go299.a7bbab.com Open in urlscan Pro
104.26.8.207 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3SusXE4
Effective URL:
https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%...
Submission: On March 07 via manual (March 7th 2023, 2:49:07 pm UTC) from MA — Scanned from DE

Summary HTTP 278 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 67 IPs in 11 countries across 49 domains to perform 278 HTTP transactions. The main IP is 104.26.8.207, located in United States and belongs to CLOUDFLARENET, US. The main domain is go299.a7bbab.com.
TLS certificate: Issued by GTS CA 1P5 on January 31st 2023. Valid for: 3 months.

This is the only time go299.a7bbab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
43	104.26.8.207 104.26.8.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:400d:806::2008	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:dc:... 2a02:26f0:dc::6853:431	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
5	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:402... 2a00:1450:4025:401::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:400d:807::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:400d:808::2002	15169 (GOOGLE) (GOOGLE)
2	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
5	44.207.237.92 44.207.237.92	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:400d:80c::2001	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
1	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.97.9 18.66.97.9	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:1600:a:e047:752:b361	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	2a00:1450:400... 2a00:1450:400d:802::2003	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
1	52.209.67.66 52.209.67.66	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1	35.174.127.249 35.174.127.249	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::c 2a02:2638::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:400d:80e::2006	15169 (GOOGLE) (GOOGLE)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
25	2a00:1450:400... 2a00:1450:400d:80e::2001	15169 (GOOGLE) (GOOGLE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 5	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
1 1	80.77.87.161 80.77.87.161	46636 (NATCOWEB) (NATCOWEB)
5	44.194.172.170 44.194.172.170	14618 (AMAZON-AES) (AMAZON-AES)
1 3	23.64.52.128 23.64.52.128	16625 (AKAMAI-AS) (AKAMAI-AS)
1	216.52.2.39 216.52.2.39	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	2.18.36.193 2.18.36.193	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:6ea0:f40... 2a02:6ea0:f400::4	60068 (CDN77 ^_^) (CDN77 ^_^)
3	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.204.12.244 52.204.12.244	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2.18.79.139 2.18.79.139	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
4	3.72.209.153 3.72.209.153	16509 (AMAZON-02) (AMAZON-02)
2	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
3 4	142.251.208.162 142.251.208.162	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.83.142.19 185.83.142.19	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2404:6800:400... 2404:6800:4009:829::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400d:80a::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:19::6	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:803::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.201.194 142.250.201.194	15169 (GOOGLE) (GOOGLE)
1	108.157.4.57 108.157.4.57	16509 (AMAZON-02) (AMAZON-02)
1	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
3 3	3.64.121.24 3.64.121.24	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	54.146.146.97 54.146.146.97	14618 (AMAZON-AES) (AMAZON-AES)
278	67

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 104.26.8.207 (United States)

ASN13335 (CLOUDFLARENET, US)

go299.a7bbab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:806::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:dc::6853:431 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

tg1.matched.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4025:401::9c (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:807::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:808::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

player.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 44.207.237.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-207-237-92.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80c::2001 (Ireland)

ASN15169 (GOOGLE, US)

1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
play.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-9.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:1600:a:e047:752:b361 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.67.66 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-67-66.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.127.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-127-249.compute-1.amazonaws.com

serv.matched.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::2006 (Ireland)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:400d:80e::2001 (Ireland)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:80a::2004 (Ireland) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.77.87.161 (Clifton, United States) 1 redirects

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 44.194.172.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-172-170.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.64.52.128 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-64-52-128.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.39 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.36.193 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-36-193.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:f400::4 (Zagreb, Croatia)

ASN60068 (CDN77 ^_^, GB)

vid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vpaid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.12.244 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-12-244.compute-1.amazonaws.com

ssp.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.79.139 (Vienna, Austria) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-18-79-139.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.72.209.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-209-153.eu-central-1.compute.amazonaws.com

d.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a-prebid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.208.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s43-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.83.142.19 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4009:829::2003 (Australia)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::200e (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

redirector.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:19::6 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r1---sn-4g5ednds.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:803::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.201.194 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-57.dus51.r.cloudfront.net

visitanalytics.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.20 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.64.121.24 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-121-24.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.146.146.97 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-146-97.compute-1.amazonaws.com

track1.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 140	526 KB
43	a7bbab.com go299.a7bbab.com	573 KB
35	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 77 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 static.doubleclick.net — Cisco Umbrella Rank: 262 cm.g.doubleclick.net — Cisco Umbrella Rank: 202 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319	402 KB
25	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	544 KB
16	aniview.com track1.aniview.com — Cisco Umbrella Rank: 1892 player.aniview.com — Cisco Umbrella Rank: 1963 play.aniview.com — Cisco Umbrella Rank: 16411 sync.aniview.com — Cisco Umbrella Rank: 2346	246 KB
15	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	212 KB
9	google.com 4 redirects region1.analytics.google.com — Cisco Umbrella Rank: 4370 adservice.google.com — Cisco Umbrella Rank: 73 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 271	175 KB
6	vidoomy.com vid.vidoomy.com — Cisco Umbrella Rank: 1885 d.vidoomy.com — Cisco Umbrella Rank: 10532 vpaid.vidoomy.com — Cisco Umbrella Rank: 2912 a-prebid.vidoomy.com — Cisco Umbrella Rank: 13603 a.vidoomy.com — Cisco Umbrella Rank: 2665	21 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	5 KB
5	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 265 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 834	674 B
5	rubiconproject.com 1 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 844 eus.rubiconproject.com — Cisco Umbrella Rank: 533 pixel.rubiconproject.com — Cisco Umbrella Rank: 313 token.rubiconproject.com — Cisco Umbrella Rank: 541	11 KB
5	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 378 mug.criteo.com — Cisco Umbrella Rank: 2719 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9974 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13386	8 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 531	3 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 277	1 KB
3	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 712	363 B
3	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 457 image6.pubmatic.com — Cisco Umbrella Rank: 725	6 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	146 KB
3	criteo.net static.criteo.net — Cisco Umbrella Rank: 625 pix.eu.criteo.net — Cisco Umbrella Rank: 7936	31 KB
3	avplayer.com player.avplayer.com — Cisco Umbrella Rank: 13818 track1.avplayer.com — Cisco Umbrella Rank: 15984	218 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	240 KB
2	gvt1.com 1 redirects redirector.gvt1.com — Cisco Umbrella Rank: 3849 r1---sn-4g5ednds.gvt1.com	2 MB
2	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 596	382 B
2	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 624	1 KB
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 3797	423 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 912 id5-sync.com — Cisco Umbrella Rank: 404	17 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1183 bcp.crwdcntrl.net — Cisco Umbrella Rank: 858	10 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	88 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2425	271 B
2	google.de www.google.de — Cisco Umbrella Rank: 6149 adservice.google.de — Cisco Umbrella Rank: 8947	939 B
2	matched.se tg1.matched.se serv.matched.se	11 KB
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 459	731 B
1	adform.net cm.adform.net — Cisco Umbrella Rank: 1244	106 B
1	userreport.com visitanalytics.userreport.com — Cisco Umbrella Rank: 15353	517 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 555	663 B
1	disqus.com 1 redirects ssp.disqus.com — Cisco Umbrella Rank: 1489	339 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 589
1	admanmedia.com 1 redirects cs.admanmedia.com — Cisco Umbrella Rank: 972	757 B
1	openx.net oajs.openx.net Failed u.openx.net — Cisco Umbrella Rank: 621	304 B
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2643	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 339	901 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2734	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 3461	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 855	601 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 105
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788	6 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 927	6 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 5165	394 B
278	49

	Domain	Requested by
43	go299.a7bbab.com	go299.a7bbab.com static.cloudflareinsights.com
37	tpc.googlesyndication.com	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com go299.a7bbab.com securepubads.g.doubleclick.net cdn.ampproject.org tpc.googlesyndication.com
25	cdn.ampproject.org	securepubads.g.doubleclick.net
20	pagead2.googlesyndication.com	go299.a7bbab.com pagead2.googlesyndication.com 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
18	securepubads.g.doubleclick.net	go299.a7bbab.com securepubads.g.doubleclick.net
8	www.gstatic.com	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com go299.a7bbab.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com go299.a7bbab.com 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
6	s0.2mdn.net	go299.a7bbab.com s0.2mdn.net 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
6	fonts.googleapis.com	go299.a7bbab.com securepubads.g.doubleclick.net 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
5	sync.aniview.com	player.aniview.com vid.vidoomy.com
5	www.google.com	4 redirects tpc.googlesyndication.com
5	player.aniview.com	player.avplayer.com player.aniview.com
5	track1.aniview.com	go299.a7bbab.com player.aniview.com
5	fonts.gstatic.com	fonts.googleapis.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	x.bidswitch.net	3 redirects
3	ups.analytics.yahoo.com	2 redirects player.aniview.com
3	onetag-sys.com	player.aniview.com
3	www.googletagservices.com	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com go299.a7bbab.com
3	region1.analytics.google.com	www.googletagmanager.com
3	www.googletagmanager.com	go299.a7bbab.com www.googletagmanager.com
2	a-prebid.vidoomy.com	go299.a7bbab.com
2	googleads4.g.doubleclick.net	go299.a7bbab.com
2	csi.gstatic.com	www.gstatic.com
2	pixel-sync.sitescout.com	go299.a7bbab.com
2	c2shb.pubgw.yahoo.com	player.aniview.com
2	ads.stickyadstv.com	1 redirects player.aniview.com
2	ads.pubmatic.com	player.aniview.com go299.a7bbab.com
2	eus.rubiconproject.com	player.aniview.com eus.rubiconproject.com
2	static.doubleclick.net	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
2	pix.eu.criteo.net	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
2	gum.criteo.com	1 redirects static.criteo.net
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	player.avplayer.com	tg1.matched.se go299.a7bbab.com
2	connect.facebook.net	go299.a7bbab.com connect.facebook.net
2	region1.google-analytics.com	www.googletagmanager.com
1	track1.avplayer.com	player.avplayer.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	a.vidoomy.com	go299.a7bbab.com
1	sync.mathtag.com	1 redirects
1	cm.adform.net	go299.a7bbab.com
1	visitanalytics.userreport.com	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
1	r1---sn-4g5ednds.gvt1.com	1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
1	redirector.gvt1.com	1 redirects
1	pixel.rubiconproject.com	go299.a7bbab.com
1	vpaid.vidoomy.com	vid.vidoomy.com
1	image6.pubmatic.com	ads.pubmatic.com
1	d.vidoomy.com	player.aniview.com
1	bh.contextweb.com	1 redirects
1	ssp.disqus.com	1 redirects
1	u.openx.net	player.aniview.com
1	vid.vidoomy.com	player.aniview.com
1	ap.lijit.com	player.aniview.com
1	secure-assets.rubiconproject.com	1 redirects
1	cs.admanmedia.com	1 redirects
1	rtb.nl3.eu.criteo.com	go299.a7bbab.com
1	cat.nl3.eu.criteo.com	go299.a7bbab.com
1	mug.criteo.com	go299.a7bbab.com
1	serv.matched.se	player.aniview.com
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	play.aniview.com	go299.a7bbab.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	connect.facebook.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.google.de	go299.a7bbab.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	maxcdn.bootstrapcdn.com	go299.a7bbab.com
1	static.cloudflareinsights.com	go299.a7bbab.com
1	tg1.matched.se	go299.a7bbab.com
1	bit.ly	1 redirects
0	oajs.openx.net Failed	oa.openxcdn.net
278	83

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
a7bbab.com

Subject Issuer	Validity	Valid
*.a7bbab.com GTS CA 1P5	`2023-01-31` - `2023-05-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
wl1.aniview.com R3	`2023-02-23` - `2023-05-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-15`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.avplayer.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2022-08-08` - `2023-09-08`	a year	crt.sh
*.aniview.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-04`	10 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-02-28` - `2023-05-29`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-01-29` - `2023-04-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-01-21` - `2023-04-21`	3 months	crt.sh
*.adservrs.com Amazon RSA 2048 M02	`2023-02-28` - `2024-03-28`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-17`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-04-05`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-01` - `2023-10-02`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-14` - `2023-06-16`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-12-27` - `2023-06-21`	6 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.userreport.com Amazon RSA 2048 M02	`2023-02-22` - `2024-01-18`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh

This page contains 35 frames:

Primary Page: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Frame ID: 8EB3904C10C64C225CAE0045C669C8BA
Requests: 104 HTTP requests in this frame

Frame: https://go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1678190400
Frame ID: 01F8775823B00CEB278127C62D4E3883
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230302/r20190131/zrt_lookup.html
Frame ID: 4A4C993D6CED0845D9B8C0F6572F060F
Requests: 1 HTTP requests in this frame

Frame: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 11631FB08BB85BCED7A7B3EB16DA4336
Requests: 1 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Frame ID: 7941B72C03DE08A73DBBDD470C134158
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5603248120981298&output=html&adk=1812271804&adf=3025194257&lmt=1678200540&plat=1%3A16777280%2C2%3A64%2C3%3A16%2C4%3A16%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1678200539485&bpp=3&bdt=410&idt=565&shv=r20230302&mjsv=m202302230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=840980836810&frm=20&pv=2&ga_vid=141607416.1678200539&ga_sid=1678200540&ga_hid=1310666776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777877%2C42531706%2C31072714%2C31071267&oid=2&pvsid=111652718764338&tmod=230895366&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=597
Frame ID: F5ACE3FCFE455F51D36D4AFE706347CE
Requests: 1 HTTP requests in this frame

Frame: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 011CB89B67A95A483970D6711B6E469B
Requests: 29 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=go299.a7bbab.com
Frame ID: 64B3B325B130C88C706105F0E213501D
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: 843643F68BD939612836F6A799AC4057
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: F891559BEFC80E6D14C342DE59F6F326
Requests: 11 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=57&pid=59c9148628a0612da3689288&key=32086b01-8a91-4496-8d0b-3322ad676dd5
Frame ID: 07DDD5FBC63BC6833DAF0A514C4F84DA
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Frame ID: 0C67BDCC33FF4EC1EAB8B48445097CA7
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D18%26key%3D%24UID
Frame ID: 7C7A91A0F932E0F26DB0E26C1B624D5D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D1%26key%3D
Frame ID: E0DE79C82260328AE2D329AEA4C6BEDF
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=133&pid=59c9148628a0612da3689288&key=a6f37f0123013099a595be2217fc435a
Frame ID: F5A68890D88F78826FA4E72F8B6D6DDC
Requests: 6 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=57e618150c70d90&gdpr=1&gdpr_consent=&us_privacy=1---
Frame ID: 0AD17BA048C68442B1EDB946CA244F35
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D23%26key%3D
Frame ID: 836DE5574E20F0AADE347B945F448878
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=52&key=ua-a0e4b215-2527-3282-bf2c-553d8036c55e
Frame ID: 654FB69582F2A05D10B3807C324AEFFC
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?biddername=9&key=f9963c1478bdfd48c4e7912768c06b&_fw_gdpr=1&_fw_gdpr_consent=
Frame ID: DDF4B6E4F1659DDFB28BBA362CD853C9
Requests: 1 HTTP requests in this frame

Frame: https://ads.stickyadstv.com/auto-user-sync?px=1953&_fw_gdpr=1&_fw_gdpr_consent=
Frame ID: E7AFCC0CFAC5C7140D850B0963A02D80
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=
Frame ID: 4A755A754CCA7A3E860BF601DE53E6DF
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=10&pid=59c9148628a0612da3689288&key=eoLD2hUVb4k7&ev=1&us_privacy=1---&pid=562704
Frame ID: C54CA07E76E66FEEAF5559FAB6A6A8EF
Requests: 1 HTTP requests in this frame

Frame: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E1CD0C5597C7538561072ABA19830CBC
Requests: 19 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: EC399379CD186DE402FC5624F2A3ED68
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: 59F2C048BB103223F720E9EBD1F34C44
Requests: 9 HTTP requests in this frame

Frame: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B596CC7616655CCD8BD78A9003517FC5
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: 920995C4098DB598BB2EE12D42E633A8
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ_eHmjwIYudOa4QEwAQ&v=APEucNUytf3u1QHKyx18X2xtR1yotgA5ts2XsLS9_5D-EdPi38rzLXV8eVmyf_chZb95Zq0uqZC4XVDpsIXgv472ho-G6ViGNMgUG_aPB1eDfQzfPLhIjKNiMCV8yAshv3fmx8PF2WxgH4C30EpYcc6TZk7fCFxA-7pK0AU3znsHiQ_X6UVBKVo
Frame ID: 3BF7A343035B05AA5AFBAFC50604859C
Requests: 5 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/89d7ca8249da9b1fce758df22cf4efd3.js?tag=client_fast_engine_2019
Frame ID: E4C2B43D194E33CBAAA12FA42A02E209
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6A2E40CFFC6F27996AB89D077790235F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html
Frame ID: DB319011EC618FEEE31AB60615290745
Requests: 8 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1678200541227
Frame ID: F80C5015A05BDCA525776374DA52CA90
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js
Frame ID: 2277F2398FFAB8BC0E98EE177F52FCF8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B03A26FE28BC77906ABEE606CB2EF02A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 83E7BFF7219435FC93C312C1C2D02801
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

هل تعتقد انك الشخص المؤهل للحصول على سيارة مرسيدس 2023

Page URL History Show full URLs

https://bit.ly/3SusXE4 HTTP 301
https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

278
Requests

95 %
HTTPS

47 %
IPv6

49
Domains

83
Subdomains

67
IPs

11
Countries

5194 kB
Transfer

11964 kB
Size

44
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/A7bab-388531175136643/

Search URL Search Domain Scan URL

URL: https://twitter.com//

Search URL Search Domain Scan URL

URL: https://a7bbab.com/
Title: READ MORE

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://go299.a7bbab.com/19664/2021/%d9%87%d9%84-%d8%aa%d8%b9%d8%aa%d9%82%d8%af-%d8%a7%d9%86%d9%83-%d8%a7%d9%84%d8%b4%d8%ae%d8%b5-%d8%a7%d9%84%d9%85%d8%a4%d9%87%d9%84-%d9%84%d9%84%d8%ad%d8%b5%d9%88%d9%84-%d8%b9%d9%84%d9%89-%d8%b3%d9%8a/&text=%D8%A3%D9%86%D8%A7+%%personality%%,+%D9%88+%D8%A3%D9%86%D8%AA+%D8%9F&hashtags=%D8%A7%D8%AE%D8%AA%D8%A8%D8%A7%D8%B1%D8%A7%D8%AA_%D8%A7%D9%83%D8%B3%D8%AA%D8%B1%D8%A7&via=xtraaacom
Title: Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3SusXE4 HTTP 301
https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://gum.criteo.com/sid/json?origin=publishertagids&domain=a7bbab.com&sn=ChromeSyncframe&so=0&topUrl=go299.a7bbab.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=CTMCTHxhQ0dWZXdvR0ZESG5zSGZ3OEZmTjZZTzI2eG15NFU1amJEeXozdEZicVRNSStlRThjYzcrRkk1RVdlTGljbFloakROMFhZNkVsSkdkVTZDRXQvS1dHOEo3d08xSEpEUTJIaDR0YjdKSXVvQ0RwYy9PTlpDc2NmZCt4cUxYR3FKbFJwVG5qVlI3WEtzSEYvQW9NVTdyNlcydXFOcndRTTI1dlFYODNYakZZam44eC96b2FtLzFHT0paSG8wWmR0R2NxQzdJcmh0bnBZNjBUWGtTbmo4dXhINmk3RDA3YVNJdHRjbVNMUWV0elNrdk85UllXWEd0YWtycWg0bE9YbGprTHlNblFMSjhqeVhkUy9mSXdUZFBQUT09fA&cppv=2

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 147

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 148

https://cs.admanmedia.com/fa9f4b3548d146d8b0584acce84c4fec.gif?gdpr=1&gdpr_consent=&us_privacy=1---&coppa=0&puid=1678200540661-973629974187-001175-002-002090&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D57%26pid%3D59c9148628a0612da3689288%26key%3D%7B%24UID%7D HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=57&pid=59c9148628a0612da3689288&key=32086b01-8a91-4496-8d0b-3322ad676dd5

Request Chain 149

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=aniview&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east

Request Chain 155

https://ssp.disqus.com/redirectuser/?partner=aniview&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D52%26key%3DBUYERUID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=52&key=ua-a0e4b215-2527-3282-bf2c-553d8036c55e

Request Chain 156

https://ads.stickyadstv.com/user-matching?id=3655&_fw_gdpr=1&_fw_gdpr_consent= HTTP 302
https://sync.aniview.com/cookiesyncendpoint?biddername=9&key=f9963c1478bdfd48c4e7912768c06b&_fw_gdpr=1&_fw_gdpr_consent=

Request Chain 159

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D10%26pid%3D59c9148628a0612da3689288%26key%3D%25%25VGUID%25%25 HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=10&pid=59c9148628a0612da3689288&key=eoLD2hUVb4k7&ev=1&us_privacy=1---&pid=562704

Request Chain 230

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1

Request Chain 231

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZAdO3Yf5ghIWeX83GqodgAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1

Request Chain 232

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMwqjIUsyQiHw99oky_iCmQ&google_cver=1

Request Chain 233

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk2MTEzOTkxMDA2NzcyODczNA%3D%3D

Request Chain 239

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 240

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 244

https://redirector.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=ip,ipbits,expire,id,itag,source,requiressl&signature=37D5A78C8788A81ADB1D0DC8B18EB69B62EF546C.7E5E066CD09D9AF985D3A0C72DEE724F7B904544&key=ck2 HTTP 302
https://r1---sn-4g5ednds.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=69DC23C107840E82CFECCC60C5A70650976D538D.54C9F56A5DBC863C3C4105780DDD49F058601D15&key=cms1&cms_redirect=yes&mh=ZZ&mip=2001:ac8:20:3d00:1011:73e2:818:a363&mm=28&mn=sn-4g5ednds&ms=nvh&mt=1678200276&mv=m&mvi=1&pl=50

Request Chain 261

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=2961139910067728734

Request Chain 264

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=&verify=true HTTP 302
https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-NN0oiS1E2uEDFg88SV.McLhNJXUotobRPc1Z58c-~A&gdpr=0

Request Chain 265

https://x.bidswitch.net/sync?ssp=vidoomy HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dvidoomy%26bsw_param%3D79c8c186-d215-4d28-b661-632c6d93f09a&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=4fe46407-4ede-4c00-9932-fb4e58a73856&expires=30&ssp=vidoomy&bsw_param=79c8c186-d215-4d28-b661-632c6d93f09a&gdpr=&gdpr_consent= HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=79c8c186-d215-4d28-b661-632c6d93f09a

278 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%...
Redirect Chain

https://bit.ly/3SusXE4
https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88...

111 KB
19 KB

274ms
225ms

Document
text/html

104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bb64392869cb9c713121c7d967b80b867dfb8348d174be1c8f3971cb3b09ded

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-apo-via: origin,host
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7a43a477ca703681-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 07 Mar 2023 14:48:59 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://go299.a7bbab.com/wp-json/>; rel="https://api.w.org/", <https://go299.a7bbab.com/wp-json/wp/v2/posts/19664>; rel="alternate"; type="application/json", <https://go299.a7bbab.com/?p=19664>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fuPZH4BNIHyCTwfazwe97WiaJn15ux5ugiGiLJC6rw9ywmmi%2BHRUnmRFGCTc4b%2By0jHRcCqoWDiBNkaEYmWJeHscS4z7sxUo0%2BOCrzUrpIw3uhGWIF95Zn%2B0lCRRyWlnN%2FI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-pingback: https://go299.a7bbab.com/xmlrpc.php
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=90
content-length: 195
content-type: text/html; charset=utf-8
date: Tue, 07 Mar 2023 14:48:58 GMT
location: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
server: nginx
via: 1.1 google

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
78 KB 117ms
51ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1e19d8b74cd033ff6e31010fb040661a92f9724a694a16b0c8d66b00884d168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79509
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H2 200 style-rtl.min.css
go299.a7bbab.com/wp-includes/css/dist/block-library/ 93 KB
13 KB 43ms
16ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.1.1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05d33bce3fc1753bcb9f94f51a7536cb621411492720236a663a7d28e2731359

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Mon, 21 Nov 2022 06:39:00 GMT
server: cloudflare
etag: W/"637b1d04-17226"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TWjAoPOnOkaB4wYk5QVgvr0hC%2FaED3aTuhkQhp9MSZ9npLcBIhfklxwZK7t23DENBlPQAobevzZsjsvnkYfv%2FWHG8EBtfEskgXuFNvrxgQguvxqIQ2V8%2F65DlV%2BMVKneDc4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4796d1a3681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 classic-themes.min.css
go299.a7bbab.com/wp-includes/css/ 217 B
463 B 44ms
19ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 08 Nov 2022 14:24:27 GMT
server: cloudflare
etag: W/"636a669b-d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKicK8Xl8TJ9WJgtgKa2OiDLPvPmGJbGX59hzjQLPkQKIFpfrffTulKEba1nLLAq6CXfvVHd8THXuhkmEUBr7s2deJ0p%2BpV%2BhmLX4ZHN18H4GV557bO2u3qF2WituNFi0jo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d243681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 be.css
go299.a7bbab.com/wp-content/themes/betheme/css/ 365 KB
62 KB 52ms
27ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/css/be.css?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: baeaf196a0998e9a4240f1b3d2f3194c333c6ea59bfdbff3e0345b20c7475cc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=406167
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-63297"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XO48BNIPmg5sCkT2M9EB7mH3agZmrfzK3vJSV0%2BxvcCLFKFMaZi4O8p443ZTD6h88s9YbCShWKVwm%2BWJ74jW4R0wRa%2BCYNyBpoOkU3wFO2%2BsxzzYfwn1u5CzIJ4476YBOw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d253681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 animations.min.css
go299.a7bbab.com/wp-content/themes/betheme/assets/animations/ 58 KB
6 KB 47ms
22ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/assets/animations/animations.min.css?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 622a07604bb0030ba7094f0f1dcb5d1e9080164fd6ba4071a73452802378b55b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-e83d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvPuaaEFfODfxj8zuIsPjwzdz5XWNeXhG36FPjocToI7tiKRWwGdObL5805Ax5Z%2F3o3hmB%2F2AeqcQ%2FaTkNVRCHQz3rG4ax8P%2FVX7khzhuxe0fRIW3NcIkPkgusABfO81O0A%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d263681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 fontawesome.css
go299.a7bbab.com/wp-content/themes/betheme/fonts/fontawesome/ 58 KB
13 KB 45ms
21ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 916ec9d93e85ad5125306e2c1e6b229b87215ba762657e8956d6e7490c83c626

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=60701
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-ed1d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kdyuD2xq3U13BKMfH7v74zjqJZNJqhoMRgmCFVwM5%2BIPEV0S9d9wNUBahw3GqCFFCdO08dsIIQ37drJFaj0Vl9lOe2UubXKFadXEKae%2BzToEX2na05s%2FohmJ%2B3%2B1MmobWkE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d273681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 responsive.css
go299.a7bbab.com/wp-content/themes/betheme/css/ 54 KB
10 KB 46ms
23ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/css/responsive.css?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 395f81b6cb7cc8c12c8af2f3208122cda676fee76e47639b63c11337c7053e42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=64924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-fd9c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fIcttCt%2F%2B8WK7dTmeVl%2Bhde5lnUyqLBtBPmQKctgXdZh0ubf0pThidbfilm%2FasodXyG14iMOVvOFMitKR0jkCBg6Mh1Xw8%2FTXS3pnSjg3b7v8SqVqWQDClOalJw0oQzM6EY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d283681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 mfn-local-fonts.css
go299.a7bbab.com/wp-content/uploads/betheme/fonts/ 4 KB
658 B 51ms
28ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/mfn-local-fonts.css?ver=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68d69a1a9f5825280540240a9238ff9fe2ae5ffb52fce171ca9e1d48056bc258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=4277
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 22:41:28 GMT
server: cloudflare
etag: W/"62e85698-10b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cohKAZAjT3BptfZjcYY0uyoFGTT4TJP5Fvq6LH3PLQF7usKigeknO3UeamkS0Fwm5aGaMy5dfld%2BEaCC7ApQBNOYcHGkmBczhxsUAJtQn2fwRVu6RYXJE6IGUC9OEZz7j6o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d2a3681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 static.css
go299.a7bbab.com/wp-content/uploads/betheme/css/ 43 KB
7 KB 56ms
34ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/uploads/betheme/css/static.css?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b53cd940a678b501c50ec40a9affc7b72f7448c45d5af5ede7dd1b91c66e76dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=45086
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Thu, 09 Feb 2023 23:39:45 GMT
server: cloudflare
etag: W/"63e58441-b01e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqiX5TPhrRuB6ZuDJEtnGPemxJAx0BVImMnhXwZJ0wstjZsCJsN73IpCi2UZto4csBUmlz%2FwPLnr1JSmVisQQhCReYDTHEb95tVa6Ve7vz%2FXvFI6ce%2BSjKxQl3vpz%2Bg973Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d2c3681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 jquery.min.js Show response
go299.a7bbab.com/wp-includes/js/jquery/ 88 KB
32 KB 53ms
32ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 08 Nov 2022 14:24:27 GMT
server: cloudflare
etag: W/"636a669b-15e54"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=or0%2BYCyHtcuriysbjPppHRi%2BrJDvXTlnyME0bfzymdZPQeGiP8fE0GOexFqP5icK6MGhK7Wup7Nfv0mLilsxknLrl5il4%2B%2Bjs6AdS4A1BNGoLt3YL8bxI72ibpenl1yGLsY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d373681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 jquery-migrate.min.js Show response
go299.a7bbab.com/wp-includes/js/jquery/ 11 KB
5 KB 52ms
32ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Sat, 12 Dec 2020 00:55:31 GMT
server: cloudflare
etag: W/"5fd41503-2bd8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsyMJaI0EpplBsWNz8gM1GvhWjvpOXw%2BkBexsUunqECTi4HwfaLYLpEcJsh6JEjCrXgKjzutr9XZ5CFRyZM%2BWWGq5I1KdS%2BxAgrVjqk5vcmqR309fdqBLnoBiS2Pu0vJ12I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d383681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 rtl.css
go299.a7bbab.com/wp-content/themes/betheme/ 35 KB
7 KB 39ms
20ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/rtl.css
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed797e100b98d5f7afc10934541e7b03fb7fbe19dff348f76fb02503c8d9fba5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=38878
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-97de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wX9hCjMmKtLvrmastqc9ijdI7tblK5T6frzyTD2XHqbQJC7c9nIv1wUg8tyKHm22GwwHgSttVtZc%2FmpynD7TI%2BFMOeZt6E3ORA%2Bxxb8kNeXuq%2FENr6yRgOuU0rPZutXtafE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d313681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 236 KB
81 KB 59ms
59ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QC45NQYXDT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f92e80e95809b79330bfca5a0717f7349649a526aa1d73fb4a42e7652ea2c04b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82760
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 142ms
80ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7eb69757fa8622fdf01b122f1535611193a864c5149cfe9c372bbdd8457058f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27150
x-xss-protection: 0
server: sffe
etag: "1503 / 383 of 1000 / last-modified: 1678191129"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 139ms
64ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5603248120981298

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8483f4a941525c2a6818f5a2dedb686aa232cb0745e57502ac7115ab5ac4142a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48263
x-xss-protection: 0
server: cafe
etag: 1524060250330531380
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H/1.1 200
OK spt Show response
tg1.matched.se/api/adserver/ 23 KB
7 KB 247ms
20ms Script
text/javascript 2a02:26f0:dc::6853:431
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tg1.matched.se/api/adserver/spt?AV_TAGID=63f8907a8aae96ca860d32b6&AV_PUBLISHERID=63e26ea450153dfa9007b615
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:dc::6853:431 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6562843a728274cff8ed2a6d02961c37754c319e2349101b494b635e16337322

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Bamboo-C-SkSt: 1
Content-Encoding: gzip
X-Bamboo-C-SkFe: 1
X-Bamboo-C-S: BYPASS
Date: Tue, 07 Mar 2023 14:48:59 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
Content-Type: text/javascript
Vary: Accept-Encoding
Cache-Control: max-age=300
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With
Content-Length: 6190
Expires: Tue, 07 Mar 2023 14:53:59 GMT

GET
H2 200 front-style.css
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/ 11 KB
3 KB 38ms
19ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6bc7b295106eb1236e9ec8ea5d07b612aa63bc4b955cc78804405c4de09fb8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=15205
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Tue, 01 Aug 2017 08:49:03 GMT
server: cloudflare
etag: W/"5980407f-3b65"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QxVlnZm8s89%2F0nHCb1%2FoOzb5QihnzWtUfFkQnQA%2BR9yXCjePFJumltUSQCtVdEHgsvwRCI5%2FOTZ0t%2F0brkaDQi0JTaVQ6rRm3JoMIeFD4IpV1RTXWSPPAkdtx%2BX6aohHmXQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d333681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 buzzfeed.css
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/ 3 KB
1 KB 46ms
29ms Stylesheet
text/css 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c98ecf738082d7577ad4379813dbcbf0dbafe86aae325190da99df2ca551b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254462
cf-polished: origSize=4325
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Thu, 18 Feb 2016 17:11:59 GMT
server: cloudflare
etag: W/"56c5fb5f-10e5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZICGIhHDOBFvTVGr1xygj3uTmAltCzPJJ9yBSoSKi4x0TBa0djdkhPyWpG7%2FJienNHxxiB5%2BYwAo2ATUyfwj7CTsZY1N%2FAG79Alhh54P2zay61BtC9aSrZmFiWvTOby4s44%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d363681-FRA
expires: Mon, 03 Apr 2023 16:07:57 GMT

GET
H2 200 core.min.js Show response
go299.a7bbab.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 41ms
24ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 08 Nov 2022 14:24:27 GMT
server: cloudflare
etag: W/"636a669b-53c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7t4SlVuOTL80h1I%2Bh%2B%2FJOk3Rm2eSpapbPR5D%2Btn5mob%2Fw8qsbH5%2FNJ00rx6QW2WS4E%2Bt%2BTfm8rWAreNooUC%2B8FVt3ZdUlc9%2Fq%2FblLaY3evHTZLqgRZxzciuLg4HPI0xae04%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d393681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 tabs.min.js Show response
go299.a7bbab.com/wp-includes/js/jquery/ui/ 12 KB
4 KB 41ms
25ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a0d53f68e013dac42a52a5264c5d28a12a06b6bc7cc1d63bc2d385558bd2dd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 08 Nov 2022 14:24:27 GMT
server: cloudflare
etag: W/"636a669b-2ea1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=INP%2BMXxGdaXC1T4eqognACkR2VNIgOL54q3ZaS%2FTjvnc%2B1%2Bje08s3Wk5Vm0EvgMABYDvbcThArvGGG8aMbWHRhoKqDLsZCaZd%2FuREAQXrojYH9RCreEgz2FP%2B7gJkoD1f24%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d3a3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 plugins.js Show response
go299.a7bbab.com/wp-content/themes/betheme/js/ 195 KB
56 KB 45ms
30ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/js/plugins.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 201eb83e4a865a0382ac4bc772fc2d639d38b7caccde1c7faeddd13016c9032a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=201504
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-31320"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSbR0xc82%2BEzwQ7xUcUH7IB7eUw24Vk07CCZJeS%2Bk1deot0Lgq%2B0zQlj5MMLCAxrUl8GVyrPmNtQPIwPSTSvB%2F9WHzF%2BzRvQNQsSaPZ0Y%2BX0KRkmc3Vp9eUEcXD4e6kjHNI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d3b3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 menu.js Show response
go299.a7bbab.com/wp-content/themes/betheme/js/ 2 KB
1 KB 53ms
38ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/js/menu.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ac4e422494724d1feae6fe3201e2938d17ab3c57e8e89a12de05184cf922dd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=2824
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-b08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5igkiXWlruCrc9jeI6nsVkJ8rYKMheMIHW2YMj3KGJXZubWr48lm2ujR76yG1apbrEd5a8rWfuz5p73M7DOQDO6E%2BscZFJeTqkNt5b2k0vvc9Y%2F2WDexPhSvbptA%2FT3gxks%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d3c3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 animations.min.js Show response
go299.a7bbab.com/wp-content/themes/betheme/assets/animations/ 2 KB
1 KB 36ms
23ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/assets/animations/animations.min.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1bbd7ecc1eb2490fa89949a1af779e82a0817587e19a8396936ed86e430550b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-727"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxBnnmMugTfxLlWPcgM5BhZ%2BTb0G6bBQ8BOSbr2Eu2%2B8mna%2BzW3ZkSm4p3WRTCkKhbVd3idRHX4q9%2FNogjpdBFTkHxkvMPJa4I6Dj8VmB%2BChIknxe4btyXJKTA0JLNhkFIw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d3e3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 translate3d.js Show response
go299.a7bbab.com/wp-content/themes/betheme/js/parallax/ 2 KB
1 KB 38ms
26ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/js/parallax/translate3d.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae9c69b423b6a43cc1cfb819f47e3d6adf3596cd05fc6a1e92ee5fb1dfd0c6f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=3963
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-f7b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlOyhBVeYRtzPmhaRQnzYSxDY8BGMHBgTztX4Feu%2FRV6rwyWeJqcSElez3VnZ7FQvMthIQzCWgFzh0O7YMVgqXc3QQl9aQdwtQuOSgRN033NZT4ybfMwkZFLV6%2FbYuy%2BpKM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d3f3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 underscore.min.js Show response
go299.a7bbab.com/wp-includes/js/ 18 KB
8 KB 41ms
29ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/underscore.min.js?ver=1.13.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 08 Nov 2022 14:24:27 GMT
server: cloudflare
etag: W/"636a669b-4991"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=it8hM9%2BkX%2FNynmG%2FaxrLme0J%2BJyARIO0WmsL4RdxSjJeGNL%2FN%2FWbODWtUahJ4icWuif%2F2tKj1VV423IrwSsCMivHYp6GVWTRbvZN4s63IzSdC1XmQTx4Q5FoyYq%2BGSh4s%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d423681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 live-search.js Show response
go299.a7bbab.com/wp-content/themes/betheme/js/ 11 KB
3 KB 63ms
51ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/js/live-search.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9cd1fd6cf481889c0e3fb9ad468cc19081e3449d04800b24b7c96df4f60e7dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=15542
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-3cb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcGyFO3Cf16G9be8259Xw8Pc9bGqimHwKNv1d%2FRQj%2Bho1W4w4fIBDVUmnzv4ly481iNtwUGqSB5tGUFrq2yl52r%2BshGDaZPTC%2BkVZlXFdMQh6BE5fzEeb5o1%2FgzAHR%2ByGh0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d433681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 scripts.js Show response
go299.a7bbab.com/wp-content/themes/betheme/js/ 68 KB
16 KB 42ms
31ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/themes/betheme/js/scripts.js?ver=26.4.0.4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e887efbae0fa9ce41e453d374d1e46106177f09ebf7de1dea1a9cfd68ea6ebe8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=105249
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: W/"62e71de2-19b21"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQdtdxiJsby%2Ffxd7eJfeDrjNz3atlbVGmzce8cs3TGV7E5y%2FgNnPRQ4lH86QhUF1wN2wQYacvTpHpZ334zyaeppw82%2BVva5LZhwGSSYFwFJwPhb0DXRYqkkonYqP4pT0H9Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d443681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 comment-reply.min.js Show response
go299.a7bbab.com/wp-includes/js/ 3 KB
2 KB 45ms
35ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Wed, 06 Jul 2022 00:13:38 GMT
server: cloudflare
etag: W/"62c4d3b2-ba5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BamFbMjnMjWbM25FkLXGwusQetoseOOzX4nUsOJy3SWaErnoMc2TFwYaMEmJRYj64JImDjExFfn3o3Ah0E%2F4fhHR9wtHYqHpY5zHMgyl8l1UQJvc6hv6xJAcB5r8u8TR5tk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d453681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 smush-lazy-load.min.js Show response
go299.a7bbab.com/wp-content/plugins/wp-smush-pro/app/assets/js/ 8 KB
4 KB 36ms
26ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=3.12.5
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Tue, 24 Jan 2023 15:49:31 GMT
server: cloudflare
etag: W/"63cffe0b-1ef2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClRY2OcmRkwpMAooEplQUzGh1qYlltqqlUoLyE439M0JnuqQ43xDhz%2B4X%2FLOUGecrhbwTSn3f9bLxOSkLsxgAXyvkO4JEplSAKDoGbkWbhIcnUCKLyVCVQ1giPxWcFvEWGc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d463681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 main.js Show response
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz-analytics/js/ 2 KB
882 B 44ms
35ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz-analytics/js/main.js?ver=1.0.0
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa4cd9dac16ad94b862d962019bac6573a822079f1b7d27f575ef46d74e24fd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=3230
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Sun, 01 May 2016 18:00:12 GMT
server: cloudflare
etag: W/"5726442c-c9e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hu9thvmQczj5MCDhn2scIj30Z3nd8q6kJ1cShCdvXjtoSxgelmCf4IcwQ6Nn2eMTl0TGdzNXLIEvVe4tRYw6qC4Spt7S0%2BbO0VcP%2FmDVVx0PMf%2FjShd%2FGaViGwIrgeF1XKo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d483681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 wpvq-front.js Show response
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/js/ 23 KB
7 KB 40ms
32ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/js/wpvq-front.js?ver=1.0
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d1d3bee4d06141f915a7781b51d7dea9b69091b10cc5a988cfb6f3168fcb5ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=40800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Tue, 08 Aug 2017 09:08:33 GMT
server: cloudflare
etag: W/"59897f91-9f60"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zApqFRNiTbdOy6dIAAWErVld8MnQpaQJd%2BnZcOJ2cujdHJYC5zic7Qh64fi2tH5jUtldqNATgZ%2B4oqyNO1JQFzzCTjJNJD8TshEHJup58GUrXRCKMvl3xx6ieG6owwscBC8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d4a3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 wpvq-facebook-api.js Show response
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/js/ 2 KB
1 KB 35ms
27ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/js/wpvq-facebook-api.js?ver=1.0
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07219384ca652e6d557049ba50ead0dbcd840a698eca2a9325df17dcf4f5d1b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254219
cf-polished: origSize=3530
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
cf-bgj: minify
last-modified: Mon, 14 Aug 2017 14:05:45 GMT
server: cloudflare
etag: W/"5991ae39-dca"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=miAjfWbPt3%2FSh0h%2F9MehsQ2wklfvjmVX3IZIRF524LYpi64Wc74%2BHCigfZ2MVpnI0pIlaA4azRN9SsmQC68teHbo56lFoJAidy95bEbT2Cee4N9PN5gGKHEpsVuET4cYN2g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a4797d4b3681-FRA
expires: Mon, 03 Apr 2023 16:12:00 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 87ms
57ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://go299.a7bbab.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7a43a47a19963a5c-FRA

GET
H3 200 wp-emoji-release.min.js Show response
go299.a7bbab.com/wp-includes/js/ 18 KB
5 KB 18ms
17ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254218
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
last-modified: Wed, 06 Jul 2022 00:13:38 GMT
server: cloudflare
etag: W/"62c4d3b2-48b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Tl14qWT4RnkXKFXSh1JM%2FIFzwflJ6R8RKOsfjkUreAiFvtzRojZrMsbAQjuIx1t0lBpNG%2BBOJJErYPGYnHbUJ8omCTJ9yWOSMFVHTnOUCsuqBApbqDh7ic3pyzXgnKziqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray: 7a43a479ec9e3637-FRA
expires: Mon, 03 Apr 2023 16:12:01 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 Reem+Kufi-400.ttf
go299.a7bbab.com/wp-content/uploads/betheme/fonts/Reem+Kufi/ 23 KB
23 KB 26ms
26ms Font
application/octet-stream 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/Reem+Kufi/Reem+Kufi-400.ttf

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/mfn-local-fonts.css?ver=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8c14c071821a31067f72a22ee8e5cd8a03d04e365b5503a2dcb22649240957d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/mfn-local-fonts.css?ver=1
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2988
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23360
x-xss-protection: 1; mode=block
last-modified: Mon, 01 Aug 2022 22:41:25 GMT
server: cloudflare
etag: "62e85695-5b40"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWXg1TUm54gCr%2FMC3b%2FGPyJBhovhwt4lmPpSuK%2Fcsj00NSa3nC4Dj8M%2FW3pxrB6%2B1JksJ74yY1yAgORMIadows2qfEBXVObCqjEiR2jhb7Ed4PvmhDP%2BBghkQeLKWBI59Lk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
vary: Accept-Encoding
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 7a43a479ecb23637-FRA

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 31ms
14ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617, 617
age: 6418945
cdn-cachedat: 2021-04-13 02:55:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a4c754a17577d74a872d3c9c794d1a4f
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 7a43a47a0e062bac-FRA
cdn-requestpullsuccess: True

GET
H3 200 icons.woff
go299.a7bbab.com/wp-content/themes/betheme/fonts/mfn/ 80 KB
80 KB 22ms
21ms Font
font/woff 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go299.a7bbab.com/wp-content/themes/betheme/fonts/mfn/icons.woff?31690507

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/themes/betheme/css/be.css?ver=26.4.0.4

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

559a910060423ed485ddc062a9ab5318859bbfde26be3f73d9b83ac0b9dae677

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go299.a7bbab.com/wp-content/themes/betheme/css/be.css?ver=26.4.0.4
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2989
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 81448
x-xss-protection: 1; mode=block
last-modified: Mon, 01 Aug 2022 00:27:14 GMT
server: cloudflare
etag: "62e71de2-13e28"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGnp%2FRrasxK%2Fzu9txL%2BHQnVy3nvbmjIa4DJv2WSjOqWT9w9Y7DXDhaDR2MAmS2g8AHgZD200cZLlXCeyYQvPMwp6hPDz%2FftGLlRUG9HRlpu3MjWR%2BolXYKxtH7flej0Bf6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
vary: Accept-Encoding
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 7a43a479fcd13637-FRA

GET
H2 200 css
fonts.googleapis.com/ 3 KB
958 B 104ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2604b45b39193f2405a1a4b4f93b2d769fb6a67c8f1d0b097343e540c7911ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 13:27:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H3 200 Reem+Kufi-1.ttf
go299.a7bbab.com/wp-content/uploads/betheme/fonts/Reem+Kufi/ 23 KB
23 KB 15ms
15ms Font
application/octet-stream 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/Reem+Kufi/Reem+Kufi-1.ttf

Requested by

Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/mfn-local-fonts.css?ver=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8c14c071821a31067f72a22ee8e5cd8a03d04e365b5503a2dcb22649240957d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go299.a7bbab.com/wp-content/uploads/betheme/fonts/mfn-local-fonts.css?ver=1
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2987
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23360
x-xss-protection: 1; mode=block
last-modified: Mon, 01 Aug 2022 22:41:25 GMT
server: cloudflare
etag: "62e85695-5b40"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AroSKGr%2FA6lZfqnLrnEUrNqsoUiMn9fLvRGq87ZY6DQ2tShqfK1tj5L2riwYDFPuIQch9rIGRpIoU2J0XuZEVMej8Cp1FQ6t8Hrs2SkByPRGSk5x%2F9iOmiVEmPX6CMHJzVE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
vary: Accept-Encoding
cache-control: max-age=28800
accept-ranges: bytes
cf-ray: 7a43a47a4d3e3637-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 49ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QDVJ1GCKH3&gtm=45je3310&_p=1310666776&_gaz=1&cid=141607416.1678200539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1678200539&sct=1&seg=0&dl=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&dt=%D9%87%D9%84%20%D8%AA%D8%B9%D8%AA%D9%82%D8%AF%20%D8%A7%D9%86%D9%83%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84%20%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84%20%D8%B9%D9%84%D9%89%20%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%20%D9%85%D8%B1%D8%B3%D9%8A%D8%AF%D8%B3%202023&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:48:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 59ms
17ms Ping
text/plain 2a00:1450:4025:401::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QDVJ1GCKH3&cid=141607416.1678200539&gtm=45je3310&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:401::9c Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:48:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 236 KB
81 KB 50ms
50ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QC45NQYXDT&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b9d3c28c7113b946deb2ef8344ef4f47c5aa4cd731d7081fd5a5781a611fcb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82683
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 117ms
55ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QDVJ1GCKH3&cid=141607416.1678200539&gtm=45je3310&aip=1&z=1301078807

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:48:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 36ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QC45NQYXDT&gtm=45je3310&_p=1310666776&cid=141607416.1678200539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1678200539&sct=1&seg=0&dl=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&dt=%D9%87%D9%84%20%D8%AA%D8%B9%D8%AA%D9%82%D8%AF%20%D8%A7%D9%86%D9%83%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84%20%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84%20%D8%B9%D9%84%D9%89%20%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%20%D9%85%D8%B1%D8%B3%D9%8A%D8%AF%D8%B3%202023&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QC45NQYXDT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:48:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 21ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ead8c7c49a639a486ea1f54e4390e3d190de8cb3896f690bc1cd73cc9f6915f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 14:48:59 GMT
content-md5: HO9O7hbMDbD61jJlJzg+nQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: fbcJj6Zk6ixgnc0ho72NhyEqUOZo/qGwG6FGee2qgGK+c578ORA+tqX+R31rujH03sCP6G3H9c5UJUhnqGb+cg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: 62135f8de600c0cb6d046805fa5a6abc
cross-origin-opener-policy: same-origin-allow-popups
etag: "f921f886da2a58479da6e442cee06159"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:50:50 GMT

GET
H3 200 buzzfeed-checkbox-ok.jpg
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/ 338 B
971 B 19ms
18ms Image
image/webp 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed-checkbox-ok.jpg
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9102a91eb0c2dfe2c34333759eca9941a86e322ce0ea346c797a9a1d6ab915cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254216
cf-polished: origFmt=jpeg, origSize=722
content-disposition: inline; filename="buzzfeed-checkbox-ok.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 338
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Fri, 25 Nov 2016 12:01:22 GMT
server: cloudflare
etag: "58382812-2d2"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yywlj1WlLRrPQDtTubcuhzABY2EveZlZteWiuuDZINheNsQPy7FblflZsSfYGvbbPy81Jrzt9Zq7R%2FDdbTvOXMUqjS2YuhDolXXl0hddnfq0%2FRrEcIE0%2BuYBSt%2B2Z5p4iOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47addf53637-FRA
expires: Mon, 03 Apr 2023 16:12:03 GMT

GET
H3 200 big-loader.gif
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/views/img/ 13 KB
14 KB 17ms
16ms Image
image/webp 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/views/img/big-loader.gif
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52ba4c957efc7bae5e3dfe207919ee4c68e8910827a8b20be72eba23c81215f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254215
cf-polished: origFmt=gif, origSize=16508
content-disposition: inline; filename="big-loader.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13400
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Fri, 31 Jul 2015 14:55:46 GMT
server: cloudflare
etag: "55bb8c72-407c"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiVPRmp3qSZZ2o9OzvOPEw9uFs2OzrJjr%2FasK3%2FOuylpvsbt8durE6L639WMmCJvMguDEGASF6P9HpAuwWW6UDu3yAmFu6b4G%2Bs1xVwIZEBvjWh3m%2B56K%2F2BKLPid6jw6sA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47addf63637-FRA
expires: Mon, 03 Apr 2023 16:12:03 GMT

GET
H3 200 loader.gif
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/views/img/ 2 KB
2 KB 19ms
18ms Image
image/gif 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/views/img/loader.gif
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d6a799f49cfca0b6164fb8b20184ead7aa1de665e4ea47b5fbab6641a6edb3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/front-style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254215
cf-polished: origSize=2637, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1680
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Fri, 31 Jul 2015 14:55:46 GMT
server: cloudflare
etag: "55bb8c72-a4d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Azi%2FauunB8vk77g5VXiriTGGWxf1kEraMiJ%2BRedE1OXJ%2BCpPK7L2DVf20eyb9k5VBefUdj1hsriHsatbV7LB%2B5eP0%2FPzGUdE9juPIstPpH%2FGXrxmWNXr5ViYVOsxG9r0gFk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47addf73637-FRA
expires: Mon, 03 Apr 2023 16:12:04 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
31 KB 90ms
20ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 20:35:57 GMT
x-content-type-options: nosniff
age: 583982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Feb 2024 20:35:57 GMT

GET
H3 200 A7babLogo--e1659357325319.png
go299.a7bbab.com/wp-content/uploads/2019/07/ 6 KB
6 KB 17ms
17ms Image
image/webp 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/uploads/2019/07/A7babLogo--e1659357325319.png
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be4984e8c822cfa3da6fb01ff335b74f83cb58073ccc3cfd5f1ffc2c567cbfe7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254201
cf-polished: origFmt=png, origSize=8917
content-disposition: inline; filename="A7babLogo--e1659357325319.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5896
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Mon, 01 Aug 2022 12:35:25 GMT
server: cloudflare
etag: "62e7c88d-22d5"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s586MbzK4xM7NUaVAuS7d909SPwjk7IEv3epUi0geiAcg%2BPSS%2BWMzyTx5kgmR3c22fiiky7%2FYZU6ZoKfwBPIkMsy51wA7ilee4BZF77Zgc%2BuEK%2FLO9DY%2BxtqtBnpyL2HwlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47b6eaf3637-FRA
expires: Mon, 03 Apr 2023 16:12:18 GMT

GET
H3 200 buzzfeed-checkbox-no.jpg
go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/ 176 B
811 B 16ms
15ms Image
image/webp 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed-checkbox-no.jpg
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48dc5d19c8edc57a9b695330ee5f454f5d634772606a125e8b4dfdf65bc54d0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/wp-content/plugins/wp-viral-quiz/css/skins/buzzfeed.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254214
cf-polished: origFmt=jpeg, origSize=554
content-disposition: inline; filename="buzzfeed-checkbox-no.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 176
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Fri, 25 Nov 2016 12:01:22 GMT
server: cloudflare
etag: "58382812-22a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WA7N6CXiVm1AwUr%2Fz4nUPjQWbyEvJAmHcsUjJkBOOsThT732KJj%2BylRiXX0qn8muKBg%2FrQUmGSK1YjJzn1KBdVbrUOh2XhLod4tKWmjj2m5CbVfKLPDnTZ334%2FrKEbZBZZM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47b6eb83637-FRA
expires: Mon, 03 Apr 2023 16:12:05 GMT

GET
H3 200 2023-mercedes-GLC-scaled.jpg
go299.a7bbab.com/wp-content/uploads/2023/02/ 65 KB
65 KB 14ms
14ms Image
image/jpeg 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/uploads/2023/02/2023-mercedes-GLC-scaled.jpg
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e563689256d4ecbb7aef2459ee87db8df1c325aa6ec79e3dad0abe652f592991

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 251709
cf-polished: origSize=69381, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66385
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Sat, 11 Feb 2023 14:58:45 GMT
server: cloudflare
etag: "63e7ad25-10f05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tupZva04boysvJcDFqCYVT9xIEG0QeFND0fAnpDJexzFClPkeZqbLEP2OJdBPGtAY1AJ5qrIZxGxsa%2BBpy8RJpArVF7UQn7ITgVfgYfcL96OETaxPRja%2FIOMxZ7VrHWfZ7g%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47b8ee93637-FRA
expires: Mon, 03 Apr 2023 16:53:50 GMT

GET
H3 200 invisible.js Show response
go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 01F8 27 KB
12 KB 14ms
14ms Script
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1678190400
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73e568bee420b9633db90695cc2fed3f302f4dbd691229806e3ece13af74e126

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHERJPG5jQJre7jjKzObI9cT6lkO6De9rO1PSXYXmaGq0GXHKgZC4fwLTLDypyZL84ESoUxDarfzYVQ3XzEMIR%2Bswu%2BEO%2BmAqkgy40wk16vuBO9%2BjFgs2lWqomWpyW7Ool8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7a43a47baf0b3637-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 2023-Mercedes-GLC-300-4MATIC-graphite-grey-dynamic-scaled.jpg
go299.a7bbab.com/wp-content/uploads/2023/02/ 46 KB
46 KB 19ms
19ms Image
image/jpeg 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go299.a7bbab.com/wp-content/uploads/2023/02/2023-Mercedes-GLC-300-4MATIC-graphite-grey-dynamic-scaled.jpg
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a55a93c60965471100186d3dcb09cc221cefc84be4f65ee20a88086f8cb4380

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 254200
cf-polished: origSize=48519, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46734
pragma: public
cf-bgj: imgq:100,h2pri
last-modified: Sat, 11 Feb 2023 15:03:15 GMT
server: cloudflare
etag: "63e7ae33-bd87"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D5M8Gq19bObp6t2ArkgHY%2FEhGKIQcefk9NCRd3P0XG3QRXRrlyVXZBQuoZB1OYFD9uXTdFbua9sI7k4pJC0ycXPrpE9H9BTu0frLpwhjCa%2F0RbBMDdIZxpYsj%2FS3I0gTOxg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 7a43a47baf123637-FRA
expires: Mon, 03 Apr 2023 16:12:19 GMT

GET
H2 200 pubads_impl_2023030601.js Show response
securepubads.g.doubleclick.net/gpt/ 393 KB
133 KB 21ms
21ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

835c46f680eda60ae7a5ebe49e9a7c9187e98bdb7f859226cdee3a03f178c8b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 08:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21677
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135664
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 09:35:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Mar 2024 08:47:42 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 3 KB
558 B 94ms
53ms XHR
application/json 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=go299.a7bbab.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b984ecf5d0dfcee454ebbd033d2065ada0158030b878fd96c92a3325fa263c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 533
x-xss-protection: 0
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302230101/ 361 KB
119 KB 129ms
88ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5603248120981298&plah=go299.a7bbab.com&bust=31072714

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5603248120981298

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5b93f3e66ffda87fab4b553ce103e1f0627a0676443fd8b0413e6ca8c98b73b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121820
x-xss-protection: 0
server: cafe
etag: 4276456797318226947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:48:59 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230302/r20190131/ Frame 4A4C 10 KB
5 KB 80ms
19ms Document
text/html 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230302/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5603248120981298

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60622
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Mar 2023 21:58:37 GMT
etag: 2378337311435320485
expires: Mon, 20 Mar 2023 21:58:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 16ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=01747ce02e699ad1035d24c3a9ef3153

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3a4135afe1133c8f043dc3906ba0a2a8fbc60d13d90ff692098f092af85b95d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://go299.a7bbab.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 14:48:59 GMT
content-md5: zxT9Ra1nXGWZdpvm8Ja2Rw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87099
x-fb-rlafr: 0
x-fb-debug: s8rLK24RWrzm8w0t/lkcdjEDRwCtcrVF7JjUsW2uX9mVygWtP+HNo7BLYEsj3LiUu1mvusAK0vNZ7mu/cy9DIg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: d296e0e2fa753a31482449de1f83882a
cross-origin-opener-policy: same-origin-allow-popups
etag: "592fa27e48a0e5dec9c3172067a953bc"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Wed, 06 Mar 2024 11:36:18 GMT

GET
H2 200 avcplayer.js Show response
player.avplayer.com/script/8/v/ 697 KB
183 KB 89ms
22ms Script
application/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/8/v/avcplayer.js
Requested by: Host: tg1.matched.se
URL: https://tg1.matched.se/api/adserver/spt?AV_TAGID=63f8907a8aae96ca860d32b6&AV_PUBLISHERID=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 7892ce0febcfebefc28d8866a6f73a22d60fb844560cd6068122bfbf76180b6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
last-modified: Wed, 01 Mar 2023 14:26:22 GMT
etag: "1677680782"
x-hw: 1678200539.dop225.lo4.t,1678200539.cds286.lo4.hn,1678200539.cds276.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 187457

GET
H2 200 track
track1.aniview.com/ 0
71 B 399ms
97ms Image
text/plain 44.207.237.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?pid=63e26ea450153dfa9007b615&cid=63e45f60d4c09df37c051e35&cb=1678200539523&r=go299.a7bbab.com&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&d35=&d65=&d66=8&e=playerLoaded&str=autostart
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.237.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-237-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 pica.js
go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 01F8 7 KB
4 KB 13ms
13ms Other
application/javascript 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 116ae693854abb7571890e9d5417e4e8a403c73b09db5d364bb81a1b2018e45d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kpykt9j3awc7cCHH2DEXaZjJ9I%2FI%2BeQWF1FUh9dWxto6APHp0DPiEgNTAo4wG%2B0kwG2YpB5O6Om4xEbwX6Hi3lxkMbHZ95DnUmSXzdQZBSFuI3nrKK%2FBIKsI%2BeEwiq%2FYHG8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7a43a47c1faf3637-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 104ms
42ms Script
application/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=go299.a7bbab.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 103ms
41ms Script
application/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=go299.a7bbab.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 360 KB
73 KB 1933ms
1933ms XHR
text/plain 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=111652718764338&correlator=8033441790441&eid=31072702%2C31072877&output=ldjh&gdfp_req=1&vrg=2023030601&ptt=17&impl=fifs&iu_parts=109240298%2CA7bbab%2CGoXtraaa%2Cgobody3%2Canchor%2Cint%2Cgobody&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2F3%2C%2F0%2F2%2F4%2C%2F0%2F2%2F5%2C%2F0%2F2%2F6&prev_iu_szs=360x300%7C300x250%7C336x280%2C300x250%7C360x300%7C360x280%2C1x1%2C1x1%2C360x300%7C336x280%7C300x250&ifi=2&adks=3260917866%2C4044819337%2C616782693%2C1505596507%2C1975265503&sfv=1-0-40&ists=6&fas=0%2C0%2C2%2C8%2C0&sc=1&cookie_enabled=1&abxe=1&dt=1678200539593&lmt=1678200539&dlt=1678200539075&idt=472&adxs=563%2C623%2C-9%2C-9%2C495&adys=586%2C1323%2C-9%2C-9%2C17&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&frm=20&vis=1&psz=680x57%7C680x57%7C0x-1%7C0x-1%7C936x27&msz=680x0%7C680x0%7C0x-1%7C0x-1%7C936x0&fws=4%2C4%2C2%2C2%2C4&ohw=980%2C980%2C0%2C0%2C980&ga_vid=141607416.1678200539&ga_sid=1678200540&ga_hid=1310666776&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4eadf85fa132daa3891e5bf2c8a7806758320519ea376de602b2d51b4b1e90c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74425
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go299.a7bbab.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 111 KB
17 KB 811ms
811ms XHR
text/plain 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=111652718764338&correlator=8033441790441&eid=31072702%2C31072877&output=ldjh&gdfp_req=1&vrg=2023030601&ptt=17&impl=fifs&iu_parts=15918106%2CGoXtraaa%2Cgobody4%2Cgobody5&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3&prev_iu_szs=300x250%7C336x280%7C360x300%2C300x250%7C336x280%7C360x300&ifi=7&adks=2725300682%2C3266886444&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678200539603&lmt=1678200539&dlt=1678200539075&idt=472&adxs=623%2C623&adys=550%2C1359&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C2&ucis=6%7C7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&frm=20&vis=1&psz=680x57%7C680x57&msz=680x0%7C680x0&fws=4%2C4&ohw=980%2C980&ga_vid=141607416.1678200539&ga_sid=1678200540&ga_hid=1310666776&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05ad8e990ae0a949659ec05574dba0851598e73d3e47dce9fa30f32c8bf92911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17542
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go299.a7bbab.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 191 KB
45 KB 460ms
460ms XHR
text/plain 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=111652718764338&correlator=8033441790441&eid=31072702%2C31072877&output=ldjh&gdfp_req=1&vrg=2023030601&ptt=17&impl=fifs&iu_parts=109240298%2Ca7bbab%2Ca7bbabfluid&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&ifi=9&adks=2815214080&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1678200539609&lmt=1678200539&dlt=1678200539075&idt=472&adxs=185&adys=2352&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&frm=20&vis=1&psz=980x979&msz=980x0&fws=4&ohw=980&ga_vid=141607416.1678200539&ga_sid=1678200540&ga_hid=1310666776&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c70c11436a8fd77e9f3d1fdb20d0863a0fd634277b8b35b442727ade89c206a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46105
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1163 6 KB
3 KB 263ms
52ms Document
text/html 2a00:1450:400d:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:48:59 GMT
expires: Wed, 06 Mar 2024 14:48:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2023030601.js Show response
securepubads.g.doubleclick.net/gpt/ 33 KB
12 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023030601.js?cb=31072877

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43f822784a6f14be7d26bb0e9b1b4a61d5db6c34b2e56645b05cf37a970406f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 12:10:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95887
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12357
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 09:35:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 05 Mar 2024 12:10:52 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 138ms
121ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=740673693856678&input_token&origin=1&redirect_uri=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=01747ce02e699ad1035d24c3a9ef3153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Tue, 07 Mar 2023 14:48:59 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: xEVF7psCbRumbpAdgevTcwraVJiWRD6uN16QRfpq0gPA9cDprmNeXL9BEfSk5f+oqVhGrb3JzF8n0NYnqUqW+A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://go299.a7bbab.com
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 200 7a43a477ca703681 Show response
go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 01F8 2 B
645 B 32ms
32ms XHR
text/plain 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/cv/result/7a43a477ca703681
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1678190400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNwiJwYvBkx2KOw%2FM%2B6OduUKRY4HDLItm3zhXXNRPdHD3gk2eoHbwyfNN5sr9%2F1ZwVS0%2BchuMeOAPdSd28S9tGTUHaBxNY73J4MrpJDgP6Zoy6wfZZU%2ByZeB47EweyYCzcg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7a43a47e5b013637-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 31d54a4b841c0e438f13.woff
player.avplayer.com/script/8/v/assets/ 34 KB
35 KB 66ms
23ms Font
application/octet-stream 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/8/v/assets/31d54a4b841c0e438f13.woff
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 9f2ef335c07566f0d4f273a4b72bcb3ad2b02f0c6232da6129952ee60bd07ba8

Request headers

Referer: https://go299.a7bbab.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Wed, 01 Mar 2023 14:26:22 GMT
etag: "1677680782"
x-hw: 1678200540.dop209.lo4.t,1678200540.cds229.lo4.hn,1678200540.cds218.lo4.c
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 35197

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 7941 450 KB
122 KB 92ms
21ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/8/v/avcplayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 1fd3a76a0ef20f8eb231ac458ce175358c0b359318390e9bfcdbcf02c54d7eed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Sun, 05 Mar 2023 08:29:36 GMT
etag: "1678004976"
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds274.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 124179

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 387 B
601 B 103ms
41ms Script
text/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=go299.a7bbab.com&callback=_gfp_s_&client=ca-pub-5603248120981298

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5603248120981298&plah=go299.a7bbab.com&bust=31072714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6277ff8600aeadc9aa2fd7b774e8255b0999f667774feb603182d5bf3bd63f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 52ms
52ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=Header_creative&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F5AC 0
312 B 375ms
374ms Document
text/html 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5603248120981298&output=html&adk=1812271804&adf=3025194257&lmt=1678200540&plat=1%3A16777280%2C2%3A64%2C3%3A16%2C4%3A16%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1678200539485&bpp=3&bdt=410&idt=565&shv=r20230302&mjsv=m202302230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=840980836810&frm=20&pv=2&ga_vid=141607416.1678200539&ga_sid=1678200540&ga_hid=1310666776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44777877%2C42531706%2C31072714%2C31071267&oid=2&pvsid=111652718764338&tmod=230895366&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=597

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:49:00 GMT
expires: Tue, 07 Mar 2023 14:49:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 206 Gold%20rates4.mp4
play.aniview.com/63e26ea450153dfa9007b615/63f88ba9671544492b05ff96/ 137 KB
0 105ms
22ms Media
video/mp4 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://play.aniview.com/63e26ea450153dfa9007b615/63f88ba9671544492b05ff96/Gold%20rates4.mp4
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: UploadServer /
Resource Hash

Request headers

Referer: https://go299.a7bbab.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-guploader-uploadid: ADPycdsUKvR_uerfycBozhltESTKb1tEHmFWVX65IjmntRM-meVbveljFCTuS8pz4lgTIQ471V8ZCq5MXs8moScP8bFEpuesmE_d
x-goog-storage-class: MULTI_REGIONAL
Content-Range: bytes 0-246710/246711
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Content-Length: 246711
last-modified: Fri, 24 Feb 2023 10:04:32 GMT
server: UploadServer
etag: "7dd4395030adfaf4fb6b847d583a6392"
x-goog-generation: 1677233072790619
content-type: video/mp4
access-control-allow-origin: *
x-goog-hash: crc32c=hzeVDg==, md5=fdQ5UDCt+vT7a4R9WDpjkg==
access-control-expose-headers: Content-Type, range
cache-control: max-age=1800
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds229.lo4.c
x-goog-stored-content-length: 246711
accept-ranges: bytes

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
2 KB 62ms
7ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:05:34 GMT
via: 1.1 google
age: 2606
x-guploader-uploadid: ADPycdsq1xjEXAh6Uxb5NhTjTp9qgwbv72BFqoemQpfNMVbsc0akcADchPW9_eCTvPSWVVA236VtmpDqmpW6HApMSAX0pXJBJLWh
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
server: UploadServer
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation: 1659113709880056
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1258
accept-ranges: bytes
expires: Tue, 07 Mar 2023 15:05:34 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 32 KB
10 KB 37ms
6ms Script
text/javascript 18.66.97.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-9.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4ea737ac05e8ee5e490220d97b820834c18cd7c6f1da7d85007a51a5c64425df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 07:28:29 GMT
content-encoding: gzip
via: 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront)
last-modified: Thu, 05 Jan 2023 20:08:05 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 26432
x-amz-server-side-encryption: AES256
etag: W/"87ee016ad429d1c83712b8d81ccb3c59"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: JwN9XA4ACnrbObF2R6mVEBfZ6j46x8ZDwk0vG5OcLf2ODteGp9bqBg==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 41ms
8ms Script
text/javascript 2600:9000:20eb:1600:a:e047:752:b361
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:1600:a:e047:752:b361 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Tue, 07 Mar 2023 04:08:44 GMT
Via: 1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C1
Age: 38418
x-amz-server-side-encryption: AES256
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: nMc4_a2ht6w0pIzDEQJSacyJ8Oz6K1fsr5DyKKqR-wY0DnbD9_Zj1g==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 48ms
18ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: 6MMRD07QTTVY5WE3
age: 2241
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7a43a47fe9149034-FRA
x-amz-id-2: 2raq5Jnx6oAX0Ycps1Kzff9dKV6lHrZYj85JjHi2+p+G7SpeSO3d8BOABFEkDiqsZaTPahc5GGY=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
901 B 24ms
7ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
age: 23294
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 437
x-served-by: cache-fra-eddf8230042-FRA, cache-hhn-etou8220067-HHN
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 65ms
21ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 08 Mar 2023 14:49:00 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 69ms
7ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 14:52:45 GMT
content-encoding: gzip
age: 1814175
x-guploader-uploadid: ADPycdsRdNetRtDsJgQiW3jYUzNf--RNUpFn-nwKEqicmnAPK9Kxkrw33U8-Nf4bE3OVkYOkM3hRKPoN1ickSNTXQUfbEEpP_Dou
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Wed, 14 Feb 2024 14:52:45 GMT

GET
H2 200 container.html Show response
1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 011C 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:400d:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:48:59 GMT
expires: Wed, 06 Mar 2024 14:48:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QDVJ1GCKH3&gtm=45je3310&_p=1310666776&cid=141607416.1678200539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1678200539&sct=1&seg=0&dl=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&dt=%D9%87%D9%84%20%D8%AA%D8%B9%D8%AA%D9%82%D8%AF%20%D8%A7%D9%86%D9%83%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84%20%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84%20%D8%B9%D9%84%D9%89%20%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%20%D9%85%D8%B1%D8%B3%D9%8A%D8%AF%D8%B3%202023&en=scroll&epn.percent_scrolled=90&_et=6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 89d7ca8249da9b1fce758df22cf4efd3.js Show response
www.gstatic.com/mysidia/ Frame 011C 10 KB
5 KB 81ms
20ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/89d7ca8249da9b1fce758df22cf4efd3.js?tag=client_fast_engine_2019

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2500cea629c6bbfc4ab85693f21ac707f0a92d02f32781a2bea98f7065e4fbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:02:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4405
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 05:15:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 05 Jun 2023 09:02:20 GMT

GET
H2 200 f59a5c0fad1b2db9643ab4e812162730.js Show response
www.gstatic.com/mysidia/ Frame 011C 12 KB
5 KB 82ms
21ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f59a5c0fad1b2db9643ab4e812162730.js?tag=core/multiplex_design_v1

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3a51c109fa58a7f493cb875bce7dc32a04fc9cb71fede4d2fbdda08530f80d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18347
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5292
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 05:15:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 05 Jun 2023 09:43:13 GMT

GET
H2 200 delayed_impression_vu_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/impression/ Frame 011C 19 KB
8 KB 123ms
38ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/impression/delayed_impression_vu_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d12d58ed34ec144c604e4023e788ac6012c6a618180800b3801a4b9b6e5f2473

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 12:06:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9737
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8151
x-xss-protection: 0
server: cafe
etag: 18239414460274282579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 12:06:43 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame 011C 2 KB
846 B 20ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 21:16:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Mar 2023 21:16:59 GMT

GET
H2 200 899f01c435a13f944d11b66fc2f4fde4.js Show response
www.gstatic.com/mysidia/ Frame 011C 23 KB
10 KB 83ms
25ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/899f01c435a13f944d11b66fc2f4fde4.js?tag=exit_2019

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3849a17ecbbfd4b3e98f91137a4e67829ad9a2c14e598b5b68a735ba6b04ffd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:02:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9829
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 18:22:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 05 Jun 2023 09:02:20 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/ Frame 011C 22 KB
9 KB 103ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/abg_lite_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e41caae174108db2b9d3947eb5cbc348c5e431a00f272917ea10cf2830ffb3c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 05:43:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9103
x-xss-protection: 0
server: cafe
etag: 315661852888499207
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:43:42 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame 011C 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame 011C 20 KB
8 KB 106ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c95fae81c74bcffbf17e425b12ade6b9a510178a5fc66ddfaeee0d0db76c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4018
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8558
x-xss-protection: 0
server: cafe
etag: 3110455901848521628
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:02 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 011C 24 KB
7 KB 109ms
25ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 06:00:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Mar 2024 06:00:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 011C 158 KB
49 KB 147ms
72ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b375fe66c260836a3827af7972ab6a88953c43522e202584363f80594e7ae433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49547
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678106210411282"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:49:00 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
335 B 111ms
32ms XHR
application/json 52.209.67.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.67.66 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-67-66.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a5501b3363c88de8e516bcf3e61cccb487518527b2de7eae231900cdb91a8f23

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:00 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache
x-server: 10.45.26.243
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
325 B 38ms
8ms XHR
text/plain 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://go299.a7bbab.com
date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 329 B
423 B 23ms
22ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 05f9fd5f7673ff77a9bee0ee82b765478e4a1c0c24dc243c5c50e5b65ad90f38

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 41a7aea6c5f1301e14c9a42f71b2b99d
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 91ms
36ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://go299.a7bbab.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://go299.a7bbab.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Tue, 07 Mar 2023 14:49:00 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: 1778a7b083f65a2f851654ac8e9c9d05

GET
DATA 200
OK truncated
/ 577 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
serv.matched.se/api/adserver/tag/ 13 KB
4 KB 613ms
239ms XHR
application/json 35.174.127.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://serv.matched.se/api/adserver/tag/?AV_TAGID=63f8907a8aae96ca860d32b6&AV_PUBLISHERID=63e26ea450153dfa9007b615&AV_VIDEOURL=https%3A%2F%2Fplay.aniview.com%2F63e26ea450153dfa9007b615%2F63f88ba9671544492b05ff96%2FGold%20rates4.mp4&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&AV_CHANNELID=63e45f60d4c09df37c051e35&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=go299.a7bbab.com&AV_DADPOS=1&AV_TAG=63f8907a8aae96ca860d32b6&AV_TEMPLATE=63f88bf7671544492b05ff99&d36=6.2.87&responsive=1&sver=4&avtoken=540211&omv=1.0.1&AV_D66=8.2.12&clsid=d8244984-1ad4-40c0-97f7-dff29709ff53&rando=20&AV_WIDTH=882&AV_HEIGHT=496&AV_DNT=0&cb=1678200540213&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.127.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-174-127-249.compute-1.amazonaws.com
Software: /
Resource Hash: 9e74d6a3db6a783785c909f075486b6030b4e7590c308530ae1d5c244c25a9fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-bamboo-c-skst: 1
content-encoding: gzip
x-bamboo-c-skfe: 1
x-bamboo-c-s: BYPASS
access-control-max-age: 1728000
vary: Accept-Encoding
access-control-allow-methods: GET, POST, DELETE, PUT, OPTIONS, INDEX
access-control-allow-origin: https://go299.a7bbab.com
content-type: application/json
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With
expires: Fri, 24 Feb 2023 01:02:20 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 98ms
98ms Image
text/plain 44.207.237.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=go299.a7bbab.com&sn=&ic=0&tgt=0&app=&wi=882&he=496&test=&d36=6.2.87&apppkg=&fv=1&proto=https&d66=8.2.12&clsid=d8244984-1ad4-40c0-97f7-dff29709ff53&rando=20&pid=63e26ea450153dfa9007b615&cid=63e45f60d4c09df37c051e35&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&e=inventory&vi=100&cb=1678200540212
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.237.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-237-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET esp
oajs.openx.net/ 0
0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 64B3 15 KB
6 KB 67ms
25ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=go299.a7bbab.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:48:59 GMT
server: Kestrel
server-processing-duration-in-ticks: 624844
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 011C 9 KB
9 KB 63ms
22ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=942&q=80&r=0&u=https%3A%2F%2Fwww.c-and-a.com%2Fproductimages%2Fc_scale%2Cc_scale%2Cif_ih_gt_iw%2Cw_700%2Cq_95%2Ce_sharpen%3A70%2Fif_iw_gt_ih%2Ch_700%2Cq_95%2Ce_sharpen%3A70%2Fv1676022258%2F2194531-1-01.jpg&ups=1&v=3&w=800&s=-dkaSPFkkLG82piuBQwqiQR8

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

6fac0a5f63e0aea006d1532ca95da232bc0060d2c3d61ae587d86660a88c8cf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30152709
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8916
expires: Mon, 19 Feb 2024 14:34:10 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 011C 9 KB
9 KB 64ms
23ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=942&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F942%2F210816%2Ff0385941b58c4db180e9e3b6f328c160_logo_c-a_black.png&v=3&w=1200&s=G8OmJbLRFhOoJXVI9RRP0dtH

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

de6ae7d3f497af27bf71aa2e95708f464d084a5858ee6a111b226197468d49ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:48:59 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28580283
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 9177
expires: Thu, 01 Feb 2024 09:47:03 GMT

GET
DATA 200
OK truncated
/ Frame 011C 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/240502308365635262/ Frame 011C 15 KB
15 KB 74ms
73ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/240502308365635262/14763004658117789537?w=400&h=209

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ea6c3e3853281d6bfa0af2e1c9655cd80c3a7440aafa5969bf1e9fe5a6b54cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15736
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 15:59:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 06 Mar 2024 14:49:00 GMT

GET
H2 200 12927476398949769999_4588664657669282569.gif
static.doubleclick.net/dynamic/5/413907909/ Frame 011C 4 KB
4 KB 88ms
24ms Image
image/gif 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/413907909/12927476398949769999_4588664657669282569.gif

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1f88a1f6cc78ce610dd71f0c07416900cce9a226f68fddbe7e0d9bf2919be6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 03 Mar 2023 14:15:58 GMT
x-content-type-options: nosniff
age: 347582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3812
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 20:10:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Mar 2024 14:15:58 GMT

GET
H2 200 5748180027599128093_11262097692074653783.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame 011C 49 KB
49 KB 81ms
25ms Image
image/jpeg 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/5748180027599128093_11262097692074653783.jpeg

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5faca302ad89600980495ffecda3c32dc6d9635adbe273672d33e7043633ceb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 03 Mar 2023 18:08:08 GMT
x-content-type-options: nosniff
age: 333652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50041
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 08:42:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Mar 2024 18:08:08 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/6179114774076898540/ Frame 011C 20 KB
20 KB 97ms
97ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6179114774076898540/14763004658117789537?w=400&h=209

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cfa7bb0af272be55dfd9d43c8417a47aeb34c3fb57776b96e9f591cb9f65468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20894
x-xss-protection: 0
last-modified: Thu, 15 Dec 2022 20:17:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 06 Mar 2024 14:49:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/10621337453297742338/ Frame 011C 5 KB
5 KB 21ms
21ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10621337453297742338/14763004658117789537?w=400&h=209

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fac8a860f385a189ff78ee544b8a324078af750f3f04e661c13f56adb67d717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 20:43:24 GMT
x-content-type-options: nosniff
age: 410736
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4966
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 06:04:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 01 Mar 2024 20:43:24 GMT

GET
DATA 200
OK truncated
/ Frame 011C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0e4f7ea4c0d428c7c5a9708845e25c574b3e94be5b159609d19de10abb3b3a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sid Show response
mug.criteo.com/ Frame 64B3
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=a7bbab.com&sn=ChromeSyncframe&so=0&topUrl=go299.a7bbab.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=CTMCTHxhQ0dWZXdvR0ZESG5zSGZ3OEZmTjZZTzI2eG15NFU1amJEeXozdEZicVRNSStlRThjYzcrRkk1RVdlTGljbFloakROMFhZNkVsSkdkVTZDRXQvS1dHOEo3d08xSEpEUTJIaDR0YjdKSXVvQ0RwYy9PTlpDc2NmZC...

430 B
665 B

639ms
121ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=CTMCTHxhQ0dWZXdvR0ZESG5zSGZ3OEZmTjZZTzI2eG15NFU1amJEeXozdEZicVRNSStlRThjYzcrRkk1RVdlTGljbFloakROMFhZNkVsSkdkVTZDRXQvS1dHOEo3d08xSEpEUTJIaDR0YjdKSXVvQ0RwYy9PTlpDc2NmZCt4cUxYR3FKbFJwVG5qVlI3WEtzSEYvQW9NVTdyNlcydXFOcndRTTI1dlFYODNYakZZam44eC96b2FtLzFHT0paSG8wWmR0R2NxQzdJcmh0bnBZNjBUWGtTbmo4dXhINmk3RDA3YVNJdHRjbVNMUWV0elNrdk85UllXWEd0YWtycWg0bE9YbGprTHlNblFMSjhqeVhkUy9mSXdUZFBQUT09fA&cppv=2

Requested by

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

35a9e27dc617054ee19c82bf608cd0b0065a10897f7b423826f868505568030b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1042049
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:48:59 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=CTMCTHxhQ0dWZXdvR0ZESG5zSGZ3OEZmTjZZTzI2eG15NFU1amJEeXozdEZicVRNSStlRThjYzcrRkk1RVdlTGljbFloakROMFhZNkVsSkdkVTZDRXQvS1dHOEo3d08xSEpEUTJIaDR0YjdKSXVvQ0RwYy9PTlpDc2NmZCt4cUxYR3FKbFJwVG5qVlI3WEtzSEYvQW9NVTdyNlcydXFOcndRTTI1dlFYODNYakZZam44eC96b2FtLzFHT0paSG8wWmR0R2NxQzdJcmh0bnBZNjBUWGtTbmo4dXhINmk3RDA3YVNJdHRjbVNMUWV0elNrdk85UllXWEd0YWtycWg0bE9YbGprTHlNblFMSjhqeVhkUy9mSXdUZFBQUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 731853
content-length: 0
expires: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame 8436 222 KB
61 KB 86ms
22ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 8436 15 KB
5 KB 136ms
72ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 8436 94 KB
28 KB 137ms
74ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 8436 5 KB
2 KB 143ms
79ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 8436 40 KB
13 KB 143ms
80ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8436 8 KB
991 B 44ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 13:32:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:49:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame F891 222 KB
60 KB 100ms
45ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame F891 15 KB
5 KB 69ms
68ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame F891 94 KB
28 KB 70ms
69ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame F891 5 KB
2 KB 73ms
72ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame F891 40 KB
13 KB 74ms
73ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
DATA 200
OK truncated
/ Frame F891 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c79877e4fc473ddf5dfbee667b40ea0ff232563b933faa0b0b588f84169960

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 8436 3 KB
3 KB 21ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5791
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 8436 344 B
368 B 21ms
19ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81003
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8436 0
0 64ms
62ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfxB-204HZOnNKLDi7_UPz7qU2AfxhaSTbqiqkp6kDcTNi-21IRABIILn5DJgleKQgqAHoAH6keegA8gBBqkCt3ScagLnsT7gAgCoAwGqBMUDT9Cx3EsB4rnmh-tTIZZpK7RnJUaJ5ZK3wvEmgCzn_nTIK_4yWCK-kAkqoOUEJ-G3KP5E8xXet_8Op7AT-k2-qENIACOuSoJ_myeiqncfdaEsTovRIVZcU04FAtcCkh8uMKfZiju1nYb0lumJD4mUPOn3FF-Biz6k3EQ2zpx9QCZ0qGxyV0JhwvSa64QTVUajkphu4amV1Cj82yI0GTkbUIGgZ2WUp_-9lJd6norq_KpiJ0kX4SMTtqvHJqn8mmfFJ3darYtv3fFbYAc3RDufvw53a5qW7NKm-nVY9URQ3CnSR2pgEvnZckzS4GNgqQbKQohtsABGk4pvO-CtkQHDkaGwQ_B5OEtR_ptZk9QkA6sP4obFDbGZgd1Arp9bd34TazgWdbX-NGuD3fomgWVtvY3hm5tDoaj0Zaml4jh8xCH1BcPu5IXleqDDlIBHyKs5ZXCj3fM2kxq1zLfJfYrYpww7pfP-vrJl4g3YNFHYF6ZWYdg4iLTQMVhQVkvLGtDO--vU_YknKHDQ_yK4WZAKCdjagshwVKrCumJb4blUGwatlShH5bJwx45g1GNwC6Cb75P5ozOfXpAmaadnpMVisoxNijHYwAS8z7n4twPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAYAH7u2YX6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEMvVZtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMNiBQF0BUBgBcBshceChwIABIUcHViLTkzOTI4MjYyNDgwNDM5ODgYmq0Z&sigh=XYTVb2z6Ld4&uach_m=[UACH]&cid=CAQSTADUE5ymZrYqmMbsCZezSLtxlRLOtboO-_XMzOseeqSDsbwlVU4iYGbZbf4pGpLVcQ9VUozWW5irziWSDUBOmHKH1R3EYe-4mWKoracYAQ&template_id=492
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 18117774602554837636
tpc.googlesyndication.com/daca_images/simgad/ Frame F891 19 KB
19 KB 22ms
21ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/18117774602554837636

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

461abf9c3e5b15610003ac93df57026d6862a8ac6cd0abf141c0b42dd1a2660c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 11:09:08 GMT
x-content-type-options: nosniff
age: 531592
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19332
x-xss-protection: 0
last-modified: Tue, 20 Dec 2022 12:45:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Feb 2024 11:09:08 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F891 3 KB
3 KB 21ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5791
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F891 344 B
368 B 21ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81003
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F891 0
0 62ms
61ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=ClStl204HZOrNKLDi7_UPz7qU2AfX5LWFbqyW8uXtEJWmrNOYOBABIILn5DJgleKQgqAHoAHP64H9AsgBAqkCzuBa5BeKjj7gAgCoAwHIAwiqBNoDT9CB32-nXADTJ0tGBXp7OQU_r-h0TMaKePoNsUmVd_UR86WaTu6PKMApENeciZr_jKwDVFNUGrq5iwK-xu-WIqSygQw6wPXV_UYK3sZP2iEcgClHmcr9R7gPgz2To1-e495lBuDMKzb6dHYOgjSwZT_wEvi4OJjXVIbR58LjGkfX3IadWRlEo5ZUnuo_Xw1xYA4OcAC78oEV8lpbGVfP2qdTf0xXPL5YjT2W-aeXW10H0zDSxDYr8nIKLrNy21KpN2nsxGEd8mqAbZWItTAnPtfuQYesYMGxJSA2womNOSvYMkXwHNCITfoUagsRc_5f1cSrqGL2cRhdnboKrMIkaBsNiL3RO0cZ5u6qQUwyrjZ2lsUr2ZC4X7Ft7cuS01-4nTJ0Hg9kOa_j8dyGWPSmdEp1k_JFK0ooksWA-y7sJzjij_iQ1_0jrf-aeuT-4jkSZDnyK2enu9neLZxtFQ4UZFJS0pnGWPDVnqI0iCd2BQlp5E9KfsniEKvb-8XBihyC6rTTFarKU8FQRwTEZxjlFzTUyp1HH64hOojOME8qgl7CrUtZ_vV40A3i4OY6tLxR4Uws4d0vz2e8CfGtUDIzqLOURYgyNY4BOy3k0byaKIeovKQeR6aY7ye4wAT445WCtATgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHmZT-ggGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBD0myvSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi05MzkyODI2MjQ4MDQzOTg4GJqtGQ&sigh=0-s5OFYDilM&uach_m=[UACH]&cid=CAQSTADUE5ymZrYqmMbsCZezSLtxlRLOtboO-_XMzOseeqSDsbwlVU4iYGbZbf4pGpLVcQ9VUozWW5irziWSDUBOmHKH1R3EYe-4mWKoracYAQ
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 8436 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e1065ada1d157cb4419f0b63855853213be61780107eac7ac4cc00ae7bd06e2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 lgn.php
cat.nl3.eu.criteo.com/delivery/ Frame 011C 43 B
348 B 295ms
17ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lgn.php?cppv=3&cpp=SridrSx5ncIPHiSvUDOHaNyFuVVIWqklu7HwyyOt3ia6rTenY0lGLlyKWINyMEDWb8T1xiIIuYcZiWZ_LQbwbT3oPluljwykzX0XDZcov44zRH6Q_X3WTHjAXAcLCscCfwAdyN4FjsOR-EwPeReWngeKXzXGMcdlG8AGaJW3CpgC4EPcwtJ-XPAHuHUS9_pgVU2iw6MCuJt9mFbm_OwArqjy3x0cyn08oR3svzYA9IiTtLhhahlDFHZe3r77plSHR0EtlSPydW3Ir6QmsSBx61_OkcVZdgArcmcELSAFWx4UCQMRQXq0uf1UuXQfWAUk-2Fqp2abEcf47O8J8hy0TMKgl_cIiaJ3xqHcEtSi0KUr9M2TWYyCns1KIK77vI0Qmc6uIufmZBPzOmNSUBL0yydeAbmIE18fKqAVfUcyhK1qd6eZhwbU212kuiXqTN9qo2dmistczQUh68y2RoayWZBY2008Eh6qgy8pylGI5uAEREVOVO4dTavrORVeLHFkP5b21tg-RjDIqAHfn2a2CAKOEtRH4sf8V352NJPpby8aWVWq&z=ZAdO2wAKHqoH_YN6AADGzA7iLrcOx854kkPSPQ&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3585405
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 011C 0
126 B 45ms
15ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kuDuEpT0FwAAnYNiAgIAAABwXPRCAYm2eAcGddEQ2k4HZLL5y3LeFgPAu0cAABIDAQoOQVFVREFRWUJBUUVQQVE&wp=ZAdO2wAKHqoH_YN6AADGzA7iLrcOx854kkPSPQ&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 165590
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 57ms
55ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cz05Y204HZKq9KPqG9u8PzI2DmA_JntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTExMDY3NDA3ODkwODk0MzfIAQmpArd0nGoC57E-4AIAqAMBqgTEA0_QUSYcaKavqTJ57m9rRxSKnbhhc-qtZ19jpUcbFKi9hZEeGth1H45RF-l40ctCUr5z5JhJqHggvY0oeIuTVRslgHkK_pQ2co9gT0cC-fNG5WE-_2bx_gcdR23H2oTgw2j7fNOFwEo7RsNMxl8WM0HxCNP0IwbYlnAzPO5j6Sg8TzA65N4WuPdFHjh3q_KM8lZsvlhPeDJxlI_YF6PcYTO_udAaOJOhFlPkswA3NfY1_yIEDZOP1USj7N4Cz3Ng-FgQzQwo_NjCe3YM9WwOjn8oyWxfFcD_q6qtCGVNdj-tsn2A5qc_RevjYrmermuOMTS49m5RXkkjg19SxLDskmf5TKgKOViOA35ezJirir7MUrY02wChFWaTpYUT1iYbuU6DTYgVir9atNCAlOQCI7PiTH3Ag8q0ZoMiW_oUHrpECU40Y0zqfz-gL5B_vrYQDvZW38FahHN1oQh1Sa8b1L3ldVYbVAdUHYBTps7L-lnqdu6MRESQnxtfpTUxa1XQUjmQJBdXBjkvlqRrq3lTuy83ilyyoSpVv5m0715s182IPgUgiOKTydKjvqBC5ZKFS8oOVNzaD2PRFLK4P30we60sJrrG4AQBgAb9uOyklcyj1N8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0xMTA2NzQwNzg5MDg5NDM3GMKbIg&sigh=215XfLXuceU&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&vt=10&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 62ms
60ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdDuw204HZKq9KPqG9u8PzI2DmA_JntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTExMDY3NDA3ODkwODk0MzfIAQmpArd0nGoC57E-4AIAqAMByAMCqgTEA0_QUSYcaKavqTJ57m9rRxSKnbhhc-qtZ19jpUcbFKi9hZEeGth1H45RF-l40ctCUr5z5JhJqHggvY0oeIuTVRslgHkK_pQ2co9gT0cC-fNG5WE-_2bx_gcdR23H2oTgw2j7fNOFwEo7RsNMxl8WM0HxCNP0IwbYlnAzPO5j6Sg8TzA65N4WuPdFHjh3q_KM8lZsvlhPeDJxlI_YF6PcYTO_udAaOJOhFlPkswA3NfY1_yIEDZOP1USj7N4Cz3Ng-FgQzQwo_NjCe3YM9WwOjn8oyWxfFcD_q6qtCGVNdj-tsn2A5qc_RevjYrmermuOMTS49m5RXkkjg19SxLDskmf5TKgKOViOA35ezJirir7MUrY02wChFWaTpYUT1iYbuU6DTYgVir9atNCAlOQCI7PiTH3Ag8q0ZoMiW_oUHrpECU40Y0zqfz-gL5B_vrYQDvZW38FahHN1oQh1Sa8b1L3ldVYbVAdUHYBTps7L-lnqdu6MRESQnxtfpTUxa1XQUjmQJBdXBjkvlqRrq3lTuy83ilyyoSpVv5m0715s182IPgUgiOKTydKjvqBC5ZKFS8oOVNzaD2PRFLK4P30we60sJrrG4AQBgAb9uOyklcyj1N8BoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi0xMTA2NzQwNzg5MDg5NDM3GMKbIg&sigh=DykN-UgRwVM&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 62ms
60ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cn-bX204HZKu9KPqG9u8PzI2DmA-Y6YSnb6eeqrXdEfvd8_0IEAEgrMe7HmCV4pCCoAegAZL30p8pyAEGqQK3dJxqAuexPuACAKgDAcgDAqoEzQNP0NfizmwP3JFWyfx44Muwwi9XmC9xVuYv15guVxRbG6r8Lbtvud7rRtJHRW4cZY8_Ha3ymPHM_mp9jhyagjHfN5ILBs-4hcgHbHSMfx-AdrMWZSvsZ_ilzqyUkZQ-9oDmZnbMF3XOX1AofX5Foj1W-Wf1Ot16cqYWRXNjW40BJBudSE2nBplEWbEOD6GLrx-HPuOUhwmoTgy6swGV5ocI7HhbkRm9X-66YBGMfoAbHcwagsXv6QledkQ6XA_iTGgPwhNvymqF1HmhR7OEr3LOfOPHbEYi01WQv-YxDJzDbnR0KTvyfubLiar3-f1YFzN8YKV6PsPdqyobwDlfvKEFnu2Xzqvm1sgiKQxdbvmdaMrbVqwVc9ihxEpQVeOE5ocP1XAIEuHJoUsY4E2TdXeUykqfaa4dDlHblTLwczWDRrzVnHhE6howrea6bc-4UAAEaOSEjSx6RuUHwOna9-RYIIwACl7DSffGoila7DfNT6QH2hRK6ksukNq1yRYAQIMP7AbfNGQIwrZqGCrY70_9dWUJEfFUJ38sRt7NlYpzzQzZrNV3LATm06F-ERenWtVTpiAg_aPUaiWXIbONV6B-Uge11kDzmksjYosiScAEk9COoLcE4AQBkgUECAQYAZIFBAgFGASgBjeAB5Kvo_8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQ3WXSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi01NjAzMjQ4MTIwOTgxMjk4GMKbIg&sigh=9tSCEHFbbQA&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&template_id=492&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 65ms
63ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CcFZl204HZKy9KPqG9u8PzI2DmA_V38Sub6Sg-tvGEbnumfqKORABIKzHux5gleKQgqAHoAHVlP7HA8gBBqkCt3ScagLnsT7gAgCoAwHIAwKqBLwDT9BQ1HKC3Qi5-seKX3nG3BXa5uCdraZCv03nrGagSLy5i0xHcskh2j-W9HnEvztxcUP1v92Shh2g9P19XWIgoMjyHzSkG4Klw4FWin75vWSTTSkywm4izKLwjHOd70aWfic47jW6YzBWYoNHTMrpgOL6CCqhyqG1_Up0jdRxICwkX6Q7ce0wBEN3MX465GNAU41p0IyUXmPajFOFD7maUQNA7XmpAiY_UywEKh0wWoWpHF4oRg1oXPEh7HaC4l21YF2nUYISDfkTyMGvzDYc-dA4uhl3SZH3DzF1MjZMB1k1tkpyb6XiG8BF2EmqwIeq-nxoX7GeJGuenBWQm3ef-JKpa7U4aw1wGfeNUtOc8JfA6UcjGrT52Vnk56wPFWYgOCvE3wJeXOIaq78dcSZw0-tYYci5a98NQv8JGWYJmccYJH5OmDeFcaPeS2nOH2GGc3JznsdyWOtmidIgdlu9nSeKF1Cug2dZH1mZ2dYt4uyahL6d_hQU3fNLE8-y9CagMuqgpz424KcikZrq1KlBtnvwPWpkr27qzFFZ7ia9FoiA5Eln0TrMJwjWNgPdSA0DxVfMkEBacNyLiyrowASj8LTrqgTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AHvL-pLqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAfIHAxC6YdIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMLiBQB0BUBmBYBgBcBshceChwIABIUcHViLTU2MDMyNDgxMjA5ODEyOTgYwpsi&sigh=qm7OptqQujQ&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&template_id=493&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 63ms
61ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqLmo204HZK29KPqG9u8PzI2DmA_55OrFbcrQg5jTDOrN6KPpEhABIKzHux5gleKQgqAHoAGwuqHXA8gBBqkCt3ScagLnsT7gAgCoAwHIAwKqBLwDT9Amgrd6VxvlTwUHEQh_ZZSX_mVgvG-DDoYWc9WisNaMEtGUiXfegoaMN2sed715DgYnl-2pUDoHTmpTIPgbecpHvLMwo5sWcAyOg5i7xZgOT1KuMXQXI2bHiDOaWI9oL5cG-6rKTB7zraTqgLKiaNvnCeFFO3vIwbQ2_Exw24bcDRVScHGdZK8QHXwKHpzitAFMMqT3JmuraqKsxaaM2P-A86ue-5YWJskQSboOfeBfI6xPt0Vg-OLhrkoosxazBQA1JDFC_aVbGtv4C1IbBwVTYIxl2t31MMhnGelvyyhSKcKgvGlRlkvkzxeYNDtupmZ_2zXcvOrYDohBX_qj5jlsnRUSpwOSdy3qCOzVKnQtoiQ7d-O8lpsxdL8TrCVWgHNXrRSDui2hrYkL3SR6ucw3WAsL3rRvMJAWdHAlo6_a0hgYRVgr1ExRtOU_KnFhvSJ6b-oVY-klLZ4zsO-Kqa1M0kULyBaB2ZlIZzmlew-81J6GRgnrA7c6lXj4htOqm-p1BqUGu8Nk0bpuybp6sbiqBj-Ra86swBcyxJqoRV5snjKX5bjXMc69KDEROE_vEqoPFhqZiq1gwJ9XwATJqf3kogPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AHv9m9YKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAfIHAxCUOdIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMMiBQC0BUBgBcBshceChwIABIUcHViLTU2MDMyNDgxMjA5ODEyOTgYwpsi&sigh=3qyrp5pV8Vw&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&template_id=493&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 63ms
62ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CmXbm204HZK69KPqG9u8PzI2DmA_RxqqFbsitvuPdEJaCzYWIFhABIKzHux5gleKQgqAHoAHS3rXQA8gBBuACAKgDAcgDAqoEvgNP0MXj32LVWPrOwVdkCwlkzVGiv44sVYlcODbXhjVEJmTze4ld5X-eAqlkL0fBjPhddpAQJ8nBknHfZaM1EwNX5ipeX-6dzLmo3w0veQwCaw2_Oec-YhdWmc8qzDs3wiXH4xnbYO8aRAFfoiqGRFPKp912iPVrczWFz3TW-os8cECNnHbch7BHo2vPPUtpff9n2UIwvtId8ki5q4DSs0IgklFiZc5-1Eeh-bRoGuWhR0jaShHGsOIRkEGpP8pUWQdrmOBCkYZZcpBZjjVOLKfKIhg6ku1ET1ZgGmcz4ksUBRy9Zs81WATnvd81VIvCb5-zHz6zXOLExra4cc5a3Q9AP3SnEjGAd2canoUksZuF26HNgYxBHkfhUvGs9Y1syZbncB3_zlxJPUSIdxKrBGu6FkxEqKKjd2y1lCepvgDIjUtd61fJ_fHTiCBVq-Sw89Bn4x-duw0VeH3OZYu_eepHCJNKU_GtdWd3ZN9FA475z1UaEcOEuPtx88vaC84hb6OSfSwhPBiZO9k9V9KFjQYo-F0kM7k4MIapGPedysC9K8lSxITb07O_toh0sYxGnI9MYcTmvRjFUu84JC9rkcAElMzy350E4AQBkgUECAQYAZIFBAgFGASgBjeAB5ahyi-oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHAxDyTtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMN0BUBmBYBgBcBshceChwIABIUcHViLTU2MDMyNDgxMjA5ODEyOTgYwpsi&sigh=Jqj5ytDWm74&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&template_id=492&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 011C 0
0 64ms
62ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cw2nt204HZK-9KPqG9u8PzI2DmA-jjbmfb8OBvpWaEfueyfKMIRABIKzHux5gleKQgqAHoAGk3ZqLA8gBBuACAKgDAcgDAqoExANP0MZ65QVRazJKhamoghHxVmo0pGdAe1oVIY5rzsLlBOI_yLVkgkJyKSlUZaB8pfeE7NY09kfJhI3weVyqw82TiyeEC26KGHOq-9ezDqglgz-r0IKRwluwSzRE6aS_MMvqyKiXYhC6uF1tzXVeX1LBkx7nWfy09xmQoVuqDkADkmMb8IV6vZ4LN90jdZAGEbjIAnH4ZIVfnAmMcV4f_vWFplUWN3KC1Sb3qzP3qDiUMAuMD0swxW-6xHpwj_GcnSh9nFI31xQdeRhyKWKs2nCa1LSecwJXXNyVIpNOUqVBf9PEQYpA_cYGrAPAEIGXas95XnpAQk__j8U8Xs_WMMyLtKFZFaf4ld0Djzu1by0wd_C2IE3JrKkS_6uQCiln56xRGHb6y5eUQPGKDqh8vqiDyUlt_2w1POA0IKZp3dViBlMlPqMqzPlZaLjww3ES1QHhOOPSFWAqIKtDg7RkhUYLBgQr7oPgh4k8JXk21NQXpcZEgcNIh5c_TiSMWBNMqSG2HYioZuoFIajC_JbxkWTfZmggaWZYAOYDCtDAkp0dZu4A0wNnFPGPQzFmtIFfzN2V4ngix7937rlofwBNgkFrSP2QKcAEw9mwu6EE4AQBkgUECAQYAZIFBAgFGASgBjeAB8Si5XSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHAxDwLtIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMM0BUBgBcBshceChwIABIUcHViLTU2MDMyNDgxMjA5ODEyOTgYwpsi&sigh=XrV01X1KM4Q&uach_m=[UACH]&cid=CAQSSwDUE5ymaK0Nf1AisJLM_cgg4Ow2SpOcJuM7-zd555YukEmso7JMvFMLbGLTAHy6wE32hb3vhe3Pu_eODNKz3T7S8Rqu8rGWFmfs-xgB&template_id=492&cbvp=2&vis=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 8436 28 KB
28 KB 21ms
19ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 16:20:09 GMT
x-content-type-options: nosniff
age: 512931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Feb 2024 16:20:09 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8436
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

62ms
62ms

Image
text/html

2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Server: 2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Redirect headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F891
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

87ms
86ms

Image
text/html

2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Server: 2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Redirect headers

date: Tue, 07 Mar 2023 14:49:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 07DD
Redirect Chain

https://cs.admanmedia.com/fa9f4b3548d146d8b0584acce84c4fec.gif?gdpr=1&gdpr_consent=&us_privacy=1---&coppa=0&puid=1678200540661-973629974187-001175-002-002090&redir=https%3A%2F%2Fsync.aniview.com%2F...
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=57&pid=59c9148628a0612da3689288&key=32086b01-8a91-4496-8d0b-3322ad676dd5

0
239 B

339ms
99ms

Document
text/plain

44.194.172.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=57&pid=59c9148628a0612da3689288&key=32086b01-8a91-4496-8d0b-3322ad676dd5
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.172.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-172-170.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Date: Tue, 07 Mar 2023 14:49:01 GMT
Expires: 0
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=57&pid=59c9148628a0612da3689288&key=32086b01-8a91-4496-8d0b-3322ad676dd5
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Transfer-Encoding: chunked
X-Frame-Options: DENY

GET
H2

200

usync.html Show response
eus.rubiconproject.com/ Frame 0C67
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=aniview&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east

281 B
410 B

317ms
292ms

Document
text/html

23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 233
content-type: text/html; charset=UTF-8
date: Tue, 07 Mar 2023 14:49:02 GMT
etag: "403b9-119-5ec73a0a33d00"
last-modified: Wed, 02 Nov 2022 02:30:44 GMT
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT
location: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
server: AkamaiGHost

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 7C7A 0
0 92ms
17ms Document
text/plain 216.52.2.39
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D18%26key%3D%24UID
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Date: Tue, 07 Mar 2023 14:49:00 GMT
X-Sovrn-Pod: ad_ap7ams1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E0DE 16 KB
6 KB 193ms
36ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D1%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=91703
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 07 Mar 2023 14:49:01 GMT
expires: Wed, 08 Mar 2023 16:17:24 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync Show response
vid.vidoomy.com/ Frame F5A6 49 KB
18 KB 441ms
91ms Document
text/html 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.vidoomy.com/sync?gdpr=1&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D133%26pid%3D59c9148628a0612da3689288%26key%3D%7B%7BVID%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7e9e84cfacbfd1f40751fb754c9ac00f8a49435e1829de0933dd02c1687fcc97

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html
date: Tue, 07 Mar 2023 14:49:01 GMT
etag: W/"640615ca-c23d"
last-modified: Mon, 06 Mar 2023 16:33:14 GMT
server: CDN77-Turbo
vary: Accept-Encoding
x-77-cache: MISS
x-77-nzt: AamW8ooLLHuh
x-77-nzt-ray: bcd92b1f1b178d11dd4e0764493fa90d
x-77-pop: zagrebHR
x-cache: MISS

GET
H2 204 /
onetag-sys.com/usync/ Frame 0AD1 0
0 55ms
7ms Document
text/plain 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=57e618150c70d90&gdpr=1&gdpr_consent=&us_privacy=1---

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 836D 43 B
304 B 62ms
15ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D23%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-length: 56
content-type: text/html
date: Tue, 07 Mar 2023 14:49:00 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 654F
Redirect Chain

https://ssp.disqus.com/redirectuser/?partner=aniview&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D52%26key%3DBUYERUID
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=52&key=ua-a0e4b215-2527-3282-bf2c-553d8036c55e

0
242 B

301ms
101ms

Document
text/plain

44.194.172.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=52&key=ua-a0e4b215-2527-3282-bf2c-553d8036c55e
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.172.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-172-170.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT

Redirect headers

cache-control: no-store
content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT
expires: 0
location: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=52&key=ua-a0e4b215-2527-3282-bf2c-553d8036c55e
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame DDF4
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=3655&_fw_gdpr=1&_fw_gdpr_consent=
https://sync.aniview.com/cookiesyncendpoint?biddername=9&key=f9963c1478bdfd48c4e7912768c06b&_fw_gdpr=1&_fw_gdpr_consent=

0
230 B

205ms
98ms

Document
text/plain

44.194.172.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?biddername=9&key=f9963c1478bdfd48c4e7912768c06b&_fw_gdpr=1&_fw_gdpr_consent=
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.172.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-172-170.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Tue, 07 Mar 2023 14:49:01 GMT
Expires: Tue, 07 Mar 2023 14:49:01 GMT
Location: https://sync.aniview.com/cookiesyncendpoint?biddername=9&key=f9963c1478bdfd48c4e7912768c06b&_fw_gdpr=1&_fw_gdpr_consent=
Pragma: no-cache
Server: nginx
x-sticky-vk: 1678200541290052-511

GET
H/1.1 200
OK auto-user-sync Show response
ads.stickyadstv.com/ Frame E7AF 43 B
622 B 664ms
116ms Document
image/gif 2.18.79.139
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/auto-user-sync?px=1953&_fw_gdpr=1&_fw_gdpr_consent=
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.79.139 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-79-139.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 07 Mar 2023 14:49:01 GMT
Expires: Tue, 07 Mar 2023 14:49:01 GMT
Pragma: no-cache
Server: nginx
x-sticky-vk: 1678200541410082-594

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame 4A75 0
0 330ms
10ms Document
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
date: Tue, 07 Mar 2023 14:49:01 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame C54C
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D10%2...
https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=10&pid=59c9148628a0612da3689288&key=eoLD2hUVb4k7&ev=1&us_privacy=1---&pid=562704

0
206 B

343ms
99ms

Document
text/plain

44.194.172.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=10&pid=59c9148628a0612da3689288&key=eoLD2hUVb4k7&ev=1&us_privacy=1---&pid=562704
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.172.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-172-170.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control: private, max-age=0, no-cache, no-store
content-language: de-DE
cw-server: bh-deployment-68b8b6bc74-whwb6
expires: -1
location: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=10&pid=59c9148628a0612da3689288&key=eoLD2hUVb4k7&ev=1&us_privacy=1---&pid=562704
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server: Jetty(9.4.50.v20221201)
strict-transport-security: max-age=15768000

GET
H2 200 avpb7.36.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 7941 202 KB
64 KB 29ms
21ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: d69440f62c2f0fa5dab70a4e5201a78f51b4a2cdb7ea6ba62d56152bcc19150c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Sun, 05 Mar 2023 08:29:37 GMT
etag: "1678004977"
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds072.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 65112

GET
H2 200 avpb7.36.0a1.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 7941 64 KB
21 KB 32ms
25ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 416d2349f28515c7cb5870cbe2d68ca856da606d52015ab39612fc342ba29984

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Sun, 05 Mar 2023 08:29:37 GMT
etag: "1678004977"
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds262.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 21150

GET
H2 200 avpb7.36.0a6.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 7941 60 KB
18 KB 30ms
23ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0a6.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 8cedbc8dad336a37838ccda9b0b3424740198deac08c24095f5a57b0dcf3389f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Sun, 05 Mar 2023 08:29:37 GMT
etag: "1678004977"
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds262.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 18462

GET
H2 200 avpb7.36.0a3.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 7941 64 KB
20 KB 33ms
27ms Script
application/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: 507b637b1c4d256d43f0fa5114c1041d439a89e297853e91c95fbb2964bd6543

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:00 GMT
content-encoding: gzip
last-modified: Sun, 05 Mar 2023 08:29:37 GMT
etag: "1678004977"
x-hw: 1678200540.dop201.lo4.t,1678200540.cds325.lo4.hn,1678200540.cds262.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 20585

GET
H2 200 track
track1.aniview.com/ 0
70 B 99ms
97ms Image
text/plain 44.207.237.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=go299.a7bbab.com&rs=go299.a7bbab.com&sid=67096&t=1678200540&cip=217.64.151.68&sn=&tgt=0&osv=10&bv=110.0&brn=Chrome&wi=882&he=496&app=&AV_PUBLISHERID=63e26ea450153dfa9007b615&test=&d64=93e84dd0a7819926a5761743706bf01f&d63=93e84dd0a7819926a5761743706bf01f&aafaid=&proto=https&uid=1678200540661-973629974187-001175-002-002090&cha=0.7&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&d35=&d36=6.2.87&cb=18204040873&d39=&d65=&d66=8.2.12&apppkg=&d9=1000&prbdres=UndisclosedClassification&prbdlevDB=&prebdlevEnt=0&prbdsup=whiteOps&d16=2&d37=realtime&pt=2&d66=8.2.12&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&cvid=&cpid=&str=external&AV_WIDTH=882&AV_HEIGHT=496&nid=63e26ea450153dfa9007b615&ncid=63e45f60d4c09df37c051e35&e=request&cb=1678200540932&asid=63e55c46552a7792500971c8&ofpr=&fpo=&ri=1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.237.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-237-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 99ms
98ms Image
text/plain 44.207.237.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=go299.a7bbab.com&rs=go299.a7bbab.com&sid=67096&t=1678200540&cip=217.64.151.68&sn=&tgt=0&osv=10&bv=110.0&brn=Chrome&wi=882&he=496&app=&AV_PUBLISHERID=63e26ea450153dfa9007b615&test=&d64=93e84dd0a7819926a5761743706bf01f&d63=93e84dd0a7819926a5761743706bf01f&aafaid=&proto=https&uid=1678200540661-973629974187-001175-002-002090&cha=0.7&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&d35=&d36=6.2.87&cb=18204040873&d39=&d65=&d66=8.2.12&apppkg=&d9=1000&prbdres=UndisclosedClassification&prbdlevDB=&prebdlevEnt=0&prbdsup=whiteOps&d16=2&d37=realtime&pt=2&d66=8.2.12&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&cvid=&cpid=&str=external&AV_WIDTH=882&AV_HEIGHT=496&&copid=63e26ea450153dfa9007b615&nid=59c9148628a0612da3689288&cocid=63e45f60d4c09df37c051e35&ncid=63e5061b36288e91600ffd94&coasid=63e50670baa306bb0b0ce1b4&e=request&cb=1678200540932&asid=63f60013b19c4ff632077704%2C640066b4485a4310c601a725%2C63ee76f6b0840224bc0040ea%2C63ef3d351d4d5c492e0e302f&ofpr=0.35%2C%2C0.25243%2C0.1523&fpo=%2C%2C%2C&ri=1%2C1%2C1%2C1
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.237.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-237-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 204 / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
212 B 204ms
13ms XHR
text/plain 3.72.209.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=15013&adtype=video&auc=63e50670baa306bb0b0ce1b4%7C63ee76f6b0840224bc0040ea&w=882&h=496&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.177%20Safari%2F537.36&l=en&dt=1&pid=62133&requestId=23f1b26e9833b6&schain=%5Bobject%20Object%5D&bidfloor=0&d=a7bbab.com&sp=https%253A%252F%252Fgo299.a7bbab.com%252F19664%252F2021%252F%2525D9%252587%2525D9%252584-%2525D8%2525AA%2525D8%2525B9%2525D8%2525AA%2525D9%252582%2525D8%2525AF-%2525D8%2525A7%2525D9%252586%2525D9%252583-%2525D8%2525A7%2525D9%252584%2525D8%2525B4%2525D8%2525AE%2525D8%2525B5-%2525D8%2525A7%2525D9%252584%2525D9%252585%2525D8%2525A4%2525D9%252587%2525D9%252584-%2525D9%252584%2525D9%252584%2525D8%2525AD%2525D8%2525B5%2525D9%252588%2525D9%252584-%2525D8%2525B9%2525D9%252584%2525D9%252589-%2525D8%2525B3%2525D9%25258A%252F&usp=&coppa=false&videoContext=instream
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.72.209.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-209-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://go299.a7bbab.com
date: Tue, 07 Mar 2023 14:49:01 GMT
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
195 B 171ms
156ms XHR
text/plain 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://go299.a7bbab.com
date: Tue, 07 Mar 2023 14:49:01 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
363 B 11ms
11ms XHR
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://go299.a7bbab.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 470ms
10ms Preflight 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://go299.a7bbab.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://go299.a7bbab.com
access-control-max-age: 600
age: 0
content-length: 0
date: Tue, 07 Mar 2023 14:49:01 GMT
server: ATS/9.1.10.25

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E0DE 0
42 B 79ms
13ms Script
text/plain 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=56506495&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D1%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
content-length: 0

GET
H2 200 urlsvid.json Show response
vpaid.vidoomy.com/sync/ Frame F5A6 1 KB
735 B 270ms
42ms XHR
application/json 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.vidoomy.com/sync/urlsvid.json
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=1&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D133%26pid%3D59c9148628a0612da3689288%26key%3D%7B%7BVID%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 79adcf5d728d216874b367b40d662ba0d00c67de3c6a921a91a6233e59c7da9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-77-pop: zagrebHR
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 343628
x-77-nzt: AamW8oqDcp3/TD4FAA
x-accel-expires: @1678893713
last-modified: Thu, 09 Feb 2023 09:51:05 GMT
server: CDN77-Turbo
etag: W/"63e4c209-42e"
x-77-nzt-ray: bcd92b1f1b17d211dd4e0764d9e7c723
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true

GET
H3 200 container.html Show response
1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E1CD 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:400d:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:48:59 GMT
expires: Wed, 06 Mar 2024 14:48:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame EC39 222 KB
60 KB 21ms
19ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame EC39 15 KB
5 KB 24ms
22ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame EC39 94 KB
28 KB 25ms
23ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame EC39 5 KB
2 KB 27ms
25ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame EC39 40 KB
13 KB 28ms
26ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame EC39 6 KB
672 B 43ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 13:19:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame EC39 3 KB
3 KB 21ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5792
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame EC39 344 B
368 B 21ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81004
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame 59F2 222 KB
60 KB 21ms
19ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 59F2 15 KB
5 KB 24ms
22ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 59F2 94 KB
28 KB 25ms
23ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 59F2 5 KB
2 KB 28ms
27ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 59F2 40 KB
13 KB 29ms
27ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 59F2 8 KB
895 B 43ms
42ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 13:32:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 59F2 3 KB
3 KB 24ms
24ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5792
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 59F2 344 B
368 B 24ms
24ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81004
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

GET
H3 200 container.html Show response
1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B596 6 KB
3 KB 24ms
23ms Document
text/html 2a00:1450:400d:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:48:59 GMT
expires: Wed, 06 Mar 2024 14:48:59 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame 9209 222 KB
60 KB 36ms
19ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 9209 15 KB
5 KB 40ms
23ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 9209 94 KB
28 KB 40ms
23ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 9209 5 KB
2 KB 40ms
24ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 9209 40 KB
13 KB 40ms
25ms Script
text/javascript 2a00:1450:400d:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 07 Mar 2023 01:48:03 GMT
age: 46858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Mar 2024 01:48:03 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9209 8 KB
895 B 52ms
43ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 12:58:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9209 3 KB
3 KB 31ms
22ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5792
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9209 344 B
368 B 31ms
22ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81004
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EC39 0
0 66ms
60ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWmCo204HZIifO6-B9u8Pobmr-A_Lru-Ub9_ryNmGEZ3M_d8FEAEgrMe7HmCV4pCCoAegAe7C8_woyAEJqQK3dJxqAuexPuACAKgDAcgDCqoEwwNP0NVgvSQRU97sjBCdwPQKrAaWLPIy5lG8vObv_VIPwCB67CDFFQr5m17MxsSJCyJY0867JHinNUhMAtvTL-h4MrhkmX05wgpySgy7IgfQQJQW08Elejt4dJ-gQoGU9S2BHfDP-vjQKupBljdmS_hPqt_GzpferYgS76r2WW7A1kAMdz5wkGvyvoR7XJbsMBB6hY-jKeXAd-Olal6LmzDOdkYPuH0GQfQNyjFTv4BbS6mpuVwqz4mSeUTSYu4y1sqA2zm023j4BnWu1tmIx8r2gEP8UPkvbYFZSJ_LkPX-XdV10t6MkmuLo-rKwflZ27tpzfbTFpCV7ah350Msq02Hl4-q3ra5yYEVMkjASmK7qvoInSHLLMyc4pzhtUrziRs546UrY49xWaW7LX1O9y8DH-BNPafg7AmbtgOGpgSqSe3IMfOXOcSIzIsNGbbMG4u-f4QPNOcw0yyDysS9xQLzgdyFQ29tsK0oVhO2S73IR-5_XL13eG9Q4Rle1XuEjyUb0lrC7pU-TvRQs5r2q4BYvajmyZEFr_7l9Gj1Tsg8Xt4MHpGU3dhTVsfoWmgZAndshex7XQe7_xhoIcKY6tZKciUhwAS90MWGmgTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH6o7E3AOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDwjxLSCBEIgOGAEBABGB0yAqoCOgKAQIAKA8gLAbgT5APYEwyIFALQFQGAFwGyFx4KHAgAEhRwdWItNTYwMzI0ODEyMDk4MTI5OBjCmyI&sigh=ViHXgGFib2Q&uach_m=[UACH]&cid=CAQSSwDUE5ymQo4lGo6HAnzoIpSRl9__zNq4Qnqpbwa1ASTdD0lWo7_sfoNw6AUo08AQX-PLw7nrUjA-RFsF_SQaWnw8a0F1rpAjBFD3dxgB&template_id=484
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9209 0
0 69ms
63ms Image
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4fG3204HZIufO6-B9u8Pobmr-A-y0aambr6xleL4Dcva7Pf3CxABIKzHux5gleKQgqAHoAHYkKCkA8gBBqkCt3ScagLnsT7gAgCoAwGqBL8DT9C_QsL1OPG-vZ8uwHho1JwXh51nNuHiKXqNBqN5m6EEslrHeiUl4MgUoLDKUvY0I4RHLINZusqFp5YQhZwViLIb54DI6jGWZtHDGmotFabCFZ_Gw9JOH1O2NBpMuVJ5_uZrKvhDIRpe2xN4Ba8cjEOPEgUWUtluhSN7DcG-86DE_h9E2VXtGagKIVMxkbJsl5CWwjer_hOMHTfvvU58oc6IidP-qnR1QD-Ld0PoqaLpbO3QzUA14xcEh5VTwkpaFO_wgew1iBngOj8Yo4_HR_oMcEPAPQEZNwcqIFyguXFXAT0l-Udw2K6SVqaIrIMof-XYw7JV3Z_7M-nlxp_jVoJijRAWzCdn2uG3GwHxHREr3AHSlAM5wx37uaNk9iGDCaXC-SF-zsprMoTkr2Y6lh8g1M506g_ydFX4IXf9iPO3oF6nssUNsCpDuEwDIclzsj47mqPbkN-QYswDxV9wiJfhXmmYRcK50ULoSPI2ORaqGtUdMY7uIct7LHipuFXALnQyVVEQJtXkjsZ8EXLwDdPh-lraBjMXpdZ7SJUbakpWPF6JDd-ovcvp3z8uErjkrxN3bC0BE81W6dmi8bE7wATNjJPk8gLgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAYAHkO_fW6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEKm8T9IIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMNiBQN0BUBmBYBgBcBshceChwIABIUcHViLTU2MDMyNDgxMjA5ODEyOTgYwpsi&sigh=4sCgHasS0LU&uach_m=[UACH]&cid=CAQSSwDUE5ymQo4lGo6HAnzoIpSRl9__zNq4Qnqpbwa1ASTdD0lWo7_sfoNw6AUo08AQX-PLw7nrUjA-RFsF_SQaWnw8a0F1rpAjBFD3dxgB&template_id=5007
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/18021388592624635011/ Frame EC39 38 KB
38 KB 23ms
23ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18021388592624635011/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81cfb8f53a22f8c99c19ecd285680f4738ab9e53be420870f758e061e5cf01a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 19:50:57 GMT
x-content-type-options: nosniff
age: 413884
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39287
x-xss-protection: 0
last-modified: Tue, 01 Nov 2022 14:44:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 01 Mar 2024 19:50:57 GMT

GET
DATA 200
OK truncated
/ Frame EC39 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a04dc353c543c99eb9c916da24feceb0d23283ef2b4f5a4c6629c02a2aa43f18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EC39 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1bc8e0364833ae0f06bbec0c4cc3c0637591999b9b2dbc673a04caa44f55151b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/5995662599343793308/ Frame 9209 30 KB
30 KB 28ms
28ms Image
image/jpeg 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5995662599343793308/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23e7afccd3598db227e48998217f91e8d16103f9436d696b45bd5a246e4c1a67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 10:29:57 GMT
x-content-type-options: nosniff
age: 15544
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30828
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 11:22:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 06 Mar 2024 10:29:57 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/11924036859838182655/ Frame 9209 1023 B
1 KB 35ms
34ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11924036859838182655/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21ecb33b75e1ad2219ab9047dbf911a358dddcaf6d2e13f647712c96afeaa9f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 09:46:47 GMT
x-content-type-options: nosniff
age: 536534
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1023
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 15:54:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Feb 2024 09:46:47 GMT

GET
DATA 200
OK truncated
/ Frame 9209 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd2b2de4e0658426f26c826a8a7761f883bf018aa9764ac3b9f586884c39f646

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3BF7 624 B
245 B 60ms
55ms Document
text/html 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ_eHmjwIYudOa4QEwAQ&v=APEucNUytf3u1QHKyx18X2xtR1yotgA5ts2XsLS9_5D-EdPi38rzLXV8eVmyf_chZb95Zq0uqZC4XVDpsIXgv472ho-G6ViGNMgUG_aPB1eDfQzfPLhIjKNiMCV8yAshv3fmx8PF2WxgH4C30EpYcc6TZk7fCFxA-7pK0AU3znsHiQ_X6UVBKVo

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:49:01 GMT
expires: Tue, 07 Mar 2023 14:49:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E1CD 78 KB
27 KB 73ms
71ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1CD 42 B
63 B 57ms
51ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DI7mjYtzItGkgMUeWwTbWbzTV50eJV3sXdocwMmPTDmN2CK-TA6Wej4vTxr3XjFZejzELC2C3x_AZYmjYb4WsAaScxgRCRnCT2E7ZnV-BIcTt0JRc

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1CD 0
20 B 58ms
52ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1209309057542641058&x=1&ct=76

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame E1CD 3 KB
1 KB 31ms
25ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/window_focus_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame E1CD 20 KB
8 KB 27ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c95fae81c74bcffbf17e425b12ade6b9a510178a5fc66ddfaeee0d0db76c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8558
x-xss-protection: 0
server: cafe
etag: 3110455901848521628
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E1CD 158 KB
49 KB 82ms
75ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b375fe66c260836a3827af7972ab6a88953c43522e202584363f80594e7ae433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49547
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678106210411282"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F5A6 0
0 37ms
36ms Image
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%24UID%26vid%3Da6f37f0123013099a595be2217fc435a%26dspid%3Dpubmatic
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame F5A6 0
239 B 44ms
8ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-vidoomy&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame F5A6 0
191 B 100ms
13ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?gdpr=1&gdpr_consent=&nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%7BuserId%7D%26vid%3Da6f37f0123013099a595be2217fc435a%26dspid%3DCEN
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://vid.vidoomy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EC39 15 KB
16 KB 20ms
20ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 12:23:05 GMT
x-content-type-options: nosniff
age: 440756
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Mar 2024 12:23:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EC39 15 KB
15 KB 23ms
23ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 13:40:31 GMT
x-content-type-options: nosniff
age: 436110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Mar 2024 13:40:31 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame B596 4 KB
636 B 42ms
42ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 14:42:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H2 200 89d7ca8249da9b1fce758df22cf4efd3.js Show response
www.gstatic.com/mysidia/ Frame E4C2 10 KB
4 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/89d7ca8249da9b1fce758df22cf4efd3.js?tag=client_fast_engine_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2500cea629c6bbfc4ab85693f21ac707f0a92d02f32781a2bea98f7065e4fbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:02:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20801
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4405
x-xss-protection: 0
last-modified: Sun, 05 Mar 2023 05:15:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 05 Jun 2023 09:02:20 GMT

GET
H2 200 b74e08c96fd6ffaf41b74858b161eff8.js Show response
www.gstatic.com/mysidia/ Frame E4C2 148 KB
55 KB 21ms
20ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b74e08c96fd6ffaf41b74858b161eff8.js?tag=gpa/dynamic_fig_web_banner_v2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e444ac06cccde32f7aead9684732cef25669e4d657c1a617feddffbb30f3bd82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 23:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 488862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56098
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 18:22:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 30 May 2023 23:01:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame E4C2 2 KB
765 B 21ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 21:16:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Mar 2023 21:16:59 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/ Frame E4C2 22 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e41caae174108db2b9d3947eb5cbc348c5e431a00f272917ea10cf2830ffb3c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 05:43:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9103
x-xss-protection: 0
server: cafe
etag: 315661852888499207
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 05:43:42 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame E4C2 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/ Frame E4C2 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c95fae81c74bcffbf17e425b12ade6b9a510178a5fc66ddfaeee0d0db76c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8558
x-xss-protection: 0
server: cafe
etag: 3110455901848521628
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E4C2 158 KB
48 KB 81ms
80ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b375fe66c260836a3827af7972ab6a88953c43522e202584363f80594e7ae433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49547
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678106210411282"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Mar 2023 14:49:01 GMT

GET
H2 200 887cfa9374a0c130d54aa7fe143e0312.js Show response
www.gstatic.com/mysidia/ Frame E4C2 34 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/887cfa9374a0c130d54aa7fe143e0312.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e45fd1bfd4e9faa44d111f64bef4ccea9e66b10fb0a957d91019ac033b7c22c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sun, 05 Mar 2023 16:35:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166440
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14316
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 20:31:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 03 Jun 2023 16:35:01 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/ Frame B596 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e37316f20ee8564506ca9dbf035ba412ef6f79d7fd534c98b6f7d2bd49e11dc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 21:27:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8547
x-xss-protection: 0
server: cafe
etag: 17360858034827311943
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Mar 2023 21:27:17 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B596 205 B
518 B 39ms
39ms Image
image/png 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:21:46 GMT
x-content-type-options: nosniff
age: 1635
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 06 Mar 2024 14:21:46 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B596 604 B
694 B 40ms
39ms Image
image/png 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:14:18 GMT
x-content-type-options: nosniff
age: 2083
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 06 Mar 2024 14:14:18 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3BF7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ_eHmjwIYudOa4QEwAQ&v=APEucNUytf3u1QHKyx18X2xtR1yotgA5ts2XsLS9_5D-EdPi38rzLXV8eVmyf_chZb95Zq0uqZC4XVDpsIXgv472ho-G6ViGNMgUG_aPB1eDfQzfPLhIjKNiMCV8yAshv3fmx8PF2WxgH4C30EpYcc6TZk7fCFxA-7pK0AU3znsHiQ_X6UVBKVo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Mar 2023 14:49:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3BF7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZAdO3Yf5ghIWeX83GqodgAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ_eHmjwIYudOa4QEwAQ&v=APEucNUytf3u1QHKyx18X2xtR1yotgA5ts2XsLS9_5D-EdPi38rzLXV8eVmyf_chZb95Zq0uqZC4XVDpsIXgv472ho-G6ViGNMgUG_aPB1eDfQzfPLhIjKNiMCV8yAshv3fmx8PF2WxgH4C30EpYcc6TZk7fCFxA-7pK0AU3znsHiQ_X6UVBKVo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Mar 2023 14:49:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIk6QFcRr9FDVNmzLt-cFeI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3BF7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMwqjIUsyQiHw99oky_iCmQ&google_cver=1

43 B
1 KB

26ms
25ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMwqjIUsyQiHw99oky_iCmQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ_eHmjwIYudOa4QEwAQ&v=APEucNUytf3u1QHKyx18X2xtR1yotgA5ts2XsLS9_5D-EdPi38rzLXV8eVmyf_chZb95Zq0uqZC4XVDpsIXgv472ho-G6ViGNMgUG_aPB1eDfQzfPLhIjKNiMCV8yAshv3fmx8PF2WxgH4C30EpYcc6TZk7fCFxA-7pK0AU3znsHiQ_X6UVBKVo

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Mar 2023 14:49:01 GMT
AN-X-Request-Uuid: 0dc4b6e8-8035-4ae9-9f8c-116083f16b48
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.68; 217.64.151.68; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMwqjIUsyQiHw99oky_iCmQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3BF7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk2MTEzOTkxMDA2NzcyODczNA%3D%3D

170 B
243 B

42ms
42ms

Image
image/png

142.251.208.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk2MTEzOTkxMDA2NzcyODczNA%3D%3D

Requested by

Protocol

Server

142.251.208.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s43-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 07 Mar 2023 14:49:01 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.68; 217.64.151.68; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2283007b-1d16-43fd-85b6-906706a7105f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjk2MTEzOTkxMDA2NzcyODczNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 9209 28 KB
28 KB 20ms
20ms Font
font/woff2 2a00:1450:400d:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go299.a7bbab.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 16:20:09 GMT
x-content-type-options: nosniff
age: 512932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Feb 2024 16:20:09 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8436 42 B
64 B 59ms
56ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsveAlLcLlw5UrVV5ipbLYVMfzxl1sMBLsd5knKG9EVim42_qUQAd5lX3gp7kNb__lCpYK19j38xE0c3HzK5Z1uT-pc_SrjGIucPCvICFq1X7eQjQ5ayOtDbl5wKUJTvmnEzYG0F0A&sai=AMfl-YRQbpmlqhUiFOaT0gdrNFticpa072BKX503zKRhTtLOk8nEh6d5pB7Fst5doO9Qh4sbOvDZau_zFhupM9Wg2pykDIidod8KIOgK1V4iL9V_no10Wo07KYNbMnQGyOV8j4f1s16Xi6w4CKEEFA&sig=Cg0ArKJSzPZWXBZrKRlSEAE&cid=CAQSTADUE5ymZrYqmMbsCZezSLtxlRLOtboO-_XMzOseeqSDsbwlVU4iYGbZbf4pGpLVcQ9VUozWW5irziWSDUBOmHKH1R3EYe-4mWKoracYAQ&id=ampim&o=403,1046&d=360,300&ss=1600,1200&bs=1600,1200&mcvt=1033&mtos=0,0,1033,1033,1033&tos=0,0,1033,0,0&tfs=238&tls=238&g=51.33333206176758&h=51.33333206176758&tt=1272&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1CD 0
20 B 52ms
51ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9782834140047&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1CD 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9782834140047&version=m202301230201&ct=76&x=1&cor=1209309057542641200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E1CD 83 KB
35 KB 78ms
78ms Script
text/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaV7fFvdoJxxmKzlZn0Q-XRGjDPgiT2MiKfR_JUzxoRaYSWu3dS8-ilw8tnRoGr84nwCT9WxYtJIFiQvNeU2vXRYDT-A&cry=1&dbm_d=AKAmf-Cnaxw6x65xX0njXIG0KwCRTS-wSTwBX1MtDNnm2n2FAbDqlAV8aMxq3uyuRnZDU42VBSDZM9FiPuyI1ZxYN-TCWOExUIOxNVv_zluHHfkBSpyuBpml7hhX2laFN_eV0q2qQ65rnjmVINvjSI4U2w7uy36bK_S33dkY8BAaIgaA1z5jpTcC4eV5K-8xknR5R6AaRBwUDzMzJWhQntdlu7NXM1iTLvgdk7n0WtZ62kmg7ZFpQsFVgYF4SFI3ik5nN6a2C3mbJRIodIwU7tn040vp7LgZ4CbyZbgqcdqCflhUgNW-LQ4kZI4JL_axDJAfQiGvMAQrydvfcQw-Os-H2oMhWndXliYtbH1RXA5Vz0K_0z60kXZLzFGXVcraulFShdfaB8NtU33WvlRvBX-5A8EeN9FVHi_6-x2I6iLZR-p6DYXWgFrcNeOVjb2DF3FpjnccMtpfambNIs8eMys9Bs29aoScYAN5jpuOveiPnVQHha-DnhwRoGrZ_lQPfHO0j5-PGYwxr-2ds-0qVSTg3QzCbYT_fisJ2pyxvFliPFGrIhHEvuQbkdsMPg3UsBXbM3AKoCPkYLMD7RW4PZw7E2RQ5kMAikKk1wuCgRp881ge_gsI2fZHrvRCbr4J48lFzJ6W-wXZA7BWFjC1hlu4ooV-u1nAh9CAemShetdZsH2bjlxQitEmDl3IvTgp32bF4yagtS0v0PHA7lMlByRyx6KDf994TPsoODPFv5mZZG_i9cN6SsxMui0XCdwSD1n3X-cs-n8avg6vdLxKCTEvVAZzcQw3S8oN2o8ZelBieW0YA7TmN-S6mTTIg285ft1h-zfilk5jMS13NaCQxwggQ-_DhEOvaxGZv0lDYciFXpgTcJnu7YmIi5QrotStw0UM390VUgpXJaJwY-JpkA_y-Wos6wR-t1OpquBWhaewtmCzP8KjXq1kx4fitYMhPMNiKKHYpWd6WCCpr9FNary-CWKV55gl-mxg3_LJm56hMpM3-oSk2a6H358gUcuhI2St3qcvRZm8gauM6j9h5EVBf5K24faiql4bPxVglmxr-ceKqnw08-21UNm6se9Wfuj8cUaYMY9iwwWiW5oAGi6EUjUJk3ke2t8v_AIO1n27mMPcpd3Pgfw-tC0eFIFfPndKMNRsl-ZvG_24nSVR20Z-84QiJyahUJ95VgLwrkl-T85Za6_5OEu44aD7FHJxBxUoKCNzwE6Rhew1SORpaP24T5Oo9T397ys4HhloGOvroKiTRz8RweYeCCi6nEqhO2OB3BvW_JpPoh0g-ZRsQmd0Nzih2173l7WPNTFikjooewFe26rVuASRYmboxEdtpSiECpTqkIh_xc7Loavw2ayq0ZnoPFa_dFeXb72sQniFBvjGaBDQxtfmP1sERG33Hm0Ru6VIm0jLWnW5mfjmnxc-FhcCrFCrgPHBbwNAwEEAZjZ7Ixl90MJ8Ls_KT-wRBVsU7tYjVY9emcjWpsn1PoeekR94W2SSILzB9_aZ5Y252QT2D1bmlPSoCxYl7UeuQBUoC5Yab8MKAyHxdoJZ3EIucYXcriCGhcjn96iMj5bbk721LZ5njKiOTz29OsMGCg9uyhNo2Q8NdMBxWZi4gNKkg5yVzmu_GpRX7rjezEEVtTyFSvPj4GeCXImAEuzsiXpMO45tBffb-ySEc5LR1EK6hbjRmsJlqrRDrbrXPhPx7WulO5ARIjpcGVbNgmgYgjCKH_7ogRupAo-dGJg9E4VU-ysIQE0xP3GcNi41gmDBcm8YtDN24d4KDC0QpxwyYs5w6vP2pQopq7e6beeZzfiIMgBkS9sSLnJudhglUYeMVuMJLVinW-ejQZByi5G3A0gNTNZGNnta4-O587uG4YvG7VMiCgzeb9l2qZlf9dNlfAtWkLeNPRzcgDvtde6eMsV_7UCgbe84TtDbkL67joxO0dD2LvsLgtjyLekGiQ1snNYyo1jyBUfpubdJGv01IdljDhMPyvvJS3D6jMxor86Bi7DDhyb1nzExNpEail7dShOzULP1ycNbjEonxt2akW7ltPzI70GpCrqfuVzPzAPy0iW4fTJB9eIzCRe6G9qV56P925_aiwtaVhdE9oU1dOlDYmFtZIXMdJJpImS_kMccLrQA5huyoJ5IJ0ENMQmEKmsF7CG_ezVwyhMbURq-CodwblxNVGTB07bsLlo5TcFE6aijiRh7axXyLrLcNw2A97ivqa9hJrlmjaiO_TAcFrExQ-e6btIJuV8jn70byeFsBqygUwj6Nmgqom_32h2KEZ9xCAlNN88ZNWLMRc_j_2WHmsaIqlAkdqWxsZ3aHjAcqovztDyOCNFAH7PQKn-iW7eZsl1cC3Ojrj8gHAIr6D4ocB9tfhTc4Ny2XbKIUWj6EACcepf64CkQ7vis0ZHSV05CS_2pjU13uhqMqBJHPct5OPSTpiLORR6XcThKXXA5yWn_NVlKEk1dXW5VokCyeXN510z5ueld0iPyC_2QJT_ZW51g9u9xrbbNI9C1LD_D8GQ_6RZsAnJGiRBCMKD8OGJ-_Ke6DUb-Zw2rfFSiZiJKcaNZwW3yCQwv9Cy5nlD7HeTiP-2uD_aKS25fuWFMpg0q3fbomqcM10w28ueNl2S2HBZ8XV0UePOtixp0xpWdQpUwhSRT2Yaj1KjIpNfCEe7y-KutiCC_sAUlMkBjBYnCmSnOEUZjkwf8KSgvIh1lFlzpsze67me6bY2pSJ2KaF1QKrPgW-GTXj0x-U9LTZdaJsx-kGp1Y9wyu5P5JSZwiBqEl29eSOqsoSB51ssRenAi-qgcxRIionRt3Ppw2Ui0rTxIr9LW7ZhQsvr76t-Gu5eyoHcc_iCxQbHzg4FrYDEDCT7LTxJooXNgis_aPWxxSNJmJSKzBad70vW49b-fVEtUkGR5EBUYemGS7JYmQEVHr_yvKbE3Cn5paVaA8p6snhGE4Qb79kiQqqKehWhIbku_BY4iEFc8B6CvwQIIZ0POlw47pjXZT2ijKulA01ihueHkrM4hLhAuxkJ_fMVC2NvAlWJL7XBcxqDj24jrNwodhFmZY0Arj8MURHYoknc15Ff92dxpZ20Ss9DTxua_nEDW3sWy6QnFpCftduIK3XmnjlKxeJCSn_EZGKWEUtax2Tv003N34Hsi9htj3S4GNFPCLw4JiFAoUX4CMOxOFVQ81h6G1JaauqvELg1Kr_W9YHrebrbWu2trlyoaWiPDWptLYkYxhlL-xHR_zjnHbmk80QsHoeYIQSCx04skafIrIbXA8InmENnRCCH6CcSCC7qPv-KX0hJK5nQkXgSVdQWJKplTWtDX-7tKsueToi9S4EBhgnNZkaHdbrmyqyp8LMnV1eqsGJs6QN4rwtSNvmMb25AAYHptRq7CVQPhDeHfwkohIIxLxqG7f3AH9P7dvTNDpVZTLo4SQ2hH6PhVJOZvHjRuD8knwhhhWMxXxvXUnaEpUfz8XeQE3yUx3Ua6-iEQzxeFO48caX8L9A-TSnQNPxInSuoPEoQ9c1B8vUyUokNaDVD4jkx1WB-eo87RnNrXVsT2xrBko8Vn5Z12QbV5hsD15vWHhBeXIGoG7OB4sw9_oyrC3FRfwjdJmNcm1W-yMmx9q-T_eWN2jQpg002A8p15Y5nW9MfRMG5TV-N8gTCp_SOVGhJrQP4FGMf0i7hRayzLLKYwnXVAexUfo9zdB7fuw5axQ0XVpz1VSCx8ji1SI2DVejARDnNo8POFRQkpQw3TWXO-xA1LIZa8r16trWDrVcnj255SmbWj-GI1vw3dT8un2W_fr2iEvu5txP8eheN2mUMyulRYew_I-FNNI_HWCxsZRVEMey6TAl00tFs7elZWw0qIgbzTOYZ1WxQOXFONWsn7lVn9O0-AbpXb1jUG4qpyUkipXOvxN2lg9RhE5v3Yn08ZAkSnI2-rvDE0tIPtRiCNqKQRhe-f8HFjgzMJjhityrKy7udSmKTvYefeeWGu&cid=CAQSSwDUE5ymQo4lGo6HAnzoIpSRl9__zNq4Qnqpbwa1ASTdD0lWo7_sfoNw6AUo08AQX-PLw7nrUjA-RFsF_SQaWnw8a0F1rpAjBFD3dxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fgo299.a7bbab.com%2F&ds=l&xdt=1&iif=1&cor=1209309057542641200&adk=3944675600&idt=81&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eba541d5adfa313972f71bb6af79a4cb3d8b1bacdeef1c921c6fb76fd78e9fdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35805
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 59F2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

51ms
50ms

Image
text/html

2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Server: 2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Redirect headers

date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9209
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

46ms
45ms

Image
text/html

2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H3
Server: 2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Redirect headers

date: Tue, 07 Mar 2023 14:49:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9209 3 KB
3 KB 20ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:12:29 GMT
x-content-type-options: nosniff
server: cafe
age: 5792
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Wed, 08 Mar 2023 13:12:29 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9209 344 B
368 B 20ms
20ms Image
image/png 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 16:18:57 GMT
x-content-type-options: nosniff
server: cafe
age: 81004
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 07 Mar 2023 16:18:57 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E4C2 0
234 B 1278ms
474ms Ping
image/gif 2404:6800:4009:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~leyd9tjo&c=8349543503922&slotId=4174771751961&qqid=CMr4r5iIyv0CFa-A_QcdodwK_w&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/b74e08c96fd6ffaf41b74858b161eff8.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:829::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

206

videoplayback
r1---sn-4g5ednds.gvt1.com/ Frame E4C2
Redirect Chain

https://redirector.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&cmo=secure_transport=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=ip,ipbits,expire,id,...
https://r1---sn-4g5ednds.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,m...

2 MB
2 MB

117ms
7ms

Media
video/mp4

2a00:1450:4001:19::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednds.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=69DC23C107840E82CFECCC60C5A70650976D538D.54C9F56A5DBC863C3C4105780DDD49F058601D15&key=cms1&cms_redirect=yes&mh=ZZ&mip=2001:ac8:20:3d00:1011:73e2:818:a363&mm=28&mn=sn-4g5ednds&ms=nvh&mt=1678200276&mv=m&mvi=1&pl=50

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

2a00:1450:4001:19::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

ffd7a9aff53e8cea580b315a941f80f19b5aac8482f51b953fe8f632b0d86c99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

client-protocol: quic
date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
last-modified: Sat, 04 Mar 2023 20:30:39 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1712198/1712199
cache-control: private, max-age=6899
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1712199
expires: Tue, 07 Mar 2023 14:49:02 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-4g5ednds.gvt1.com/videoplayback?id=868e8ed15d5d9735&itag=18&source=web_video_ads&requiressl=yes&ip=0.0.0.0&ipbits=0&expire=1678207741&sparams=expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,requiressl,source&signature=69DC23C107840E82CFECCC60C5A70650976D538D.54C9F56A5DBC863C3C4105780DDD49F058601D15&key=cms1&cms_redirect=yes&mh=ZZ&mip=2001:ac8:20:3d00:1011:73e2:818:a363&mm=28&mn=sn-4g5ednds&ms=nvh&mt=1678200276&mv=m&mvi=1&pl=50
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 722
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame E1CD 106 KB
37 KB 97ms
21ms Script
text/javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
Origin: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 19:44:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Mar 2023 19:44:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/ Frame E1CD 8 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230302/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaV7fFvdoJxxmKzlZn0Q-XRGjDPgiT2MiKfR_JUzxoRaYSWu3dS8-ilw8tnRoGr84nwCT9WxYtJIFiQvNeU2vXRYDT-A&cry=1&dbm_d=AKAmf-Cnaxw6x65xX0njXIG0KwCRTS-wSTwBX1MtDNnm2n2FAbDqlAV8aMxq3uyuRnZDU42VBSDZM9FiPuyI1ZxYN-TCWOExUIOxNVv_zluHHfkBSpyuBpml7hhX2laFN_eV0q2qQ65rnjmVINvjSI4U2w7uy36bK_S33dkY8BAaIgaA1z5jpTcC4eV5K-8xknR5R6AaRBwUDzMzJWhQntdlu7NXM1iTLvgdk7n0WtZ62kmg7ZFpQsFVgYF4SFI3ik5nN6a2C3mbJRIodIwU7tn040vp7LgZ4CbyZbgqcdqCflhUgNW-LQ4kZI4JL_axDJAfQiGvMAQrydvfcQw-Os-H2oMhWndXliYtbH1RXA5Vz0K_0z60kXZLzFGXVcraulFShdfaB8NtU33WvlRvBX-5A8EeN9FVHi_6-x2I6iLZR-p6DYXWgFrcNeOVjb2DF3FpjnccMtpfambNIs8eMys9Bs29aoScYAN5jpuOveiPnVQHha-DnhwRoGrZ_lQPfHO0j5-PGYwxr-2ds-0qVSTg3QzCbYT_fisJ2pyxvFliPFGrIhHEvuQbkdsMPg3UsBXbM3AKoCPkYLMD7RW4PZw7E2RQ5kMAikKk1wuCgRp881ge_gsI2fZHrvRCbr4J48lFzJ6W-wXZA7BWFjC1hlu4ooV-u1nAh9CAemShetdZsH2bjlxQitEmDl3IvTgp32bF4yagtS0v0PHA7lMlByRyx6KDf994TPsoODPFv5mZZG_i9cN6SsxMui0XCdwSD1n3X-cs-n8avg6vdLxKCTEvVAZzcQw3S8oN2o8ZelBieW0YA7TmN-S6mTTIg285ft1h-zfilk5jMS13NaCQxwggQ-_DhEOvaxGZv0lDYciFXpgTcJnu7YmIi5QrotStw0UM390VUgpXJaJwY-JpkA_y-Wos6wR-t1OpquBWhaewtmCzP8KjXq1kx4fitYMhPMNiKKHYpWd6WCCpr9FNary-CWKV55gl-mxg3_LJm56hMpM3-oSk2a6H358gUcuhI2St3qcvRZm8gauM6j9h5EVBf5K24faiql4bPxVglmxr-ceKqnw08-21UNm6se9Wfuj8cUaYMY9iwwWiW5oAGi6EUjUJk3ke2t8v_AIO1n27mMPcpd3Pgfw-tC0eFIFfPndKMNRsl-ZvG_24nSVR20Z-84QiJyahUJ95VgLwrkl-T85Za6_5OEu44aD7FHJxBxUoKCNzwE6Rhew1SORpaP24T5Oo9T397ys4HhloGOvroKiTRz8RweYeCCi6nEqhO2OB3BvW_JpPoh0g-ZRsQmd0Nzih2173l7WPNTFikjooewFe26rVuASRYmboxEdtpSiECpTqkIh_xc7Loavw2ayq0ZnoPFa_dFeXb72sQniFBvjGaBDQxtfmP1sERG33Hm0Ru6VIm0jLWnW5mfjmnxc-FhcCrFCrgPHBbwNAwEEAZjZ7Ixl90MJ8Ls_KT-wRBVsU7tYjVY9emcjWpsn1PoeekR94W2SSILzB9_aZ5Y252QT2D1bmlPSoCxYl7UeuQBUoC5Yab8MKAyHxdoJZ3EIucYXcriCGhcjn96iMj5bbk721LZ5njKiOTz29OsMGCg9uyhNo2Q8NdMBxWZi4gNKkg5yVzmu_GpRX7rjezEEVtTyFSvPj4GeCXImAEuzsiXpMO45tBffb-ySEc5LR1EK6hbjRmsJlqrRDrbrXPhPx7WulO5ARIjpcGVbNgmgYgjCKH_7ogRupAo-dGJg9E4VU-ysIQE0xP3GcNi41gmDBcm8YtDN24d4KDC0QpxwyYs5w6vP2pQopq7e6beeZzfiIMgBkS9sSLnJudhglUYeMVuMJLVinW-ejQZByi5G3A0gNTNZGNnta4-O587uG4YvG7VMiCgzeb9l2qZlf9dNlfAtWkLeNPRzcgDvtde6eMsV_7UCgbe84TtDbkL67joxO0dD2LvsLgtjyLekGiQ1snNYyo1jyBUfpubdJGv01IdljDhMPyvvJS3D6jMxor86Bi7DDhyb1nzExNpEail7dShOzULP1ycNbjEonxt2akW7ltPzI70GpCrqfuVzPzAPy0iW4fTJB9eIzCRe6G9qV56P925_aiwtaVhdE9oU1dOlDYmFtZIXMdJJpImS_kMccLrQA5huyoJ5IJ0ENMQmEKmsF7CG_ezVwyhMbURq-CodwblxNVGTB07bsLlo5TcFE6aijiRh7axXyLrLcNw2A97ivqa9hJrlmjaiO_TAcFrExQ-e6btIJuV8jn70byeFsBqygUwj6Nmgqom_32h2KEZ9xCAlNN88ZNWLMRc_j_2WHmsaIqlAkdqWxsZ3aHjAcqovztDyOCNFAH7PQKn-iW7eZsl1cC3Ojrj8gHAIr6D4ocB9tfhTc4Ny2XbKIUWj6EACcepf64CkQ7vis0ZHSV05CS_2pjU13uhqMqBJHPct5OPSTpiLORR6XcThKXXA5yWn_NVlKEk1dXW5VokCyeXN510z5ueld0iPyC_2QJT_ZW51g9u9xrbbNI9C1LD_D8GQ_6RZsAnJGiRBCMKD8OGJ-_Ke6DUb-Zw2rfFSiZiJKcaNZwW3yCQwv9Cy5nlD7HeTiP-2uD_aKS25fuWFMpg0q3fbomqcM10w28ueNl2S2HBZ8XV0UePOtixp0xpWdQpUwhSRT2Yaj1KjIpNfCEe7y-KutiCC_sAUlMkBjBYnCmSnOEUZjkwf8KSgvIh1lFlzpsze67me6bY2pSJ2KaF1QKrPgW-GTXj0x-U9LTZdaJsx-kGp1Y9wyu5P5JSZwiBqEl29eSOqsoSB51ssRenAi-qgcxRIionRt3Ppw2Ui0rTxIr9LW7ZhQsvr76t-Gu5eyoHcc_iCxQbHzg4FrYDEDCT7LTxJooXNgis_aPWxxSNJmJSKzBad70vW49b-fVEtUkGR5EBUYemGS7JYmQEVHr_yvKbE3Cn5paVaA8p6snhGE4Qb79kiQqqKehWhIbku_BY4iEFc8B6CvwQIIZ0POlw47pjXZT2ijKulA01ihueHkrM4hLhAuxkJ_fMVC2NvAlWJL7XBcxqDj24jrNwodhFmZY0Arj8MURHYoknc15Ff92dxpZ20Ss9DTxua_nEDW3sWy6QnFpCftduIK3XmnjlKxeJCSn_EZGKWEUtax2Tv003N34Hsi9htj3S4GNFPCLw4JiFAoUX4CMOxOFVQ81h6G1JaauqvELg1Kr_W9YHrebrbWu2trlyoaWiPDWptLYkYxhlL-xHR_zjnHbmk80QsHoeYIQSCx04skafIrIbXA8InmENnRCCH6CcSCC7qPv-KX0hJK5nQkXgSVdQWJKplTWtDX-7tKsueToi9S4EBhgnNZkaHdbrmyqyp8LMnV1eqsGJs6QN4rwtSNvmMb25AAYHptRq7CVQPhDeHfwkohIIxLxqG7f3AH9P7dvTNDpVZTLo4SQ2hH6PhVJOZvHjRuD8knwhhhWMxXxvXUnaEpUfz8XeQE3yUx3Ua6-iEQzxeFO48caX8L9A-TSnQNPxInSuoPEoQ9c1B8vUyUokNaDVD4jkx1WB-eo87RnNrXVsT2xrBko8Vn5Z12QbV5hsD15vWHhBeXIGoG7OB4sw9_oyrC3FRfwjdJmNcm1W-yMmx9q-T_eWN2jQpg002A8p15Y5nW9MfRMG5TV-N8gTCp_SOVGhJrQP4FGMf0i7hRayzLLKYwnXVAexUfo9zdB7fuw5axQ0XVpz1VSCx8ji1SI2DVejARDnNo8POFRQkpQw3TWXO-xA1LIZa8r16trWDrVcnj255SmbWj-GI1vw3dT8un2W_fr2iEvu5txP8eheN2mUMyulRYew_I-FNNI_HWCxsZRVEMey6TAl00tFs7elZWw0qIgbzTOYZ1WxQOXFONWsn7lVn9O0-AbpXb1jUG4qpyUkipXOvxN2lg9RhE5v3Yn08ZAkSnI2-rvDE0tIPtRiCNqKQRhe-f8HFjgzMJjhityrKy7udSmKTvYefeeWGu&cid=CAQSSwDUE5ymQo4lGo6HAnzoIpSRl9__zNq4Qnqpbwa1ASTdD0lWo7_sfoNw6AUo08AQX-PLw7nrUjA-RFsF_SQaWnw8a0F1rpAjBFD3dxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fgo299.a7bbab.com%2F&ds=l&xdt=1&iif=1&cor=1209309057542641200&adk=3944675600&idt=81&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 13:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3023
x-xss-protection: 0
server: cafe
etag: 4221495933888618527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 13:42:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230302/r20110914/ Frame E1CD 28 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230302/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b4a6ebe3e504b894684b8e94e18e39c512908b42313776600c3cde2452f04df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:08:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10962
x-xss-protection: 0
server: cafe
etag: 11760670070698444384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Mar 2023 09:08:21 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E1CD 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 09:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20441
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Mar 2024 09:08:21 GMT

GET
DATA 200
OK truncated
/ Frame E1CD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7eda59992517a41210626edca43b7769748e44ac6805fcb01d33990355b91650

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6A2E 22 KB
8 KB 22ms
22ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 20441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 09:08:21 GMT
expires: Wed, 06 Mar 2024 09:08:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6A2E 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4a8046f43db9161bd82e0dff8b0589e3d6ccd909b9ed5c44335aefbea7da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 06:28:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14343
x-xss-protection: 0
last-modified: Tue, 28 Feb 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Mar 2024 06:28:22 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2479396005074239626/ Frame DB31 7 KB
2 KB 63ms
21ms Document
text/html 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2479396005074239626/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1976e59bf796af70b58500c38b7c500482f32f282bce8651272542343265e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 112887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2422
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Mar 2023 07:27:35 GMT
expires: Tue, 05 Mar 2024 07:27:35 GMT
last-modified: Tue, 14 Feb 2023 09:33:01 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E1CD 0
0 174ms
63ms Fetch
image/gif 142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstpnZsW2A982xdqjDyFCIMclN-YrKqqYSg2cKP6BSOqFOshgCIvScwdgzjtB_Ktdlkzxb37fYUZYanmPvmoEUlwAuW4uZqT4SgylUEJLFPtb6zd9yGERY1CrtcQRB4MPR1GwDk38_qO1dFrqG598EbXOy_6_c0o-k0pZPndqIFx4j1l5mNmC-rSTgKbPLQIkdh-21MRLeaU-SoCYH4_lGdPlJCRdm9aEZbTXZZyk9UPqVsV2koNP14uDfChLhCgaivkrf2SE9YcnGzHWGDa-Zkn44RnS_GjVQkwnkktQJ2rypmqQ3n3paKDrxTj4SF3O8-lPCzpHaSgYd54LZAVn0k4lDOlICN4MLeNZF8LWDTufEQdS4J-MJe6MWjlCP99kM5-MhwN6sYg2wbJE4ctZh5i_Cc5qB-YLuNUi6a-SAWMNsFIYyg06SVfRh2fckiW99ygxWYx17CAvg5KU7ktrSfigxJnNq-PXrrgUqZ-b3HmKnn58rSKbW1ekWuyNsUHolafJhpQB_wCnzuO63AXFGtiUO8YZfaG5pyuCttAFUdyDtA-B5JpEKEzqsgNElNtVDU66BTGrz8woePfTYrACpM6WQlS-p68B53zyDTC13ku3oh6hnOtMB7ugQ3D3zJZHoPcHufbxsSHd28tWvywT6hU894GCCbrM5quzhw31rWgOWA9oBjCIhICwoNl9tTHxlQGgQqvQYGTGrGEHdr13Xpe32DG5AE0wsvM4UQcefXRPJgxTX8iAp1jXaBGT-rAcn8dgJbbsG8hXQoGfdONEUVqBhU6bZQnkyJL6auheNrsB_azbWku8RR5JB-KotPywsfl81c6FNMpw-dCLqp3lHNZGW8qLrI7OvvXN_Wqh8ce61tR5VGyiPLGq1927h0S5acYYE5mS2e6soawOOOsaNLYAW8vwFImAYp0FKQhMFLn1xXvF3-X697aje2FfxfQpHY9JHVRhE-0QekCvwZ41gOZzA0zQ16nOj5KY6_YKaOIDeh5cX3oRaZGy_XJ5rKA6ShIRMnZw-NRMLoWuj9fvIo4akpX9lltvO9vzbUK2E_KdGm35rjP6KDZw-VIywu2PIYp9dUIhbIuPdqNbFvYti_BtB9LWdvrzQQi738swwlWXgIa9ZGjuPjEN3IBH1Qgm5elqEJGGnW-kFP3qcQe4kZV-IyUmJ9wZzPDYEKtBNF3L5MPMhLPEcgKCfcY17uB45fyv7XrLlo&sai=AMfl-YS3UFBi_cTvsBxeHD_LvAnvXiMW3gX6PCID4c1DC_qWqGDCGkKmUzevqRpmrVZedpPboZQh-2F3-781aNZV0xhfDxgkA_tlR0j7yBDUE7jkl377kbmOpCVhiKn0DNvjqDxqqKd6FeVHTNN9uWbGWmuq2iRxNJsDp1X7vX9Ui39kTbOB6hblGlnoWxXH2zu8dimcVNtEsnPsvs1noUKUjxlUrYx-KElPHvrwL0ylUM8lgGLx0378YcCrDuxUAZoodpTWZMFbbgsfCFR1gCgcNa4xUxvfyTyX&sig=Cg0ArKJSzNn477PHmbpyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=131&cbvp=1&cstd=128&cisv=r20230302.62233&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 07 Mar 2023 14:49:02 GMT

GET
H2 200 hit.gif
visitanalytics.userreport.com/ Frame E1CD 43 B
517 B 78ms
10ms Image
image/gif 108.157.4.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://visitanalytics.userreport.com/hit.gif?t=DCO2fa74be3&gdpr_consent=&gdpr=
Requested by: Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-57.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id: fZAqbzuxSGtIKd7g0Oj0VzvG4UrkztnT
date: Tue, 07 Mar 2023 06:09:44 GMT
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
age: 34845
x-amz-meta-cb-modifiedtime: Tue, 14 Apr 2015 11:43:27 GMT
x-cache: Hit from cloudfront
content-length: 43
last-modified: Thu, 15 Oct 2015 11:22:45 GMT
server: AmazonS3
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
x-amz-cf-id: j-TpOg3XSUMYi7816hXtbK12gz7gKgYMBVDv9F-KnA48IAJXefYG0g==
expires: 0

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame DB31 60 KB
24 KB 55ms
54ms Script
text/javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Mar 2023 14:49:02 GMT

GET
H3 200 cssruleplugin_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame DB31 2 KB
1013 B 54ms
53ms Script
text/javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/cssruleplugin_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d9095c25f5663901783868e1cd2994842dcbb4967ff5d0f0d3b9409b67675c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 985
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:22:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 07 Mar 2023 14:49:02 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/2479396005074239626/ Frame DB31 6 KB
3 KB 22ms
21ms Script
application/x-javascript 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2479396005074239626/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4df49939bb75eb15e5f882dae765ade6b415b50bcf3658bfc7c97994ed62160

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 07:27:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112887
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2585
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 09:33:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Mar 2024 07:27:35 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6A2E 0
20 B 56ms
56ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BeEiH3U4HZJPkNPC89u8P1PKq8AQAAAAAOAHgBAI&bg=!sbKlsubNAAbv3-2Ez987ADkAdvg8WnDQ56J9WOpqZSxV8MxNflLb_qURXvgOj1m_6Ts6JhY9gVcnAuk7SyL7gH8KvitBXOH8pwgCAAAAYFIAAAACaAEHmQL33N5xeB2dIyQD1l2gi8FPfaS9g_Z1SYRFMUmzfqb5-X6OMpreuUnkfQhGyoBFtikw4zMRSiEoWrWmHVVpAhWlndBua_FC2WgfnYCBg4S7thEsqkEGnkWtAoI8rrKUnslAKZ2cE3mwxl2UBAER42eiTvo6mLN7nr2JS3IBVXIgeC50MirHNKAqtBkD5fje_4SRzYWpFddF-PWo3wWRpTO8EPjzT-2FY0wyh30nunluclsNwRWk1eU-q9Nc4nX4C9Br-JAhGKh5stMBEaDqW56LheuMzW-9ADvXRJqhJ2xvPtssCwRZaAo2lZnPCQvY294Ec-hjylj_FqjiN99iN9XrlTGN8ajMbTMN55s7o_-WvQaoYd3sE9rqIY1EBlHqMLzAOscPrGMGNiBgC39BzIm0RMwfSGxqegpBxmrlPdTvFW9_OTOkmkZyxxcGPXR4LRR2x-3ph59mYMN3bQDmfDLchED19d-hAvTHIxVkgVYh-tx8BIL86-PILRl_bdYbK-ZVCVAXkc2_WukZUTpqEFBrNGfW-N1PPhTlJV4GvVGzkH06adYpLE3vMDL8H7ng6wsOwSTYVJG3SMcM9M1IzyccU-55_Kva_SDABsr2gt_2LmZP6hsbpiTsc5TVQLz9JlbYhhvy5jEauEheWT0FjyWRTfX0H-ZANt-PVb7MnFJ-1l1rlwpBM83LpidRxuBaRIJFpVuw42MwMyHsh6R80_W2VLIxk3jF1QZLqK9GLVfy7HvNIb5o3I4W2k-p0XjnsOAcI-Q_mZzzMg3RDsqTcfD5nWztRmEo7euXJYa3Y9IdiO9DC2PUdF4VMOTUpW66x0e4bzBMfDyUZ0lShKQe5lTmpdAVSex_eKN7wtrqEJ5D4mYESPdiprRlXqNdhAt1NTKCYCwkMq2QJ6hwO1NLFi32DM3-a58gTU4tIt8buwDX9AOqg_oVXVukpmbDY0H9NJZ6Nea3sYXfd_xnEhdUky3weXiQ7K4QdVij7UZLh2sjORQ0PDuV2Ac2

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame 0C67 33 KB
10 KB 191ms
190ms Script
text/html 23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 2b02784fa78149d58637b3c6cfb1cb40d1467d7c103cc498e66ac6e567d7f3e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: gzip
last-modified: Tue, 07 Mar 2023 06:53:48 GMT
server: Apache/2.2.15 (CentOS)
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control: max-age=57872
content-length: 9996
expires: Wed, 08 Mar 2023 06:53:34 GMT

GET
H2 204 /
onetag-sys.com/usync/ Frame F80C 0
0 8ms
6ms Document
text/plain 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1678200541227

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.36.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=2961139910067728734

0
428 B

181ms
6ms

Image
text/plain

3.72.209.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=2961139910067728734
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Server: 3.72.209.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-209-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

Date: Tue, 07 Mar 2023 14:49:02 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.68; 217.64.151.68; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1942b21b-873e-456b-a5af-4dbf6014a349
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=2961139910067728734
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cookie
cm.adform.net/ 43 B
106 B 103ms
24ms Image
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ 0
191 B 14ms
13ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=&verify=true
https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-NN0oiS1E2uEDFg88SV.McLhNJXUotobRPc1Z58c-~A&gdpr=0

0
459 B

168ms
7ms

Image
text/plain

3.72.209.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-NN0oiS1E2uEDFg88SV.McLhNJXUotobRPc1Z58c-~A&gdpr=0
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Server: 3.72.209.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-209-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Accept-Encoding, Origin
expires: 0

Redirect headers

location: https://a-prebid.vidoomy.com/setuid?bidder=verizonmedia&uid=y-NN0oiS1E2uEDFg88SV.McLhNJXUotobRPc1Z58c-~A&gdpr=0
date: Tue, 07 Mar 2023 14:49:02 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dvidoomy%26bsw_param%3D79c8c186-d215-4d28-b661-632c6d93f09...
https://x.bidswitch.net/sync?dsp_id=80&user_id=4fe46407-4ede-4c00-9932-fb4e58a73856&expires=30&ssp=vidoomy&bsw_param=79c8c186-d215-4d28-b661-632c6d93f09a&gdpr=&gdpr_consent=
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=79c8c186-d215-4d28-b661-632c6d93f09a

43 B
466 B

20ms
6ms

Image
image/gif

3.72.209.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=79c8c186-d215-4d28-b661-632c6d93f09a
Requested by: Host: go299.a7bbab.com
URL: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
Protocol: H2
Server: 3.72.209.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-209-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: none
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-VD-C
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 43

Redirect headers

location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=79c8c186-d215-4d28-b661-632c6d93f09a
date: Tue, 07 Mar 2023 14:49:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 200 9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js Show response
pagead2.googlesyndication.com/bg/ Frame 2277 36 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4a8046f43db9161bd82e0dff8b0589e3d6ccd909b9ed5c44335aefbea7da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 06:28:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14343
x-xss-protection: 0
last-modified: Tue, 28 Feb 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Mar 2024 06:28:22 GMT

GET
H3 200 comdirect_berater_300x250_v2_js.png
s0.2mdn.net/sadbundle/2479396005074239626/ Frame DB31 108 KB
108 KB 21ms
21ms Image
image/png 2a00:1450:400d:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2479396005074239626/comdirect_berater_300x250_v2_js.png

Requested by

Host: 1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
URL: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db8a29030e00192911032a8526899adf9fde001d5ee74939bc91ebd5d40e282f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/2479396005074239626/index.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 07:26:37 GMT
x-content-type-options: nosniff
age: 112945
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111000
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 09:33:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Mar 2024 07:26:37 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E1CD 0
0 56ms
56ms Fetch
image/gif 142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstpnZsW2A982xdqjDyFCIMclN-YrKqqYSg2cKP6BSOqFOshgCIvScwdgzjtB_Ktdlkzxb37fYUZYanmPvmoEUlwAuW4uZqT4SgylUEJLFPtb6zd9yGERY1CrtcQRB4MPR1GwDk38_qO1dFrqG598EbXOy_6_c0o-k0pZPndqIFx4j1l5mNmC-rSTgKbPLQIkdh-21MRLeaU-SoCYH4_lGdPlJCRdm9aEZbTXZZyk9UPqVsV2koNP14uDfChLhCgaivkrf2SE9YcnGzHWGDa-Zkn44RnS_GjVQkwnkktQJ2rypmqQ3n3paKDrxTj4SF3O8-lPCzpHaSgYd54LZAVn0k4lDOlICN4MLeNZF8LWDTufEQdS4J-MJe6MWjlCP99kM5-MhwN6sYg2wbJE4ctZh5i_Cc5qB-YLuNUi6a-SAWMNsFIYyg06SVfRh2fckiW99ygxWYx17CAvg5KU7ktrSfigxJnNq-PXrrgUqZ-b3HmKnn58rSKbW1ekWuyNsUHolafJhpQB_wCnzuO63AXFGtiUO8YZfaG5pyuCttAFUdyDtA-B5JpEKEzqsgNElNtVDU66BTGrz8woePfTYrACpM6WQlS-p68B53zyDTC13ku3oh6hnOtMB7ugQ3D3zJZHoPcHufbxsSHd28tWvywT6hU894GCCbrM5quzhw31rWgOWA9oBjCIhICwoNl9tTHxlQGgQqvQYGTGrGEHdr13Xpe32DG5AE0wsvM4UQcefXRPJgxTX8iAp1jXaBGT-rAcn8dgJbbsG8hXQoGfdONEUVqBhU6bZQnkyJL6auheNrsB_azbWku8RR5JB-KotPywsfl81c6FNMpw-dCLqp3lHNZGW8qLrI7OvvXN_Wqh8ce61tR5VGyiPLGq1927h0S5acYYE5mS2e6soawOOOsaNLYAW8vwFImAYp0FKQhMFLn1xXvF3-X697aje2FfxfQpHY9JHVRhE-0QekCvwZ41gOZzA0zQ16nOj5KY6_YKaOIDeh5cX3oRaZGy_XJ5rKA6ShIRMnZw-NRMLoWuj9fvIo4akpX9lltvO9vzbUK2E_KdGm35rjP6KDZw-VIywu2PIYp9dUIhbIuPdqNbFvYti_BtB9LWdvrzQQi738swwlWXgIa9ZGjuPjEN3IBH1Qgm5elqEJGGnW-kFP3qcQe4kZV-IyUmJ9wZzPDYEKtBNF3L5MPMhLPEcgKCfcY17uB45fyv7XrLlo&sai=AMfl-YS3UFBi_cTvsBxeHD_LvAnvXiMW3gX6PCID4c1DC_qWqGDCGkKmUzevqRpmrVZedpPboZQh-2F3-781aNZV0xhfDxgkA_tlR0j7yBDUE7jkl377kbmOpCVhiKn0DNvjqDxqqKd6FeVHTNN9uWbGWmuq2iRxNJsDp1X7vX9Ui39kTbOB6hblGlnoWxXH2zu8dimcVNtEsnPsvs1noUKUjxlUrYx-KElPHvrwL0ylUM8lgGLx0378YcCrDuxUAZoodpTWZMFbbgsfCFR1gCgcNa4xUxvfyTyX&sig=Cg0ArKJSzNn477PHmbpyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=293&vt=11&dtpt=162&dett=3&cstd=128&cisv=r20230302.62233&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 07 Mar 2023 14:49:02 GMT

GET
DATA 200
OK truncated
/ Frame DB31 30 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8bba90a18481b39ff1b457148b173ea61e73632d785c84bcbcee54cd00b5018d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame DB31 14 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0eb7a77719035d6d6e69ebe5af07778fd3606e47b587c9d6c02aa7f6efb97708

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame DB31 28 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa34a0a9cfab7678278925a6adc9de74f4c743f9425a219a418c0880c10faf9f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 0C67 284 B
536 B 30ms
8ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/jpg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 284
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 66ms
65ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023030601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04fab0868a6ffc85ab5c8ad72e5d379ab397384d3b3600d6877eb49b0b754c02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11231
x-xss-protection: 0

POST
H3 204 rum Show response
go299.a7bbab.com/cdn-cgi/ 0
141 B 13ms
11ms XHR
text/plain 104.26.8.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go299.a7bbab.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.8.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://go299.a7bbab.com/19664/2021/%D9%87%D9%84-%D8%AA%D8%B9%D8%AA%D9%82%D8%AF-%D8%A7%D9%86%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5-%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84-%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B3%D9%8A/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
content-type: application/json

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://go299.a7bbab.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7a43a48eed113637-FRA

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 68ms
68ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030601.js?cb=31072877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Mar 2023 14:49:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B03A 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 21679
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 08:47:43 GMT
expires: Wed, 06 Mar 2024 08:47:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 83E7 783 B
533 B 43ms
42ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2054b0980886c24f1f64fd8030434c59f484903d978ccb6c998c98e344cbd2b9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AQcPI2ooYVaeYNQIfPsLQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go299.a7bbab.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-AQcPI2ooYVaeYNQIfPsLQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 07 Mar 2023 14:49:02 GMT
expires: Tue, 07 Mar 2023 14:49:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js Show response
pagead2.googlesyndication.com/bg/ Frame B03A 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/9sSoBG9D25FhvYLg3_iwWJ49bM2Qm57VxEM1rvvqfaE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6c4a8046f43db9161bd82e0dff8b0589e3d6ccd909b9ed5c44335aefbea7da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 06:28:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14343
x-xss-protection: 0
last-modified: Tue, 28 Feb 2023 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 06 Mar 2024 06:28:22 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 83E7 0
0 52ms
51ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023030601&jk=111652718764338&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B03A 0
12 B 19ms
19ms Image
text/plain 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dIIpxw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 14:49:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9209 42 B
64 B 56ms
56ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssePTzdMDQQJbs0pCEmO7kYsqo2JeUq2EKUxSQuY2de-jWbAip9HLn1thxE-EcHz019fXq_PtR_CM7g4o2mCqP9pj4gjCtVu7uN3sFRWcbAeh8hqZXRQezovoblvbNdxhsKH6L9h0yJ2p4teyVO_d7QPrStTq0C-8dUeQ&sai=AMfl-YTUoIMY13scK4Bz8RUT5XziGLdUSN8VMo5v-6Bb3DPoO5W3_XmDCEJ03FykDrZwFGF6pOHUBBkS0F7bhV89AaEOEXAgw6bOyeVHWGrt7KB8ozk38t1swzPnsD8a3I05TjgIY4h65mjWeZ-T&sig=Cg0ArKJSzHONqDuNY_H_EAE&cid=CAQSSwDUE5ymQo4lGo6HAnzoIpSRl9__zNq4Qnqpbwa1ASTdD0lWo7_sfoNw6AUo08AQX-PLw7nrUjA-RFsF_SQaWnw8a0F1rpAjBFD3dxgB&id=ampim&o=495,17&d=360,300&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=375&tls=1375&g=100&h=100&tt=1375&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1CD 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9782834140047&version=m202301230201&ct=76&x=1&cor=1209309057542641200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame E4C2 0
54 B 472ms
470ms Ping
image/gif 2404:6800:4009:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~leyd9tju&c=8349543503922&slotId=4174771751961&qqid=CMr4r5iIyv0CFa-A_QcdodwK_w&umsem=0&ple=1&ape=1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/b74e08c96fd6ffaf41b74858b161eff8.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4009:829::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:03 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
55ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023030601&jk=111652718764338&bg=!4OOl47fNAAbv3-2Ez987ADkAdvg8Wg5HHd6Dw2Vd9GzcfUscK8kKQ0IkUTEXL1ZzQMiGfw1FaXjB1t4qqd4xo7JIRyTPKW3iJSsCAAAARFIAAAAJaAEHCgA3vLW6fv6jdSMBPAiQ2QFkw7qwaUiQ9coxcmV4R8S9vU34iJq8tC5YI6Qh44iDUNqg88ekGSlLCpkCqDJiF6NgmJOEKV5HbO-6MuJICW01uZFvqlxqKpzqvHgyc2tpOmzCxutnxn-ek_AxBW1jCtEgcs9ogQ2neD8Jj89Rrzw36H6b51lRLInRtBouxL6rPakeyP0XoTN9zHY50u6AVDoNW18dLRGsRSF85gu5ZfDrzqXWr4e_pVNB0OkswrJybWsUql2DktWNT8vMHYNikexAbXUq_SpJVQwl0UTvanGjbxEkXQMltU3wgYV4AluC2FuWvBYQXnbdtebY41JVNq8mCAOhr7DoH15-3Vietkh9vtXDzzHtYHiFsT2yQwBpCCSYIi1cq9z2KWUheVW71uHMg1tp7G1dqcKZhjGzx_uhNNHjejIVKt94ONDzJtnCxFaxiqsiWjW7R-PMgAjigbSivNXm8yhckI8uTf-w1-kE6wueVR7IIerNpmobfLwUiuF5bscY_--bu6ha689gz8ie0PYrGKvdhz_Zv8q59eEifaLcmnKHSsHD3XpdvfPXbHzo8nWwaRV5kNLd5vXj00IYUT12XR6wCfzh2gDd0DJwZMwOyliYKzxSRKiJvGd25qPSmmxqkH9Y4AH7uNOH0OtiZXhe-WBirUoKkSrumMyGcoz9q5CXzfyMgwVinpw5fIonrr5zQRPQ9INxSr0_4K9-oGyJetHGKfDogHsxz6xLEHFunpzhLs438gnI1PYCf38i4LhmfvdOJCRuDuGqrxenDYkLbdKJY5iA-Eq8TaAwN1Fbdeqf6pF_O3hTqeQdsYJH_tUqNojYrMecb1g84__r6vyQHXuGwsIfQu_xas4bOY8eGSQZIiTpZxPvUGb07Vq08zmmal2ln2GdiYu0IlHLymeJYouPSDdJzR-J-iOl24SQpmpjWq8D4Pv36TjRFMxlBP_U_wUu1IReljWRyxs0e1ML
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H2 200 cookiesyncendpoint Show response
sync.aniview.com/ Frame F5A6 0
234 B 101ms
99ms Document
text/plain 44.194.172.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1678200540661-973629974187-001175-002-002090&biddername=133&pid=59c9148628a0612da3689288&key=a6f37f0123013099a595be2217fc435a
Requested by: Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr=1&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1678200540661-973629974187-001175-002-002090%26biddername%3D133%26pid%3D59c9148628a0612da3689288%26key%3D%7B%7BVID%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.172.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-172-170.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://vid.vidoomy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Tue, 07 Mar 2023 14:49:03 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QC45NQYXDT&gtm=45je3310&_p=1310666776&cid=141607416.1678200539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1678200539&sct=1&seg=0&dl=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&dt=%D9%87%D9%84%20%D8%AA%D8%B9%D8%AA%D9%82%D8%AF%20%D8%A7%D9%86%D9%83%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84%20%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84%20%D8%B9%D9%84%D9%89%20%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%20%D9%85%D8%B1%D8%B3%D9%8A%D8%AF%D8%B3%202023&en=scroll&epn.percent_scrolled=90&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QC45NQYXDT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go299.a7bbab.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 ctrack
track1.avplayer.com/ 0
94 B 473ms
101ms Ping
text/plain 54.146.146.97
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.avplayer.com/ctrack?pt=2&d66=8.2.12&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&pid=63e26ea450153dfa9007b615&cid=63e45f60d4c09df37c051e35&r=go299.a7bbab.com&sn=&cd1=&cd2=&cd3=&app=&test=&cb=1678200539998
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/8/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.146.97 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-146-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 07 Mar 2023 14:49:05 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-QDVJ1GCKH3&gtm=45je3310&_p=1310666776&cid=141607416.1678200539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&sid=1678200539&sct=1&seg=0&dl=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&dt=%D9%87%D9%84%20%D8%AA%D8%B9%D8%AA%D9%82%D8%AF%20%D8%A7%D9%86%D9%83%20%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%20%D8%A7%D9%84%D9%85%D8%A4%D9%87%D9%84%20%D9%84%D9%84%D8%AD%D8%B5%D9%88%D9%84%20%D8%B9%D9%84%D9%89%20%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%20%D9%85%D8%B1%D8%B3%D9%8A%D8%AF%D8%B3%202023&_s=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QDVJ1GCKH3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 07 Mar 2023 14:49:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go299.a7bbab.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
track1.aniview.com/ Frame 7941 0
93 B 99ms
99ms Ping
text/plain 44.207.237.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=go299.a7bbab.com&rs=go299.a7bbab.com&sid=67096&t=1678200540&cip=217.64.151.68&sn=&tgt=0&osv=10&bv=110.0&brn=Chrome&wi=882&he=496&app=&AV_PUBLISHERID=63e26ea450153dfa9007b615&test=&d64=93e84dd0a7819926a5761743706bf01f&d63=93e84dd0a7819926a5761743706bf01f&aafaid=&proto=https&uid=1678200540661-973629974187-001175-002-002090&cha=0.7&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&d35=&d36=6.2.87&cb=18204040873&d39=&d65=&d66=8.2.12&apppkg=&d9=1000&prbdres=UndisclosedClassification&prbdlevDB=&prebdlevEnt=0&prbdsup=whiteOps&d16=2&d37=realtime&pt=2&d66=8.2.12&stagid=63f8907a8aae96ca860d32b6&stplid=63f88bf7671544492b05ff99&cvid=&cpid=&str=external&AV_WIDTH=882&AV_HEIGHT=496
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=63e26ea450153dfa9007b615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.207.237.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-207-237-92.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go299.a7bbab.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 07 Mar 2023 14:49:05 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: oajs.openx.net
URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fgo299.a7bbab.com%2F19664%2F2021%2F%25D9%2587%25D9%2584-%25D8%25AA%25D8%25B9%25D8%25AA%25D9%2582%25D8%25AF-%25D8%25A7%25D9%2586%25D9%2583-%25D8%25A7%25D9%2584%25D8%25B4%25D8%25AE%25D8%25B5-%25D8%25A7%25D9%2584%25D9%2585%25D8%25A4%25D9%2587%25D9%2584-%25D9%2584%25D9%2584%25D8%25AD%25D8%25B5%25D9%2588%25D9%2584-%25D8%25B9%25D9%2584%25D9%2589-%25D8%25B3%25D9%258A%2F&rid=esp

Verdicts & Comments Add Verdict or Comment

252 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bit.ly/	1970-01-20 14:29:12	Name: _bit Value: n27eMW-150d7cf81546673330-00K
go299.a7bbab.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6b6c7f5e7bf88662f1c27c62e3bd9ebf
.a7bbab.com/	1970-01-20 19:46:00	Name: _ga Value: GA1.1.141607416.1678200539
.a7bbab.com/	1970-01-20 19:46:00	Name: _ga_QC45NQYXDT Value: GS1.1.1678200539.1.0.1678200539.0.0.0
.a7bbab.com/	1970-01-20 10:10:02	Name: __cf_bm Value: DE2PE4Q.k4aBnfMPDftp5PemwXpquWUBlHICwgqNLd0-1678200539-0-AYeEdOxjkLBdmHcD+4R/jq0rhJV5doblfI88dmUR2IQ5skdh7yZYS6LwhjCid/9GXN9ft51gCYn10YAOfNHdSdXm/vZAMhyqQyRgw7vkoMmbfelNJIJy9Pc53/B1Vu0rMA==
.a7bbab.com/	1970-01-20 10:10:00	Name: lotame_domain_check Value: a7bbab.com
.criteo.com/	1970-01-20 19:31:36	Name: uid Value: 51f869bf-d126-46ac-a632-a31ee47b3ecb
.doubleclick.net/	1970-01-20 19:31:36	Name: IDE Value: AHWqTUlkB9o6s9W2ov5a-glbdI6fKp4cUJ-rfKuGVz-v4xa-pn2KSvL-s0cx0ies10Q
.matched.se/	1970-01-20 10:38:48	Name: aniC Value:
.doubleclick.net/	1970-01-20 10:10:04	Name: DSID Value: NO_DATA
.a7bbab.com/	1970-01-20 19:31:36	Name: cto_bundle Value: 6SaTOl9adU9LRm5pdk5FRzBYNWwwQ3BkWUUlMkJvQk8zU1J4NVZpcDRNRnclMkYyTXk2NDZSWWowcFpPWjh2aHhmUmZjVlVnYkRBQVIxcTlCMWR6cXc3bkxYYWslMkJod3RsZjRaZHJkN1ZJUFpFNEM3RVcyNDhGOFFEa1JaaU5EUGpUMkh3VWNwQ0JpbEV6VFFRMTl4bEVSU0klMkYzOVklMkJ3JTNEJTNE
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: e06094926fb461b2
.admanmedia.com/	1970-01-20 10:30:10	Name: admtr Value: 32086b01-8a91-4496-8d0b-3322ad676dd5
.admanmedia.com/	1970-01-20 10:30:10	Name: ac_r Value: CS125
.disqus.com/	1970-01-20 18:55:36	Name: zeta-ssp-user-id Value: ua-a0e4b215-2527-3282-bf2c-553d8036c55e
.a7bbab.com/	1970-01-20 19:31:36	Name: __gads Value: ID=6bf1d104490e7b79:T=1678200539:S=ALNI_MYLSiwuAhFPsUvnW-bue1iPfjxpuA
.a7bbab.com/	1970-01-20 19:31:36	Name: __gpi Value: UID=00000bc1400a204c:T=1678200539:RT=1678200539:S=ALNI_MbF6bE3LGIkkko95kKj-4Utpq3I_Q
.ads.stickyadstv.com/	1970-01-20 10:53:12	Name: UID Value: 244359c72ae72bfccaf5e17aadd714
.ads.stickyadstv.com/	1969-12-31 23:59:59	Name: pxId Value: 1953
.aniview.com/	1970-01-20 10:24:24	Name: 1_C_9 Value: f9963c1478bdfd48c4e7912768c06b
sync.aniview.com/	1970-01-20 10:24:24	Name: 1_C_9 Value: f9963c1478bdfd48c4e7912768c06b
.aniview.com/	1970-01-20 10:24:24	Name: 1_C_57 Value: 32086b01-8a91-4496-8d0b-3322ad676dd5
sync.aniview.com/	1970-01-20 10:24:24	Name: 1_C_57 Value: 32086b01-8a91-4496-8d0b-3322ad676dd5
.aniview.com/	1970-01-20 10:24:24	Name: 1_C_10 Value: eoLD2hUVb4k7
sync.aniview.com/	1970-01-20 10:24:24	Name: 1_C_10 Value: eoLD2hUVb4k7
.aniview.com/	1970-01-20 10:24:24	Name: 1_C_52 Value: ua-a0e4b215-2527-3282-bf2c-553d8036c55e
sync.aniview.com/	1970-01-20 10:24:24	Name: 1_C_52 Value: ua-a0e4b215-2527-3282-bf2c-553d8036c55e
.a7bbab.com/	1970-01-20 19:46:00	Name: _ga_QDVJ1GCKH3 Value: GS1.1.1678200539.1.0.1678200541.58.0.0
.adnxs.com/	1970-01-20 12:19:36	Name: uuid2 Value: 2961139910067728734
.casalemedia.com/	1970-01-20 18:55:36	Name: CMID Value: ZAdO3Yf5ghIWeX83GqodgAAA
.casalemedia.com/	1970-01-20 12:19:36	Name: CMPS Value: 1145
.casalemedia.com/	1970-01-20 12:19:36	Name: CMPRO Value: 1145
.adnxs.com/	1970-01-20 12:19:36	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU$uXAXa!]tbPl1M>e)ZlrFUfJ+tGXxo]L#!#SFU:XpZJW4sEYak9M(>y(X^XFtIz5(T3If)y3KL9D3I?+T7Zr(]
.yahoo.com/	1970-01-20 18:55:58	Name: A3 Value: d=AQABBN5OB2QCENTgdkOrj5ZsrvldS5SKfp0FEgEBAQGgCGQRZAAAAAAA_eMAAA&S=AQAAAmOFZF27q8PWUN7r418zcko
.analytics.yahoo.com/	1970-01-20 18:55:36	Name: IDSYNC Value: 195v~2adq
.bidswitch.net/	1970-01-20 18:55:36	Name: tuuid Value: 79c8c186-d215-4d28-b661-632c6d93f09a
.bidswitch.net/	1970-01-20 18:55:36	Name: c Value: 1678200542
.bidswitch.net/	1970-01-20 18:55:36	Name: tuuid_lu Value: 1678200542
a-prebid.vidoomy.com/	1970-01-20 12:19:36	Name: SSCookie Value: 1
.vidoomy.com/	1970-01-20 12:19:36	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJ2ZXJpem9ubWVkaWEiOnsidWlkIjoieS1OTjBvaVMxRTJ1RURGZzg4U1YuTWNMaE5KWFVvdG9iUlBjMVo1OGMtfkEiLCJleHBpcmVzIjoiMjAyMy0wMy0yMVQxNDo0OTowMi40MzEzOTgwNzJaIn19LCJiZGF5IjoiMjAyMy0wMy0wN1QxNDo0OTowMi40MzEzOTQwODRaIn0=
.mathtag.com/	1970-01-20 19:35:55	Name: uuid Value: 4fe46407-4ede-4c00-9932-fb4e58a73856
.vidoomy.com/	1970-01-20 18:55:36	Name: vidoomy-uids Value: eyJ1aWRzIjp7IkJTIjp7InVpZCI6Ijc5YzhjMTg2LWQyMTUtNGQyOC1iNjYxLTYzMmM2ZDkzZjA5YSIsImV4cGlyZXMiOjE2ODA3OTI1NDJ9fX0=
.aniview.com/	1970-01-20 10:24:24	Name: 1_C_133 Value: a6f37f0123013099a595be2217fc435a
sync.aniview.com/	1970-01-20 10:24:24	Name: 1_C_133 Value: a6f37f0123013099a595be2217fc435a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1c426f4dce0a21f645d3e6595345dbc1.safeframe.googlesyndication.com
a-prebid.vidoomy.com
a.vidoomy.com
ads.pubmatic.com
ads.stickyadstv.com
adservice.google.com
adservice.google.de
ap.lijit.com
bcp.crwdcntrl.net
bh.contextweb.com
bit.ly
c2shb.pubgw.yahoo.com
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
cs.admanmedia.com
csi.gstatic.com
d.vidoomy.com
dsum-sec.casalemedia.com
esp.rtbhouse.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
go299.a7bbab.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
invstatic101.creativecdn.com
maxcdn.bootstrapcdn.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel-sync.sitescout.com
pixel.rubiconproject.com
play.aniview.com
player.aniview.com
player.avplayer.com
r1---sn-4g5ednds.gvt1.com
redirector.gvt1.com
region1.analytics.google.com
region1.google-analytics.com
rtb.nl3.eu.criteo.com
s0.2mdn.net
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
serv.matched.se
ssp.disqus.com
static.cloudflareinsights.com
static.criteo.net
static.doubleclick.net
stats.g.doubleclick.net
sync.aniview.com
sync.mathtag.com
tags.crwdcntrl.net
tg1.matched.se
token.rubiconproject.com
tpc.googlesyndication.com
track1.aniview.com
track1.avplayer.com
u.openx.net
ups.analytics.yahoo.com
vid.vidoomy.com
visitanalytics.userreport.com
vpaid.vidoomy.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
oajs.openx.net
104.26.8.207
108.157.4.57
142.250.201.194
142.251.208.162
162.19.138.117
178.250.1.11
178.250.1.6
18.156.195.47
18.66.97.9
185.29.132.245
185.80.39.216
185.83.142.19
198.148.27.140
198.47.127.19
2.18.36.193
2.18.79.139
2001:4860:4802:34::36
216.52.2.39
23.64.52.128
2404:6800:4009:829::2003
2600:9000:20eb:1600:a:e047:752:b361
2606:4700:10::6816:3556
2606:4700::6810:3865
2606:4700::6812:bcf
2a00:1450:4001:19::6
2a00:1450:400d:802::2002
2a00:1450:400d:802::2003
2a00:1450:400d:803::2002
2a00:1450:400d:803::2006
2a00:1450:400d:806::2008
2a00:1450:400d:807::2003
2a00:1450:400d:808::2002
2a00:1450:400d:80a::2001
2a00:1450:400d:80a::2003
2a00:1450:400d:80a::2004
2a00:1450:400d:80a::200e
2a00:1450:400d:80c::2001
2a00:1450:400d:80c::2002
2a00:1450:400d:80e::2001
2a00:1450:400d:80e::2002
2a00:1450:400d:80e::2006
2a00:1450:400d:80e::200a
2a00:1450:4025:401::9c
2a02:2638:3::9
2a02:2638::1c
2a02:2638::3
2a02:2638::c
2a02:26f0:dc::6853:431
2a02:6ea0:f400::4
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::485
3.126.56.137
3.64.121.24
3.72.209.153
34.102.146.192
34.96.70.87
34.98.64.218
35.174.127.249
35.190.39.111
37.157.3.20
44.194.172.170
44.207.237.92
51.89.9.253
52.204.12.244
52.209.67.66
54.146.146.97
67.199.248.11
69.16.175.10
69.16.175.42
69.173.144.138
80.77.87.161
98.98.134.241
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a
04fab0868a6ffc85ab5c8ad72e5d379ab397384d3b3600d6877eb49b0b754c02
05ad8e990ae0a949659ec05574dba0851598e73d3e47dce9fa30f32c8bf92911
05d33bce3fc1753bcb9f94f51a7536cb621411492720236a663a7d28e2731359
05f9fd5f7673ff77a9bee0ee82b765478e4a1c0c24dc243c5c50e5b65ad90f38
07219384ca652e6d557049ba50ead0dbcd840a698eca2a9325df17dcf4f5d1b1
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b984ecf5d0dfcee454ebbd033d2065ada0158030b878fd96c92a3325fa263c0
0eb7a77719035d6d6e69ebe5af07778fd3606e47b587c9d6c02aa7f6efb97708
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
0fac8a860f385a189ff78ee544b8a324078af750f3f04e661c13f56adb67d717
116ae693854abb7571890e9d5417e4e8a403c73b09db5d364bb81a1b2018e45d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
1bc8e0364833ae0f06bbec0c4cc3c0637591999b9b2dbc673a04caa44f55151b
1fd3a76a0ef20f8eb231ac458ce175358c0b359318390e9bfcdbcf02c54d7eed
201eb83e4a865a0382ac4bc772fc2d639d38b7caccde1c7faeddd13016c9032a
2054b0980886c24f1f64fd8030434c59f484903d978ccb6c998c98e344cbd2b9
21ecb33b75e1ad2219ab9047dbf911a358dddcaf6d2e13f647712c96afeaa9f2
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
23e7afccd3598db227e48998217f91e8d16103f9436d696b45bd5a246e4c1a67
2500cea629c6bbfc4ab85693f21ac707f0a92d02f32781a2bea98f7065e4fbd2
2604b45b39193f2405a1a4b4f93b2d769fb6a67c8f1d0b097343e540c7911ec1
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b02784fa78149d58637b3c6cfb1cb40d1467d7c103cc498e66ac6e567d7f3e3
2cfa7bb0af272be55dfd9d43c8417a47aeb34c3fb57776b96e9f591cb9f65468
2ea6c3e3853281d6bfa0af2e1c9655cd80c3a7440aafa5969bf1e9fe5a6b54cb
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35a9e27dc617054ee19c82bf608cd0b0065a10897f7b423826f868505568030b
38354e6a0119fe113356e1506a115ca148a6b9ea22cf88136baa9167d6fde794
395f81b6cb7cc8c12c8af2f3208122cda676fee76e47639b63c11337c7053e42
3a4135afe1133c8f043dc3906ba0a2a8fbc60d13d90ff692098f092af85b95d6
3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9
3c98ecf738082d7577ad4379813dbcbf0dbafe86aae325190da99df2ca551b39
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
416d2349f28515c7cb5870cbe2d68ca856da606d52015ab39612fc342ba29984
43f822784a6f14be7d26bb0e9b1b4a61d5db6c34b2e56645b05cf37a970406f4
461abf9c3e5b15610003ac93df57026d6862a8ac6cd0abf141c0b42dd1a2660c
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48dc5d19c8edc57a9b695330ee5f454f5d634772606a125e8b4dfdf65bc54d0d
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea737ac05e8ee5e490220d97b820834c18cd7c6f1da7d85007a51a5c64425df
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507b637b1c4d256d43f0fa5114c1041d439a89e297853e91c95fbb2964bd6543
52ba4c957efc7bae5e3dfe207919ee4c68e8910827a8b20be72eba23c81215f2
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
559a910060423ed485ddc062a9ab5318859bbfde26be3f73d9b83ac0b9dae677
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c70c11436a8fd77e9f3d1fdb20d0863a0fd634277b8b35b442727ade89c206a
5ead8c7c49a639a486ea1f54e4390e3d190de8cb3896f690bc1cd73cc9f6915f
5faca302ad89600980495ffecda3c32dc6d9635adbe273672d33e7043633ceb5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
622a07604bb0030ba7094f0f1dcb5d1e9080164fd6ba4071a73452802378b55b
6277ff8600aeadc9aa2fd7b774e8255b0999f667774feb603182d5bf3bd63f1e
6562843a728274cff8ed2a6d02961c37754c319e2349101b494b635e16337322
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
68d69a1a9f5825280540240a9238ff9fe2ae5ffb52fce171ca9e1d48056bc258
6a0d53f68e013dac42a52a5264c5d28a12a06b6bc7cc1d63bc2d385558bd2dd7
6ac4e422494724d1feae6fe3201e2938d17ab3c57e8e89a12de05184cf922dd2
6c95fae81c74bcffbf17e425b12ade6b9a510178a5fc66ddfaeee0d0db76c5c5
6fac0a5f63e0aea006d1532ca95da232bc0060d2c3d61ae587d86660a88c8cf5
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
73e568bee420b9633db90695cc2fed3f302f4dbd691229806e3ece13af74e126
7892ce0febcfebefc28d8866a6f73a22d60fb844560cd6068122bfbf76180b6f
79adcf5d728d216874b367b40d662ba0d00c67de3c6a921a91a6233e59c7da9c
7a55a93c60965471100186d3dcb09cc221cefc84be4f65ee20a88086f8cb4380
7bb64392869cb9c713121c7d967b80b867dfb8348d174be1c8f3971cb3b09ded
7e9e84cfacbfd1f40751fb754c9ac00f8a49435e1829de0933dd02c1687fcc97
7eb69757fa8622fdf01b122f1535611193a864c5149cfe9c372bbdd8457058f4
7eda59992517a41210626edca43b7769748e44ac6805fcb01d33990355b91650
81cfb8f53a22f8c99c19ecd285680f4738ab9e53be420870f758e061e5cf01a2
835c46f680eda60ae7a5ebe49e9a7c9187e98bdb7f859226cdee3a03f178c8b4
8483f4a941525c2a6818f5a2dedb686aa232cb0745e57502ac7115ab5ac4142a
855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1
8bba90a18481b39ff1b457148b173ea61e73632d785c84bcbcee54cd00b5018d
8cedbc8dad336a37838ccda9b0b3424740198deac08c24095f5a57b0dcf3389f
8d1d3bee4d06141f915a7781b51d7dea9b69091b10cc5a988cfb6f3168fcb5ae
8e1065ada1d157cb4419f0b63855853213be61780107eac7ac4cc00ae7bd06e2
9102a91eb0c2dfe2c34333759eca9941a86e322ce0ea346c797a9a1d6ab915cc
916ec9d93e85ad5125306e2c1e6b229b87215ba762657e8956d6e7490c83c626
9b4a6ebe3e504b894684b8e94e18e39c512908b42313776600c3cde2452f04df
9d6a799f49cfca0b6164fb8b20184ead7aa1de665e4ea47b5fbab6641a6edb3b
9d9095c25f5663901783868e1cd2994842dcbb4967ff5d0f0d3b9409b67675c9
9e74d6a3db6a783785c909f075486b6030b4e7590c308530ae1d5c244c25a9fa
9f2ef335c07566f0d4f273a4b72bcb3ad2b02f0c6232da6129952ee60bd07ba8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04dc353c543c99eb9c916da24feceb0d23283ef2b4f5a4c6629c02a2aa43f18
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3a51c109fa58a7f493cb875bce7dc32a04fc9cb71fede4d2fbdda08530f80d9
a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5501b3363c88de8e516bcf3e61cccb487518527b2de7eae231900cdb91a8f23
a5b93f3e66ffda87fab4b553ce103e1f0627a0676443fd8b0413e6ca8c98b73b
a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a8c14c071821a31067f72a22ee8e5cd8a03d04e365b5503a2dcb22649240957d
aa4cd9dac16ad94b862d962019bac6573a822079f1b7d27f575ef46d74e24fd0
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
ae9c69b423b6a43cc1cfb819f47e3d6adf3596cd05fc6a1e92ee5fb1dfd0c6f3
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1976e59bf796af70b58500c38b7c500482f32f282bce8651272542343265e14
b375fe66c260836a3827af7972ab6a88953c43522e202584363f80594e7ae433
b53cd940a678b501c50ec40a9affc7b72f7448c45d5af5ede7dd1b91c66e76dc
b5c79877e4fc473ddf5dfbee667b40ea0ff232563b933faa0b0b588f84169960
b6bc7b295106eb1236e9ec8ea5d07b612aa63bc4b955cc78804405c4de09fb8f
b9cd1fd6cf481889c0e3fb9ad468cc19081e3449d04800b24b7c96df4f60e7dc
b9d3c28c7113b946deb2ef8344ef4f47c5aa4cd731d7081fd5a5781a611fcb46
baeaf196a0998e9a4240f1b3d2f3194c333c6ea59bfdbff3e0345b20c7475cc9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd2b2de4e0658426f26c826a8a7761f883bf018aa9764ac3b9f586884c39f646
be4984e8c822cfa3da6fb01ff335b74f83cb58073ccc3cfd5f1ffc2c567cbfe7
c0e4f7ea4c0d428c7c5a9708845e25c574b3e94be5b159609d19de10abb3b3a5
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d12d58ed34ec144c604e4023e788ac6012c6a618180800b3801a4b9b6e5f2473
d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62
d1bbd7ecc1eb2490fa89949a1af779e82a0817587e19a8396936ed86e430550b
d1e19d8b74cd033ff6e31010fb040661a92f9724a694a16b0c8d66b00884d168
d1f88a1f6cc78ce610dd71f0c07416900cce9a226f68fddbe7e0d9bf2919be6c
d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505
d4df49939bb75eb15e5f882dae765ade6b415b50bcf3658bfc7c97994ed62160
d69440f62c2f0fa5dab70a4e5201a78f51b4a2cdb7ea6ba62d56152bcc19150c
db8a29030e00192911032a8526899adf9fde001d5ee74939bc91ebd5d40e282f
de6ae7d3f497af27bf71aa2e95708f464d084a5858ee6a111b226197468d49ab
dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e37316f20ee8564506ca9dbf035ba412ef6f79d7fd534c98b6f7d2bd49e11dc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41caae174108db2b9d3947eb5cbc348c5e431a00f272917ea10cf2830ffb3c0
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e444ac06cccde32f7aead9684732cef25669e4d657c1a617feddffbb30f3bd82
e45fd1bfd4e9faa44d111f64bef4ccea9e66b10fb0a957d91019ac033b7c22c0
e4eadf85fa132daa3891e5bf2c8a7806758320519ea376de602b2d51b4b1e90c
e563689256d4ecbb7aef2459ee87db8df1c325aa6ec79e3dad0abe652f592991
e887efbae0fa9ce41e453d374d1e46106177f09ebf7de1dea1a9cfd68ea6ebe8
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
eba541d5adfa313972f71bb6af79a4cb3d8b1bacdeef1c921c6fb76fd78e9fdf
ed797e100b98d5f7afc10934541e7b03fb7fbe19dff348f76fb02503c8d9fba5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3849a17ecbbfd4b3e98f91137a4e67829ad9a2c14e598b5b68a735ba6b04ffd
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f6c4a8046f43db9161bd82e0dff8b0589e3d6ccd909b9ed5c44335aefbea7da1
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f92e80e95809b79330bfca5a0717f7349649a526aa1d73fb4a42e7652ea2c04b
fa34a0a9cfab7678278925a6adc9de74f4c743f9425a219a418c0880c10faf9f
ffd7a9aff53e8cea580b315a941f80f19b5aac8482f51b953fe8f632b0d86c99

go299.a7bbab.com Open in urlscan Pro 104.26.8.207 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

278 Requests

95 %HTTPS

47 %IPv6

49 Domains

83 Subdomains

67 IPs

11 Countries

5194 kBTransfer

11964 kBSize

44 Cookies

4 Outgoing links

Page URL History

Redirected requests

278 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go299.a7bbab.com Open in urlscan Pro
104.26.8.207 Public Scan

Screenshot
Live screenshot

Full Image

278
Requests

95 %
HTTPS

47 %
IPv6

49
Domains

83
Subdomains

67
IPs

11
Countries

5194 kB
Transfer

11964 kB
Size

44
Cookies

278 HTTP transactions
13 data transactions