co&dtd=258

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

57f978b54943c3f226b9b5c6e9cfed898c9064e7a99677add7997c55e33a9539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 27379
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Oct 2023 09:24:15 GMT
expires: Fri, 13 Oct 2023 09:24:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame B359 23 KB
9 KB 545ms
34ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=4399507564&adk=2159958853&adf=515906585&pi=t.ma~as.4399507564&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054414&bpp=1&bdt=841&idt=252&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1090x280&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=1132&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=GsGIACRxta&p=https%3A//wsend.co&dtd=258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71248
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 13:36:47 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B359 8 KB
1 KB 531ms
27ms Stylesheet
text/css 142.250.74.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.202 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f10.1e100.net

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 09:24:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 08:54:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 09:24:15 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/ Frame B359 15 KB
3 KB 528ms
18ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 21:10:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216799
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 19:51:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Oct 2024 21:10:56 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/ Frame B359 371 KB
129 KB 529ms
19ms Script
text/javascript 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

sffe /

Resource Hash

2bd04f73111427a6fa4240c968eff556e1e679f3ac0d53275534f9c333df6d7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 10 Oct 2023 21:10:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216799
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131960
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 19:51:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Oct 2024 21:10:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame B359 20 KB
9 KB 519ms
19ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71435
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 13:33:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 55B0 4 KB
728 B 440ms
27ms Stylesheet
text/css 142.250.74.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=8638372222&adk=2644286354&adf=2420951037&pi=t.ma~as.8638372222&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054411&bpp=3&bdt=838&idt=232&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=338&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=G0SsSvYfUu&p=https%3A//wsend.co&dtd=246

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.202 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f10.1e100.net

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Oct 2023 09:24:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Oct 2023 08:49:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Oct 2023 09:24:15 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 55B0 2 KB
973 B 456ms
39ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 13:38:14 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 55B0 23 KB
9 KB 450ms
43ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71248
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 13:36:47 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 55B0 3 KB
1 KB 453ms
47ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 17:21:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57751
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 17:21:44 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 55B0 20 KB
8 KB 437ms
20ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71435
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 55B0 187 KB
59 KB 468ms
52ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60003
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1697024009209687"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:24:15 GMT

GET
H2 200 ccbada329de78be299cbea1a52c9a584.js Show response
www.gstatic.com/mysidia/ Frame 55B0 35 KB
15 KB 423ms
17ms Script
text/javascript 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ccbada329de78be299cbea1a52c9a584.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

003fffcd4e614a4719da6f886bd221851da79915061393b248af55fe0ddf9476

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 09 Oct 2023 21:16:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302881
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14787
x-xss-protection: 0
last-modified: Mon, 09 Oct 2023 21:02:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 21:16:14 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/8309518574892805908/ Frame 55B0 21 KB
22 KB 496ms
107ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8309518574892805908/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4a7202d4f89e10a16a811d77ab022380cadf3d9cbbb68eeb56e91c9e82a266c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:15 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21925
x-xss-protection: 0
last-modified: Wed, 18 Jan 2023 17:40:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Oct 2024 09:24:15 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/991230989228484739/ Frame 55B0 2 KB
2 KB 439ms
50ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/991230989228484739/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

3b3348deddcbc299ca42e06fb098190f0a369f372411cc43a734225f415849a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 16:32:08 GMT
x-content-type-options: nosniff
age: 147127
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1708
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 18:47:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 10 Oct 2024 16:32:08 GMT

GET
DATA 200
OK truncated
/ Frame 55B0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27872406bec95bca52ae573d7a06b9a708b51e8226edbb800213aa75562c52c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ Frame B359 0
234 B 1443ms
380ms Ping
image/gif 142.250.193.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lnoejkt9&c=1497085633140&slotId=748542816570&qqid=COnz8vXZ8oEDFZKDpwodmTkDjg&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.193.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: maa05s26-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B359 15 KB
16 KB 10ms
9ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 07 Oct 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 503217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Oct 2024 13:37:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B359 15 KB
15 KB 11ms
10ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 19044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Oct 2024 04:06:52 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B359 0
121 B 53ms
53ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C4EIIvgwpZemcOpKHngWZ84zwCPqz_6hz0--0ybcRZBABIIi-0iZgyQagAeO2q-8CyAEFqAMByAObBKoE7AFP0IT3FJgw5sIKetgKYqA0KVodUhtlg73ibmH1JB1h4zasIX9TIeuujWJeoVvI3Q3TkRbLmWvqZKjJ5djX_oj63jWdo1gPn5t5bhJEATaqJcmk7xxmK5I3vkenxHUTw4JfpIJYTb5WETA3GbmaorKAgIgLKQ1y_3E17p4mBXMM_A0_-moV9aUzdl0HLVGhGLJbhkU00OFDAm_-iHF7Uw8XvcEuZZSmYA5vtwed7wMssZreN57CJDrEeGvu0qyRHjLB1FSsqhAKwlGsFgszsi-fE58JGWzyGE0yEdOC49_tFXZnpKKfZz3q5oEYQsAE7YvOqKEE4AQDiAWluM_YSZAGAaAGToAHhcnUkAGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgGAQARgfMgLLAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAlVTyA0BsBOh2IMV0BMA2BMNiBQC2BQB0BUB-BYBgBcB&eventType=clickstring&clientTime=1697189056045&ai=C4EIIvgwpZemcOpKHngWZ84zwCPqz_6hz0--0ybcRZBABIIi-0iZgyQagAeO2q-8CyAEFqAMByAObBKoE7AFP0IT3FJgw5sIKetgKYqA0KVodUhtlg73ibmH1JB1h4zasIX9TIeuujWJeoVvI3Q3TkRbLmWvqZKjJ5djX_oj63jWdo1gPn5t5bhJEATaqJcmk7xxmK5I3vkenxHUTw4JfpIJYTb5WETA3GbmaorKAgIgLKQ1y_3E17p4mBXMM_A0_-moV9aUzdl0HLVGhGLJbhkU00OFDAm_-iHF7Uw8XvcEuZZSmYA5vtwed7wMssZreN57CJDrEeGvu0qyRHjLB1FSsqhAKwlGsFgszsi-fE58JGWzyGE0yEdOC49_tFXZnpKKfZz3q5oEYQsAE7YvOqKEE4AQDiAWluM_YSZAGAaAGToAHhcnUkAGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgGAQARgfMgLLAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAlVTyA0BsBOh2IMV0BMA2BMNiBQC2BQB0BUB-BYBgBcB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame B359 0
54 B 1417ms
382ms Ping
image/gif 142.250.193.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lnoejktr&c=1497085633140&slotId=748542816570&qqid=COnz8vXZ8oEDFZKDpwodmTkDjg&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.12q&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.193.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: maa05s26-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame B359 30 KB
18 KB 214ms
51ms XHR
text/xml 66.102.1.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D2BD3gWM58s0vtq4k5G-2StziY7gA2CdLzKGxJc-4AMZ5dQEnvyXGc5JbLEyH-wxKHNybjBSNPiIVMC5G_IgH1cnNWYw&cry=1&dbm_d=AKAmf-B4M_qOF0qHALHbEVzGYraYx-MU-0t1HfjiGOAWrzFfvSPwc_okSWKP_YdCMGkn08f_cD28juwKl_CCp_apnpmX9fbim25ObL0yEXLOzuG0AiIvLkjJs2csl4f4QYYyyg72_WnczsyWCjXb_qwYLbJE4GXGUPsakvSjvDiAswsZuUfi742SGwlDkHshOWd_40-lFXPNDxQZDK5S2jrVLJ1bdzLwSeiaG_jucHchXsJ54RhGVq0uV3-wlLSisvok_iuaJOE7L-zU91aX_-LkjMJnLjMGBobi5J-wSh70qmDDoQy6ekKNGMhnENFm6zDFBMNptaLzoAEgrEr7oHUYKiUg7AzIslg78qvfHo-OdwshThUk-eTV3_w1AOo4HDXJQQ6faC2eA2-VYbNoSlV4tZDwTy9-ZuZZq4x6SCvEQF5ms2wZlJb582jbR4KXQ-jOa2qvwxwZG5vFX30SfigkPmjfGOxyHf1IsuQChHARsEJEsFNzjGxEAvjxOwmmfZ1TeJtnpYK5psglg8O6VEXxrzHjQBjIcjNRdvpYZ_kIlTgd351nTN4ncw76NOdNVuoI8v-ZsM2ywikAR3A4KoZh6FK95RfjX6A4XFqEqnnhGOACRmbpLs-CtJ-bIyoX88urs_KjeJ-ftQR9LbEV4G0H01FiPq6lDO_Dyivopqs9zwqnimYpGzrRAGcPP8WyjCozmKk8TANh_5KU6bu68z5HbjhW4Kv4k9SmrGEVyQGLEhpZ3FM76rfor70ck_lT9yTwp8upO-UvOOnmBexH_U_BpEpXopZkYDofE2TOhZ9vILZ9DWR7tZTSrfOp7RxXZ_IiPzETmL2BrJ_XsCvZIghARBrzYj8gsHXldpKta9WXxGKm7XXSWLJjg3yHH0GrdPq2TSc8e8VFpmHqcjs2YBpsqpAqGjK7JzT4_aaQLddXBLLF8tPoRGxlwVO8EYG_17pzSD-dcxuIHFBZInbK_XCI6u3FKZpIWRoDZVd7h4sEReyzBMOU_tfuslJkQGN9gvUwSjbjKtbw5gtsEowk6gzzvtLxsBx8B5fKt8HffsCC2ZPI7lgHKjkra90Ab50ujdkLsOLPVbb9x_4TwDmMoS2nUP-Y1sFTiNInmTQIsLUMvLCPyFLgagxiawvjHBANoNa-JrQpnyjtv5IYGHrvEcCX9afeJHcadHUVJLbodUM6GZLN6Gsm138cpwVqBbdlvmbn5nV0FIHJN2GPnH_xc6fPkbCBWXPvk_0KhAatLft1kC4NGNjVKX3fyVQLnLw8jLRShGPTzYaipzAqVs1Lp_EyG_UIs3zqS0Rp5VpUora8auRNonWu96aYb8d4OGWYl5sVi9IYOAbhOZo_VYSR7bpNoEg2AFVCCK1gz1ogSG-DoTTx6wFP683nnLMr_Kibd-K5ns6Ruq-jA2DNoyub38DLp5E5zqxUdkw2xhCx6a6DMezMXUO6I1I8fU0X-_Fi6w3HRM6G3mP1CLfxjdRpbEnae9jHpZbQbef89C4Cb1t0DdaWP-URqOcx-vNgYbFdKitz6u69Xu_r15-d9YwkXZ9KykwmdGYFmFD5glyhTudESnxQ4iSmrh2wdJIGXWhYq5lSRFaKgRDtyxI3Ez25R8gVJtBQtuxhilXcUwGBpeRVBZfdZ0DGxn2nqgQcESroSCpU0xOH-PJ10ITY4QsZQ0egZ88uEuxgTXwm8ZkQY-_ZORvukN7xRT2McC5W8XdQjAxGV0Ofx5XD-L3eaO6WaHbwmTR088LQ4uR1c2YCw8N3bBWTE8HVz4MpyEHghCbyd1alrCaBiNr0ogg3cYfaG_wRCdgWN90OIUBmEENVp4UhQ19cVk5mL_2LBeN7Oz3RC9aXt6-8s7M0ba3m2UyFJtv4Pg8SuhAc7XuPMFgKmwD69WQ5gRBhw3ckvZ07-ek9zS3hELIdtKBUbPKd8AZ0c0Dwfr80z0m93gTlrcpBhjg2Vzl1BcQzyK3atqt2keAK7WjeRq9iMASIE4qalr5JvYWK9ZYYNXn4No7mp61CpTui2k3PsWS9AZY7wJb2i4GjX2x3b_3W9guCaa3Monw4FXQhzYLxIM2LqnK3u9enYG6arDGld1fiozPKQ0MjJ7OT9ppYDkKF07DqtScuBQal_W5qKeZZwQO2od5ap3G9Z5GlIwM0O3qki0-lf8L_ayI4tNZODsibYNw9UhtILJA_KqonhAEHGp7Jc_mZoqoF2pGq3c_CVr52WVU9xDMdwVOYHtYLp2afdWFYbSS27nQD1EcdpZ-AuiMMRg-eJMPqyg2a1opIE4AYSqkUe0mlkJmWf84eN7WsqSfY1-EkkucrIeoaj223AY_GzaFpc_p6tTavHNgNSYMcDOXqBpnV0SRtJZ0ChOs3KzwPbTX63tAG0Ts7dJinzfmNNC53NEM5cpZTLgy8RE3yWPbLlp8E1fS9Cw5DyyRlZatxMnS7mFP3bQkoWbCY7xI4pXulcO1R_xRKjMN1BZbTDTlecc_L_sUy8ZeI2lG57MOOVTc3k_Z7W98JSC__9Dk-H9n9cGKs_-oQgdzotrVM3qdJ2Rren-K8XdhZOs1wXAIaqAhKgfPUM1S0B5RNEpFrtF9AN77k0DUgKfMvYchWOWpbbxVFk8X2qIGL22tztBFWIjCj5CmrfDPFkkJMC3n3Yi-AuNtiHKbdphokDFibtB98LG7MZ4atJ8ZEODGu-ae8iFC1f-g2bSjy0qtxk6khqumK8ZNiUGU3h0JV0JDoxzDeN0sVLnOWAwlioM8IeGvkimfgeplX5CeWyM_r0DuMQg5dzj4QAFg__V3EWDC2yEzQ99iib9gcPT6Fg9SVk_uL4u6o8IQFfQ97gbKe7esS0DxOyIu77WYsVS_HModKxIYAH7yWKlHT0MtvVjrqmi4WzgHwV1Yp1lfv43r7uUQMF2PJTJjMLwy4_Apn6hI0tyHB6j4WIX8XFU_mqqkXfih77P0RlKdZ1AlgTZibaPILHuLLC19O_gGAGiCUC895VDA-ImRGH_7EYQwYCP_1zXNkWxobQmW25yHp88h8UVOR6kB7k2PGq-qVSfBBPF3pXcqBKKoCUDxEviZT0ql1mhP1_4WBlVMqEZIlQr6AZ-IxBw4yhO68wtUIqhQAUJiig4fCH7n9DsoK93H--ODcHtr_IQJjZ8-QPjdw5ofj0wmNgZQaXwgxJpb6rcriSsvWMFBuSADHW3PL-PhLkKQOFPBIK28JbhFW-YzAOHH2UbCpncYbLxRlaG996rmnvvOyHwFMSfhT3qBqWwXuTN12yisvDIcpVCihcHVRDYJijLjYp6ftAzGx3Og1P-kO15fLvw9ehLBGx3HZa-iK_nCabyff0RHkYvM63f1Gc5-GxAxt1RXa_CfdXKmp6yWSofBK013eGJoqRk6tNGvGaszCZCyTwUSDajFc45sjuzM3pmWAKKj5-N1rtoTSx7BLyqPzHEeRpDEyRbmHH_ccXzN7w1LVOFdQeN9LXD3fOVcLXWw46m1zTZ5IuBVnowf9_j-7F0n2JuDmL4PxODmVcf7oiPSrKN21JbsJtzOdYEGy2uSpnCZhbSlu3VSVjTSV3g0pQYo&cid=CAQSSwDICaaNOpfcdb-WjXyD_nOay3B8-1w_QcMw7JQWsvYru3BTaY2LHF3_-07smQZMWoHar9Yu72Ai74-LuEQiuCzeQQSSSHGKz4YvwBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f156.1e100.net

Software

cafe /

Resource Hash

3b4fe49b35b94d8a5aa4e1e1c7b0269ffef7c8aedd87016bed231a0f3b9547ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17305
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 55B0 16 KB
16 KB 13ms
12ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 18:20:08 GMT
x-content-type-options: nosniff
age: 54248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 18:20:08 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 55B0 15 KB
15 KB 11ms
10ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 19044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Oct 2024 04:06:52 GMT

GET
H2

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 55B0
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cm2BbvgwpZcKpOqnB_tMP6f2PqAab1vLAc7_wm-3MEWQQASCIvtImYMkGoAH16475AsgBCagDAcgDywSqBNUBT9D98OeH6bZ6-Aol5yeUuFrtZkY-91ioyiRG3iTRLBjax25VaNOuvMOfFRZ...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6ec8ba0aa37bab080000000000000000%22,%222%22:%220xefb3eb534b4e7ff90000000000000000%22,%223%22:%220xb52100...

0
0

47ms
46ms

Fetch
text/css

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6ec8ba0aa37bab080000000000000000%22,%222%22:%220xefb3eb534b4e7ff90000000000000000%22,%223%22:%220xb52100c3b4a4e49f0000000000000000%22,%224%22:%220xe86860b6cad32e2a0000000000000000%22,%225%22:%220x3a697b02cc843b9c0000000000000000%22},%22debug_key%22:%227813533829965787124%22,%22debug_reporting%22:true,%22destination%22:%22https://yahoo.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22790869493%22],%224%22:[%2210-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222511534837403612417%22}&andc=true

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:16 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x6ec8ba0aa37bab080000000000000000","2":"0xefb3eb534b4e7ff90000000000000000","3":"0xb52100c3b4a4e49f0000000000000000","4":"0xe86860b6cad32e2a0000000000000000","5":"0x3a697b02cc843b9c0000000000000000"},"debug_key":"7813533829965787124","debug_reporting":true,"destination":"https://yahoo.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["790869493"],"4":["10-13"],"6":["true"]},"priority":"500","source_event_id":"2511534837403612417"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 13 Oct 2023 09:24:16 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 13 Oct 2023 09:24:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x6ec8ba0aa37bab080000000000000000","2":"0xefb3eb534b4e7ff90000000000000000","3":"0xb52100c3b4a4e49f0000000000000000","4":"0xe86860b6cad32e2a0000000000000000","5":"0x3a697b02cc843b9c0000000000000000"},"debug_key":"7813533829965787124","debug_reporting":true,"destination":"https://yahoo.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["790869493"],"4":["10-13"],"6":["true"]},"priority":"500","source_event_id":"2511534837403612417"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B359 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31d6a3a7a6ac10860ea71dab46532d151feac34128e23dd28562ae852d583e82

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 QVp2p3XlSy0Ioz_C1lJtz692ywMRVbbwNCkeEp2HkD0.js Show response
pagead2.googlesyndication.com/bg/ Frame 883A 37 KB
15 KB 12ms
12ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QVp2p3XlSy0Ioz_C1lJtz692ywMRVbbwNCkeEp2HkD0.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

415a76a775e54b2d08a33fc2d6526dcfaf76cb031155b6f034291e129d87903d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 21:56:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14709
x-xss-protection: 0
last-modified: Tue, 10 Oct 2023 07:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 10 Oct 2024 21:56:19 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame B359 0
0 54ms
53ms Fetch
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cw6A-vgwpZemcOpKHngWZ84zwCPqz_6hz0--0ybcRZBABIIi-0iZgyQagAeO2q-8CyAEFqAMBqgTpAU_QhPcUmDDmwgp62ApioDQpWh1SG2WDveJuYfUkHWHjNqwhf1Mh666NYl6hW8jdDdORFsuZa-pkqMnl2Nf-iPreNZ2jWA-fm3luEkQBNqolyaTvHGYrkje-R6fEdRPDgl-kglhNvlYRMDcZuZqisoCAiAspDXL_cTXuniYFcwz8DT_6ahX1pTN2XQctUaEYsluGRTTQ4UMCb_6IcXtTDxe9wS5llKZgDm_vBgcakL73CE6BQpaz5vGo6_E1LM7Zsp4T_MSOGo7LeLTlyqutyD3_sicB3xSAEvWzP6_Px3-WsjMzi0Y4ERfrwATti86ooQTgBAOIBaW4z9hJkgUECBsYAZIFCwgiEAEYAUiVsN4BkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAeFydSQAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcKENjEChisqIbjAdIIFgiA4YBgEAEYHzICywI6AoBASL39wTqACgHICwHaDBAKChDw2e3MtpPD-3kSAgEDsBOh2IMVyBPHhIDiA9ATANgTDYgUAtgUAdAVAYAXAbIXHAoaCAASFHB1Yi0xOTExOTc1NzY4Njk4MjA1GAA&sigh=eqtaJ4H3ctU&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNOpfcdb-WjXyD_nOay3B8-1w_QcMw7JQWsvYru3BTaY2LHF3_-07smQZMWoHar9Yu72Ai74-LuEQiuCzeQQSSSHGKz4YvwBgB&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1911975768698205&output=html&h=280&slotname=4399507564&adk=2159958853&adf=515906585&pi=t.ma~as.4399507564&w=1090&fwrn=4&fwrnh=100&lmt=1697181854&rafmt=1&format=1090x280&url=https%3A%2F%2Fwsend.co%2F966542211070&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1697189054414&bpp=1&bdt=841&idt=252&shv=r20231011&mjsv=m202310040101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1090x280&nras=1&correlator=4495472453491&frm=20&pv=1&ga_vid=1853331244.1697189054&ga_sid=1697189055&ga_hid=1424198779&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=255&ady=1132&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31078480%2C31078599%2C31078701%2C44801484%2C44804783%2C44805098%2C44805333%2C44803791%2C44804173%2C44804940&oid=2&pvsid=1634763300190783&tmod=991593608&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=GsGIACRxta&p=https%3A//wsend.co&dtd=258
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 13 Oct 2023 09:24:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 13 Oct 2023 09:24:16 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 62ms
61ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231011&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

2b28038afcb7f73afa1bd92be7e632b0c82450290108464603343b2ad6bf1aa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12143
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 61ms
44ms Preflight
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 13 Oct 2023 09:24:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 52ms
52ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310040101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 09:24:16 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame B359 0
54 B 1072ms
381ms Ping
image/gif 142.250.193.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lnoejkuk&c=1497085633140&slotId=748542816570&qqid=COnz8vXZ8oEDFZKDpwodmTkDjg&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.193.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: maa05s26-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame B359 41 KB
15 KB 11ms
11ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 384687
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 07 Oct 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

file.mp4
r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame B359
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

411ms
17ms

Fetch
video/mp4

74.125.11.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5AC081CCC46E9BA47210416AB02F8AEBAE7FB936.697BA0BFF45EF08E4F04655B652DC478259DD33B/key/cms1/cms_redirect/yes/mh/Nr/mip/176.115.237.101/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1697188370/mv/u/mvi/2/pl/24/file/file.mp4

Protocol

HTTP/1.1

Server

74.125.11.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s42-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Fri, 13 Oct 2023 09:24:17 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4149107
Last-Modified: Fri, 03 Mar 2023 02:10:29 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Fri, 13 Oct 2023 09:24:17 GMT

Redirect headers

date: Fri, 13 Oct 2023 09:24:16 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 644
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5AC081CCC46E9BA47210416AB02F8AEBAE7FB936.697BA0BFF45EF08E4F04655B652DC478259DD33B/key/cms1/cms_redirect/yes/mh/Nr/mip/176.115.237.101/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1697188370/mv/u/mvi/2/pl/24/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 97AB 13 KB
5 KB 11ms
10ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 13 Oct 2023 09:02:03 GMT
expires: Sat, 12 Oct 2024 09:02:03 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F133 829 B
1 KB 356ms
21ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

ee7f478cfd6b91a0f45ebfa59951ed36da17951de207ab7f45b3b3a468d0c5bb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wV_-gT1Vw_vVdtw_m-bOdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wsend.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wV_-gT1Vw_vVdtw_m-bOdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 13 Oct 2023 09:24:16 GMT
expires: Fri, 13 Oct 2023 09:24:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 0398 23 KB
8 KB 15ms
14ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 359122
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 09 Oct 2023 05:38:54 GMT
expires: Tue, 08 Oct 2024 05:38:54 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 QVp2p3XlSy0Ioz_C1lJtz692ywMRVbbwNCkeEp2HkD0.js Show response
pagead2.googlesyndication.com/bg/ Frame 0398 37 KB
14 KB 10ms
10ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QVp2p3XlSy0Ioz_C1lJtz692ywMRVbbwNCkeEp2HkD0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

415a76a775e54b2d08a33fc2d6526dcfaf76cb031155b6f034291e129d87903d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 21:56:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14709
x-xss-protection: 0
last-modified: Tue, 10 Oct 2023 07:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 10 Oct 2024 21:56:19 GMT

GET
H2 200 4QJGLNlKfnVz3XQjPF9W03cPcyZJorHT7_BXddCCsBM.js Show response
pagead2.googlesyndication.com/bg/ Frame 97AB 37 KB
14 KB 10ms
10ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4QJGLNlKfnVz3XQjPF9W03cPcyZJorHT7_BXddCCsBM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

e102462cd94a7e7573dd74233c5f56d3770f732649a2b1d3eff05775d082b013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:02:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Tue, 10 Oct 2023 07:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Oct 2024 09:02:03 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame 97AB 0
40 B 12ms
12ms Image
text/plain 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?e2ya5w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.184.193 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 09:24:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F133 0
0 43ms
43ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231011&jk=1634763300190783&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0398 0
56 B 62ms
61ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BcLxqwAwpZZnfD4mkhcIPhqeKwA0AAAAAOAHgBAI&bg=!_v2l_bLNAAZy-tsgUvo7ADQBe5WfOLAizHf3s60RKJG_G_rzCiktX7T5bXkjxrmVLJZ_g5AhzlhveqZrOvmzZGnjNXHmAgAAAaxSAAAAE2gBB5kDLApQUJRMzLaB8PQGSsyIpmbbijEtWLUqLavkulAlFRtzW_MmIpgbL5arkcYsyX7Xqw-83MtZ2jAZgmgW3H4Id5l1WAmihQk-n7fzeZx5d82qGCrsorZanmlLwBzD2VK1tmwGfpLhhFdGrAflEg5HwD8VLkReGnUcEwHzFAU-AaY_UiFmp_j3A8NYaMc6rwq-5K4adVcJd--nQSgUgyi8osJMn7Wmm2reu-JxMEQdJAM0yJGuayrH5_5Wm71m9FvMmxT7TXqdnlMFA_vOJKzSZOOzlePUkWK8eHPL1Zblwnbw0SyvhuJjyrrjzYUfQFakGXUCdmPnpz-PDEqtOjsy7_SNDgjxCDl9Isp5BCbqaGJdVJLgmt2nlfYql6pAh5rBqCfeMNmGwaiKFGsTfycht6vKXXLzR1mAhnjmv42sVX3pkLtTOp8EveJW0SVb3hqvTNXA2Zfuwyn9naiu0QliU7kiRSc1zlcxtnLAGF3F61KsedFB8-x8obXCPzfR7qjVlSDYmlDp6XiyLwtzTuHaUA2SznUQVZ5rrMR0jJy3bL5mEX3LeqpMH72Qr81YLdeA2zr3t8MdLShB5do7De_xY6Eay_bj44mXoAZO8DjilHKkyx9sg_bX2CFwLuXKAA3ltWS7frbFkmdNitSbtdTDB_Rl13Ddk2-RtGSXwj0tyf6aU_zMbK9RhDg79U4CAbIusEfjMGPz_NXq-UqoQEHX0oA3UKWXlAsAHyY-DJlZdkYzYMOBjQdSe34PRZGtrtEnPSuIvcEyYa0eJeK3wDe7d3cvkSPur96bg2krWm3GZOacITDSe8LgdPi1BaPD6g6ivoN0sSOGRAd5ujjLOkVvVidN4F8nfFCA8d04AkLGhcfy_Q5yoTJcZIytFUNcHnMqbSBDZVKrlfZttg01g5rcYO4iN5F_SKLvqpWcEB8w7Ydl6JWBwoBC3RDIhUTpejgCH4YSlvVCRJHZbSKHiZ6OuMq0fTXhN0Q1Lqq6snLenzMiHxea3v3k4p658qO-ef3alRP7SHwGVoE_XyNJtztmSwH4LNkUbxR8EhOcNhOMZnafnghAAccRUxvViDPi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 55B0 42 B
174 B 49ms
48ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsusewuC51FmoR5-NA6kw7SC97vgOJoiO8E8S4PYqItN-JGGwx_GhSajERoJWsPR7pU7OiY2A5yZavOuGQXjPYinYnHZjbf-FW6HoqJF6Y024iBANHWo43_C3S-MLlZ7-FcaYOJZpRFgM96u&sai=AMfl-YQRFkRacvhumv_3ivDAQjD6h5sNMPESejuDM5eaqv9dxCQHgj-bJzmWesF7OPMHATQuYAlhmERGqgDD7JSNQHBytSw1Z_ibUw-pbqeoVSLywdcGJqLCk7mhXgrTBC2SSeZ1eSZ6h_tO4TYj0w&sig=Cg0ArKJSzETzj3DXbDCQEAE&cid=CAQSTADICaaNgSoyhvAy-nimZrr0h72U3BfEPifDcYFZ5BsTHt4Xc1sCyGdAxi0fhaZKGeAuSrOQyAb3UjhIoQIiy9NWuWS8dukPVMd0xQkYAQ&id=lidar2&mcvt=1000&p=0,0,280,1090&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231011&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2644286354&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697189054660&rpt=1491&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content file.mp4
r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame B359 886 KB
0 235ms
12ms Media
video/mp4 74.125.11.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

74.125.11.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s42-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 13 Oct 2023 09:24:17 GMT
X-Content-Type-Options: nosniff
Content-Range: bytes 0-4149106/4149107
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4149107
Last-Modified: Fri, 03 Mar 2023 02:10:29 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://googleads.g.doubleclick.net
Expires: Fri, 13 Oct 2023 09:24:17 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame B359 0
54 B 367ms
366ms Ping
image/gif 142.250.193.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lnoejl42&c=1497085633140&slotId=748542816570&qqid=COnz8vXZ8oEDFZKDpwodmTkDjg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2009&mt=video%2Fmp4&vs=1280x720&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.1cl&ua_e=1&ape=1&ple=0&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231002_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.193.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: maa05s26-in-f3.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Oct 2023 09:24:17 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
62ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231011&jk=1634763300190783&bg=!aGulayTNAAbFpEfJ5aQ7ADQBe5WfOFzUqyBIgLufrAqpd7H8KMFos5g0VlFHKwJeR3uRgsZNTpMnfSgLXJMg02CDo1ZRAgAAAXlSAAAAC2gBB5kC3CWk23QscctT9R4sKUEVS_TjIuesYlL14YQmcEVjO2r_uFXuMCGinArGA0EHg3vzzSD22pAoxe7ab4DWZPLOCd3vU6xuJCswt9ZV6L_q2PMdNeRiIOzRXCCT9scMbQgMwvRBaCshrD9iaGxjDoJD8_pRx1uqkzrkrsMs-wgZxZ0LcLJQ_z-Ao3z4EtadOMErrShtdl7obllwmnyhpAiC0lkHQsvsyq8qmjDxMQ6kmGReoIifu7h2xl-OAMWT3rVPN8b19GUC8-M4VppcMavTmRIP1ShptVfqmfZVMbRPoMeGz4IkLYiobaNkB541U6rFo0LUHsxi26_3sTamqrbKUCRI6sM1wuLnHju1Z9J0Foi4Mk6eTaaSg6_JBr6LjI0NEdWiUiVcK24Xx2ukEcmbDyOumEP7-20IzesnOssiz6vwMXM_UGQgml_4KprJywnVwZ2jzpowLwb9NlfynieS92E8-HfEMEJn70OuMCWDl3tsSGrbrIF_7QVADVJeI6IlUKJR5kfyAZMVZ6zkhTVBlKxJgNmEC9p1t9r45Nu4oKLmr3FG3b76LrepkeS8IMF_b3FV7Q4yZoPKcGnESiFUE9OLpSicYfwdGm8apH9MLhI3A4DE7Bq4no7Lw0BSspIkzXlWm-ZvjaESfxP7n7MFDzuaexvon7j-EmhUgRnuGnDu0FtpDgDDGl7Uuv26m81t3-gqTavwbq9Fq3QkYuAdG5Q3Sp8RI_XvM8gnOKOPWqSibDyBmYWHLxpRb68-OO6oilDShLfBBxJEwAraXekMPs4gLlSaAIjxcy2IIDldl3NvBgEBFZaFz4TLdVu1grCa80sN22vuPL5w5mI6x4iO3pvwj52da9ka7yavHgf1CNXvyJlOcN7yvDHP0KwCLwqt4XI4PdfdETMita1_KK_baCedE8CzqJn24btCMVUKcsKZU7cR8IhCw51vPX6mfnNqDiOow6Zz1wVuAXpv-w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wsend.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

GET
H/1.1 206
Partial Content file.mp4
r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/a61acf5b54916e08/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3822257611/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame B359 256 KB
0 191ms
10ms Media
video/mp4 74.125.11.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

74.125.11.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s42-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Range: bytes=884736-

Response headers

Date: Fri, 13 Oct 2023 09:24:17 GMT
X-Content-Type-Options: nosniff
Content-Range: bytes 884736-4149106/4149107
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 3264371
Last-Modified: Fri, 03 Mar 2023 02:10:29 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://googleads.g.doubleclick.net
Expires: Fri, 13 Oct 2023 09:24:17 GMT

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
wsend.co/	1969-12-31 23:59:59	Name: PHPSESSID Value: 17886e0627df3ebdba80ed680bf0e1e8
.wsend.co/	1970-01-21 01:02:29	Name: _ga_2ELFHMNZ2B Value: GS1.1.1697189054.1.0.1697189054.0.0.0
.wsend.co/	1970-01-21 01:02:29	Name: _ga Value: GA1.1.1853331244.1697189054
.wsend.co/	1970-01-21 00:48:05	Name: __gads Value: ID=8af5e25e334ce011:T=1697189054:RT=1697189054:S=ALNI_MYD1003cb098muBPXSoXzbn0vl-oQ
.wsend.co/	1970-01-21 00:48:05	Name: __gpi Value: UID=00000c976d4431e2:T=1697189054:RT=1697189054:S=ALNI_MZGSWQnejvGThRNLFIww4rXhYxRmA
.doubleclick.net/	1970-01-21 01:02:29	Name: IDE Value: AHWqTUksbVaSQuyfPpfK4iOqikT30cuqpBh7I4YmUyvVm_QiFFOfCWPHAWzMbYACnxM
.doubleclick.net/	1970-01-20 19:45:41	Name: APC Value: AfxxVi7pghpDHWgMjSyqCIEw4EQT4kaKfydOQbKyDKQ1mRx8dpPU5A
.googleadservices.com/	1970-01-20 17:36:05	Name: ar_debug Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bid.g.doubleclick.net
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
imasdk.googleapis.com
pagead2.googlesyndication.com
partner.googleadservices.com
r2---sn-4g5e6nzl.c.2mdn.net
tpc.googlesyndication.com
wsend.co
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.wsend.co
104.26.7.159
142.250.184.193
142.250.185.130
142.250.185.174
142.250.185.194
142.250.185.68
142.250.186.162
142.250.186.74
142.250.186.99
142.250.193.163
142.250.74.202
172.217.16.194
172.217.18.14
172.217.18.8
172.217.23.99
172.67.69.204
66.102.1.156
74.125.11.103
003fffcd4e614a4719da6f886bd221851da79915061393b248af55fe0ddf9476
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
222c67e039b354ee15528c7dfe036f660e85ab49d7186f3d9ecb6b13987bc69a
27872406bec95bca52ae573d7a06b9a708b51e8226edbb800213aa75562c52c2
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2b28038afcb7f73afa1bd92be7e632b0c82450290108464603343b2ad6bf1aa4
2bd04f73111427a6fa4240c968eff556e1e679f3ac0d53275534f9c333df6d7d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d6a3a7a6ac10860ea71dab46532d151feac34128e23dd28562ae852d583e82
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3b3348deddcbc299ca42e06fb098190f0a369f372411cc43a734225f415849a7
3b4fe49b35b94d8a5aa4e1e1c7b0269ffef7c8aedd87016bed231a0f3b9547ba
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
415a76a775e54b2d08a33fc2d6526dcfaf76cb031155b6f034291e129d87903d
420c7579c1de54e20027c1fc6abda9c53ac1c0872c6d147ed2759cce872c2bd4
4a7202d4f89e10a16a811d77ab022380cadf3d9cbbb68eeb56e91c9e82a266c4
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57f978b54943c3f226b9b5c6e9cfed898c9064e7a99677add7997c55e33a9539
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6c65b940f44dc0c0e6ccba7e4b5dfad9482a287a71d49983b8e7bc06bb513d09
7d9ef6b136fe4c544b469d6919ba70f7edb566f6fb5de1f8ae72e3981b25d0da
7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85
82ab08809aa41e060ae8d26d7b77d9433b7ddf6599ed460225f7037a8572afa4
8786ce5ba8f6491bf854f2e1f2995b84ab8eb46347019a6ec518815358e77798
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9b35bcb3e0e0210b9b6dbf2638876a53d13ff8fcb2129d4337a7617fcf6a7863
ad4e24785b1103a98d8ab4a09d0105d16f97dee215255c213dcace3544a7aee3
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b052fbf84baddbd84ae02cb6046f79d169d185a5cf17301cdf13a6ee584780aa
be319a50249c7b704a827e655022642b5a2559d1b6fa3889c57a2759c0593062
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e102462cd94a7e7573dd74233c5f56d3770f732649a2b1d3eff05775d082b013
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee7f478cfd6b91a0f45ebfa59951ed36da17951de207ab7f45b3b3a468d0c5bb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f711cdb3e5614a6b9c2c609f81f534bb84ae367b160147707f87815826b44b15
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

wsend.co Open in urlscan Pro 172.67.69.204 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

57 Requests

96 %HTTPS

0 %IPv6

11 Domains

19 Subdomains

17 IPs

2 Countries

884 kBTransfer

3378 kBSize

8 Cookies

7 Outgoing links

Page URL History

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wsend.co Open in urlscan Pro
172.67.69.204 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

96 %
HTTPS

0 %
IPv6

11
Domains

19
Subdomains

17
IPs

2
Countries

884 kB
Transfer

3378 kB
Size

8
Cookies

57 HTTP transactions
4 data transactions