elstem.eu Open in urlscan Pro
170.130.40.14 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://elstem.eu/
Submission: On February 01 via manual (February 1st 2023, 11:57:04 am UTC) from CZ — Scanned from DE

Summary HTTP 146 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 8 countries across 22 domains to perform 146 HTTP transactions. The main IP is 170.130.40.14, located in Dallas, United States and belongs to AS62904, US. The main domain is elstem.eu.

This is the only time elstem.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	170.130.40.14 170.130.40.14	62904 (AS62904) (AS62904)
27	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 12	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 2	2.18.69.48 2.18.69.48	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	18.193.153.159 18.193.153.159	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.86.137.108 185.86.137.108	201081 (SMARTADSE...) (SMARTADSERVER)
146	18

23 170.130.40.14 (Dallas, United States)

ASN62904 (AS62904, US)
PTR: hostus3.fornex.host

elstem.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.233 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.69.48 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-69-48.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.153.159 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-153-159.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.108 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	527 KB
25	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 cm.g.doubleclick.net — Cisco Umbrella Rank: 211	180 KB
23	elstem.eu elstem.eu	582 KB
15	gstatic.com www.gstatic.com fonts.gstatic.com	175 KB
7	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	1 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 186	241 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 281	1 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8741	818 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1232	459 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 329	959 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 568	1 KB
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 782	75 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 308	459 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 304	265 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 556	542 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 453	863 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2918	104 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1006	356 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 12230	554 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1401	586 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 858	601 B
146	22

	Domain	Requested by
31	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
27	pagead2.googlesyndication.com	elstem.eu pagead2.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com www.googletagservices.com
23	elstem.eu	elstem.eu
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net elstem.eu
12	cm.g.doubleclick.net	1 redirects googleads.g.doubleclick.net
10	www.gstatic.com	googleads.g.doubleclick.net
6	fonts.googleapis.com	googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
5	www.googletagservices.com	googleads.g.doubleclick.net
4	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	x.bidswitch.net	3 redirects
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	eb2.3lift.com	2 redirects
2	c1.adform.net	2 redirects
1	ssbsync.smartadserver.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	sync.mathtag.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
146	26

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh

This page contains 19 frames:

Primary Page: http://elstem.eu/
Frame ID: 8AE14BC3EE6C6DB77953871F44EF8491
Requests: 38 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html
Frame ID: 4E4ACE61E74C619F1BB5158DC0EB17FA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&adk=1812271804&adf=3025194257&lmt=1675252618&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Felstem.eu%2F&ea=0&pra=5&wgl=1&dt=1675252618449&bpp=6&bdt=1415&idt=351&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7631517422333&frm=20&pv=2&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&fsapi=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=380
Frame ID: BB481307CC7DC4D34B4122BD6B4AD812
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=3088186576&adf=1211923703&pi=t.aa~a.1353764755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252618&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252618455&bpp=2&bdt=1420&idt=378&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P1HtvYpNTR&p=http%3A//elstem.eu&dtd=381
Frame ID: F086C7C0478CDEC50AEAA6FF7942A395
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
Frame ID: 0C71D6192AAB1FC3ABB077D2F17E603F
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12
Frame ID: 37460CAAA6D46CC71073E65B33FB02E5
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: A458C2FD5C8484DF97FB2FB7398BAA01
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1842F817B6B37EF16B0BA86BD7D239C4
Requests: 14 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 572FDA880E7E2D24DF4B501EC57CA227
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F164C373C5F4EC1FE51933D56530BDB2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 800DB4C2627A5C7CCEA7BC9A3ACC236E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3647CCE9505D1E535AF36C781669AF86
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js
Frame ID: 3EB39CB6B20A825FA69F69A1192B61A0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js
Frame ID: C04B5AC12FD4B7495615DDEDC2D56C46
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js
Frame ID: 3F7409FC2724E78C057E888D4E0BA2B0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js
Frame ID: 31C4355CDE0988C782E1ED3844AD786E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js
Frame ID: 1CFB1CE3EBA882C58C77FD03700D9A7C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 656D8279A576975D483AB335F553707D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B48E1CEB4A4768C7822671BAD633358F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Massage Chair Store

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

146
Requests

77 %
HTTPS

44 %
IPv6

22
Domains

26
Subdomains

18
IPs

8
Countries

1715 kB
Transfer

4152 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 92

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBJiIB2tcTft5sGoz6EUTjI&google_cver=1&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDov-QXT19fDpiGEfzQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE5NTE1NTIxNTQ3OTg2MzQ0Ng%3D%3D&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDov-QXT19fDpiGEfzQ

Request Chain 93

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDbIaFwACtP7kiTNzJM9I38&google_cver=1&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHugmbPP8gcTD90omXo HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sXjUAWjTTQi-0Gty2WavOQ2&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHugmbPP8gcTD90omXo

Request Chain 95

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG8LR_ruutmnitebxo89gGg&google_cver=1&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZhyQQ6Nm8Ve20WD4QQeR7mDA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG8LR_ruutmnitebxo89gGg&google_cver=1&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZhyQQ6Nm8Ve20WD4QQeR7mDA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODQ3NDgyNTA0MTEzMDQ3MDEx&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZhyQQ6Nm8Ve20WD4QQeR7mDA

Request Chain 96

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED8FmnwOIOTwb7bJoSAIpNQ&google_cver=1&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBVtBDU HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBVtBDU&google_gid=CAESED8FmnwOIOTwb7bJoSAIpNQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2Njk4OTA5NjA4NzAzMTkwNDMwNQ%3D%3D&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBVtBDU

Request Chain 97

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEGh5db5ESckibIH2QXHJF_k&google_cver=1&google_push=Aa02lx_vETVY_OhVa71ut4bdhVrS0cAYBaiPJ2qj3GNvSOQj3NY6B5UJf-0wmbz0bl72TJVub17xE732FybeTYbVeTGMdntq59xz7Le3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx_vETVY_OhVa71ut4bdhVrS0cAYBaiPJ2qj3GNvSOQj3NY6B5UJf-0wmbz0bl72TJVub17xE732FybeTYbVeTGMdntq59xz7Le3 HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 98

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOERh1w6WAp52AVT8KhCT5k&google_cver=1&google_push=Aa02lx91HfdjKoktlFWTQfszNs8GYCaKIuqvugjE5vKf3IZtcDHmcnMlWh3mDVISS9W3XrCGXm6Zt38Rfr36v5AxqZ4fXADoMshbphs HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOERh1w6WAp52AVT8KhCT5k&google_cver=1&google_push=Aa02lx91HfdjKoktlFWTQfszNs8GYCaKIuqvugjE5vKf3IZtcDHmcnMlWh3mDVISS9W3XrCGXm6Zt38Rfr36v5AxqZ4fXADoMshbphs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

Request Chain 124

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHEpW175N6g555yzFDnkBfw&google_cver=1&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratus0-B51QuvOCHTw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratus0-B51QuvOCHTw

Request Chain 125

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEC5M-95mHwD87vwzm86NvGM&google_cver=1&google_push=Aa02lx81Wz-dYUBIyXj3U-79G9qGJdMpggQTH4mTTvq47wIvZjZplprEZkE7sWUNi92eMkeneae_x3Ju1b8ETrjQRJJz-mGTuADW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEC5M-95mHwD87vwzm86NvGM&google_push=Aa02lx81Wz-dYUBIyXj3U-79G9qGJdMpggQTH4mTTvq47wIvZjZplprEZkE7sWUNi92eMkeneae_x3Ju1b8ETrjQRJJz-mGTuADW

Request Chain 127

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKrFzTcKj56z6TNEO7pA1MM&google_cver=1&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30wHNviuWGrzn9MzdTpTX6YD4EzdRw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERMTTVOQjAtUC02SkpR&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30wHNviuWGrzn9MzdTpTX6YD4EzdRw

Request Chain 129

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOssPyW8vEs0Ub1zb5J-KEI&google_cver=1&google_push=Aa02lx9bdq5dEpku70dphRvLAiB-WvcOReUQgvV-pZ6kQ25PNzHKRt0_AYfH1uc1fokVhdWmif2O-6S48y2MXHCFGHCrWb3DeMtOfmY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

146 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
elstem.eu/ 104 KB
13 KB 1469ms
1210ms Document
text/html 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL

http://elstem.eu/

Protocol

HTTP/1.1

Server

170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),

Reverse DNS

hostus3.fornex.host

Software

nginx / PHP/7.4.28

Resource Hash

2037abfb39f9ca7887e829675159cfe678bfa6171374a025b54b6de3fba192ae

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Feb 2023 11:56:56 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.28
X-Powered-CMS: OkayCMS 4.1.1
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Montserrat-SemiBold.woff2
elstem.eu/design/okay_shop/fonts/montserrat/ 27 KB
27 KB 151ms
150ms Font
font/woff2 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/design/okay_shop/fonts/montserrat/Montserrat-SemiBold.woff2
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 99cce4e73afb2ea799f6a12a1ae42ea5745caa0bdd1657a87342591ec627f03a

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-6a20"
Content-Type: font/woff2
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27168
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H/1.1 200
OK Montserrat-Bold.woff2
elstem.eu/design/okay_shop/fonts/montserrat/ 27 KB
27 KB 313ms
163ms Font
font/woff2 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/design/okay_shop/fonts/montserrat/Montserrat-Bold.woff2
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 8d02f59b4e4e552eabbec6b305103fcb1ab3fa9830b64d852a1702ec7d2139fc

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-6a04"
Content-Type: font/woff2
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27140
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H/1.1 200
OK Montserrat-Regular.woff2
elstem.eu/design/okay_shop/fonts/montserrat/ 26 KB
27 KB 313ms
160ms Font
font/woff2 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/design/okay_shop/fonts/montserrat/Montserrat-Regular.woff2
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: a354267dabbde19e2d278a8c5fe755c8bb1317137381d8d639e5ec941fb61be6

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-6930"
Content-Type: font/woff2
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26928
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H/1.1 200
OK Montserrat-Medium.woff2
elstem.eu/design/okay_shop/fonts/montserrat/ 26 KB
27 KB 313ms
160ms Font
font/woff2 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/design/okay_shop/fonts/montserrat/Montserrat-Medium.woff2
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: f8aa8ea1a00b19a0a5a4aab0b1c44ccfa44317b418715abb2a3e7b3a20dc888b

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-69a4"
Content-Type: font/woff2
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27044
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H/1.1 200
OK edaa99fef9c93e6cb06de2fcca2fe7cb.js Show response
elstem.eu/common_js/ 4 KB
2 KB 302ms
302ms Script
text/javascript 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL

http://elstem.eu/common_js/edaa99fef9c93e6cb06de2fcca2fe7cb.js

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

HTTP/1.1

Server

170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),

Reverse DNS

hostus3.fornex.host

Software

nginx / PHP/7.4.28

Resource Hash

416b7d85025652bbce8b4e11805d33f2ffa5e6f1d83b4ecc54c6964b1947bf6f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 11:56:57 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.4.28
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
X-Powered-CMS: OkayCMS 4.1.1
Cache-Control: no-store, no-cache, must-revalidate
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK okay_shop.head.799ea2d25322ae736371dc12739621f0.css
elstem.eu/cache/css/ 284 KB
67 KB 325ms
178ms Stylesheet
text/css 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/cache/css/okay_shop.head.799ea2d25322ae736371dc12739621f0.css
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 5b54ce8cb46dba8c4e3313c5ab325d3639494e4e697f243ed1d2b79082289205

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 11:56:56 GMT
Server: nginx
ETag: W/"63da5388-4712c"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H/1.1 200
OK okay_shop.head.4de1ae80301d97f989be77484485e02e.js Show response
elstem.eu/cache/js/ 224 KB
78 KB 164ms
164ms Script
application/javascript 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/cache/js/okay_shop.head.4de1ae80301d97f989be77484485e02e.js
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 810a2011c9816c819305fc3d09b660d39c700a9301c5c1e926676e78bf9e97fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 11:56:57 GMT
Server: nginx
ETag: W/"63da5389-37e8a"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Fri, 03 Mar 2023 11:56:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
49 KB 224ms
97ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8359994707866595

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2153e93a2e601ce9d1787e684f2ee21bba1ac3ff6fd5022e96197ff7848e8332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50032
x-xss-protection: 0
server: cafe
etag: 11005566764326215750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Feb 2023 11:56:58 GMT

GET
H/1.1 200
OK logo.png
elstem.eu/files/images/ 12 KB
12 KB 154ms
154ms Image
image/png 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/images/logo.png?v=015
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 599ebaa78e2fc70662492021606fea05e1fc796cf28be9cfbebe76a286ed1852

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 20:03:27 GMT
Server: nginx
ETag: "63c8508f-2f0f"
Content-Type: image/png
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12047
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK askona3.1200x700.center.center.jpg.webp
elstem.eu/files/resized/slides/ 34 KB
35 KB 157ms
156ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/slides/askona3.1200x700.center.center.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 845e8feead41771d09741c6bad7bb74d9b26a08fdfdd0b6ab9b58e6302321322

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:47:44 GMT
Server: nginx
ETag: "63c84ce0-8908"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35080
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK xloading.gif
elstem.eu/design/okay_shop/images/ 21 KB
21 KB 154ms
153ms Image
image/gif 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/design/okay_shop/images/xloading.gif
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 57d5e7f4fc92246cd848ac785e137bddf46e210b044654f57c719ab9bafc0d45

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-53eb"
Content-Type: image/gif
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21483
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK okay_shop.footer.5cd64d093cd14ab3d4e406ad016c582e.js Show response
elstem.eu/cache/js/ 247 KB
87 KB 161ms
160ms Script
application/javascript 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/cache/js/okay_shop.footer.5cd64d093cd14ab3d4e406ad016c582e.js
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 658febf03f1f23a892f589b803b588acd2dd9ee0598d371120652a40ad77902b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2023 11:56:57 GMT
Server: nginx
ETag: W/"63da5389-3db9a"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK 19878e849ab4af770264841f3994136e.js Show response
elstem.eu/dynamic_js/ 5 KB
2 KB 271ms
270ms Script
text/javascript 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL

http://elstem.eu/dynamic_js/19878e849ab4af770264841f3994136e.js

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

HTTP/1.1

Server

170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),

Reverse DNS

hostus3.fornex.host

Software

nginx / PHP/7.4.28

Resource Hash

ad5fb4c161d14915fb891dbb7467ea0e1fb1e5a8c2e8176bdee72c438e97a9d5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Feb 2023 11:56:58 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.4.28
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
X-Powered-CMS: OkayCMS 4.1.1
Cache-Control: no-store, no-cache, must-revalidate
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
elstem.eu/design/okay_shop/fonts/fontawesome/ 75 KB
76 KB 155ms
154ms Font
font/woff2 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to

Full URL: http://elstem.eu/design/okay_shop/fonts/fontawesome/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: elstem.eu
URL: http://elstem.eu/cache/css/okay_shop.head.799ea2d25322ae736371dc12739621f0.css
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: http://elstem.eu/cache/css/okay_shop.head.799ea2d25322ae736371dc12739621f0.css
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 18:47:38 GMT
Server: nginx
ETag: "63c83eca-12d68"
Content-Type: font/woff2
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77160
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f

Request headers

Referer: http://elstem.eu/
Origin: http://elstem.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/ 360 KB
118 KB 215ms
110ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8359994707866595&plah=elstem.eu&bust=31071766

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8359994707866595

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c18ac222670912566735de79b1d70144631df8159c51bd8a1166b58a9aee87b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121044
x-xss-protection: 0
server: cafe
etag: 17571487590393835212
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Feb 2023 11:56:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/ Frame 4E4A 10 KB
5 KB 177ms
51ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8359994707866595

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 75964
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 14:50:54 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 14:50:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 38 B
38 B Other
image/webp

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK ego_balance_eg2003.600x800.jpg.webp
elstem.eu/files/resized/products/ 12 KB
12 KB 154ms
154ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/ego_balance_eg2003.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: c27f9e94c8fef3f382aae6d99cc89871cee469bdfdd4e366a73a8e422bd29175

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:43:34 GMT
Server: nginx
ETag: "63c84be6-2f26"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12070
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK massazhnoe_kreslo_reklayner_fujimo_synergy_f3005_vanil.600x800.jpg.webp
elstem.eu/files/resized/products/ 6 KB
6 KB 150ms
150ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/massazhnoe_kreslo_reklayner_fujimo_synergy_f3005_vanil.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 71b6005a55fe8deb210b713ac3524662b4460bffdbc3dd1e987d6ea608581db5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:46:04 GMT
Server: nginx
ETag: "63c84c7c-1782"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6018
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK dizaynerskoe_kreslo_ego_amore_eg7001_antratsit_arpatek.600x800.jpg.webp
elstem.eu/files/resized/products/ 5 KB
5 KB 153ms
153ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/dizaynerskoe_kreslo_ego_amore_eg7001_antratsit_arpatek.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 4370122af0715a15b6a6ecb787b18de826a304761a29d998c9ec50905fbef3a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:46:05 GMT
Server: nginx
ETag: "63c84c7d-1382"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4994
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK massazhnoe_kreslo_kachalka_ego_twist_eg2004_cherry_shokolad_tony8.600x800.jpg.webp
elstem.eu/files/resized/products/ 9 KB
10 KB 151ms
151ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/massazhnoe_kreslo_kachalka_ego_twist_eg2004_cherry_shokolad_tony8.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: f49e505ed04067b64fd4e20028be4c88da787ec3236fa43bd7b9634f8f0e78ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:46:05 GMT
Server: nginx
ETag: "63c84c7d-24d0"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9424
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK massazhnoe_kreslo_kachalka_oto_dance_ot_2008_korichnevyy_tony8.600x800.jpg.webp
elstem.eu/files/resized/products/ 7 KB
8 KB 154ms
153ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/massazhnoe_kreslo_kachalka_oto_dance_ot_2008_korichnevyy_tony8.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: da24a7b13f92a560d9ec3fa6273d0bc436c380e506e4c581090a7afdf58a2bd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:46:06 GMT
Server: nginx
ETag: "63c84c7e-1cac"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7340
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK modulnoe_massazhnoe_kreslo_craft_chair_007_komplekt_massazherov.600x800.jpg.webp
elstem.eu/files/resized/products/ 11 KB
11 KB 154ms
154ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/modulnoe_massazhnoe_kreslo_craft_chair_007_komplekt_massazherov.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 873a016e116ae3da644d79b9f148babd1c79f863dd9a82d4256243d05fc4b62d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 18 Jan 2023 19:45:05 GMT
Server: nginx
ETag: "63c84c41-2aa2"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10914
Expires: Fri, 03 Mar 2023 11:56:58 GMT

GET
H/1.1 200
OK massazhnoe_kreslo_reklayner_fujimo_lift_shair_synergy_f3005_flf_terra_sakura_20.600x800.jpg.webp
elstem.eu/files/resized/products/ 6 KB
6 KB 150ms
150ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/massazhnoe_kreslo_reklayner_fujimo_lift_shair_synergy_f3005_flf_terra_sakura_20.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 0e8cf6358098cc355d0e7fb443159e93d83a5832570ebb1ab15609b60c1ccdbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:59 GMT
Last-Modified: Wed, 18 Jan 2023 19:45:06 GMT
Server: nginx
ETag: "63c84c42-17aa"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6058
Expires: Fri, 03 Mar 2023 11:56:59 GMT

GET
H/1.1 200
OK modulnoe_massazhnoe_kreslo_craft_chair_008_komplekt_massazherov.600x800.jpg.webp
elstem.eu/files/resized/products/ 11 KB
12 KB 156ms
155ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/modulnoe_massazhnoe_kreslo_craft_chair_008_komplekt_massazherov.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 6c5dfbda676ecba9be672fa6ef7ac45faa80be19eadf570e3ab7419f6ad17033

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:59 GMT
Last-Modified: Wed, 18 Jan 2023 19:45:06 GMT
Server: nginx
ETag: "63c84c42-2cae"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11438
Expires: Fri, 03 Mar 2023 11:56:59 GMT

GET
H/1.1 200
OK modulnoe_massazhnoe_kreslo_craft_chair_009_komplekt_massazherov.600x800.jpg.webp
elstem.eu/files/resized/products/ 12 KB
12 KB 155ms
154ms Image
image/webp 170.130.40.14
AS62904

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://elstem.eu/files/resized/products/modulnoe_massazhnoe_kreslo_craft_chair_009_komplekt_massazherov.600x800.jpg.webp
Requested by: Host: elstem.eu
URL: http://elstem.eu/
Protocol: HTTP/1.1
Server: 170.130.40.14 Dallas, United States, ASN62904 (AS62904, US),
Reverse DNS: hostus3.fornex.host
Software: nginx /
Resource Hash: 4e79fa0d66635280df67f28ad935aa03213d3f0c19d9f5459f668d43b7891490

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: public
Date: Wed, 01 Feb 2023 11:56:59 GMT
Last-Modified: Wed, 18 Jan 2023 19:45:07 GMT
Server: nginx
ETag: "63c84c43-2f08"
Content-Type: image/webp
Cache-Control: max-age=2592000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12040
Expires: Fri, 03 Mar 2023 11:56:59 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
601 B 152ms
48ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=elstem.eu&callback=_gfp_s_&client=ca-pub-8359994707866595

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8359994707866595&plah=elstem.eu&bust=31071766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a7762a2b248637b4fc71f232b62203a0c5c30ff2384210842ff9b78e897d05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 150ms
48ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 141ms
49ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BB48 267 KB
66 KB 826ms
825ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&adk=1812271804&adf=3025194257&lmt=1675252618&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=http%3A%2F%2Felstem.eu%2F&ea=0&pra=5&wgl=1&dt=1675252618449&bpp=6&bdt=1415&idt=351&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7631517422333&frm=20&pv=2&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&fsapi=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=380

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbe86b5d283b697e0477f10cb14b1ffee741ba9049ebd59240b8b73ab66590c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 67752
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:56:59 GMT
expires: Wed, 01 Feb 2023 11:56:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F086 97 KB
33 KB 935ms
934ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=3088186576&adf=1211923703&pi=t.aa~a.1353764755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252618&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252618455&bpp=2&bdt=1420&idt=378&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P1HtvYpNTR&p=http%3A//elstem.eu&dtd=381

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8036ee368eb17d6693c86a5ac0a927c811683145fd8fb7dc7e91ff5f609291a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33248
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:56:59 GMT
expires: Wed, 01 Feb 2023 11:56:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/ 150 KB
51 KB 127ms
126ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301190101/reactive_library_fy2021.js?bust=31071766

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

864bb970dbf64edbe28758fbebfce5692cb51e39363ef7442e3119daf8239ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52190
x-xss-protection: 0
server: cafe
etag: 8802176172956938514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Feb 2023 11:56:59 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 53ms
51ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 53ms
52ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C71 94 KB
34 KB 966ms
966ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65161a8bfc314b26da38de6c4c264dbc4880fbf4918d871abce03526bbf831c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34696
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:57:00 GMT
expires: Wed, 01 Feb 2023 11:57:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3746 88 KB
32 KB 705ms
705ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbf79ae6534b4384dbfc70bce0a5dfc9505956d57ed388ebbac4618919c23799

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33117
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:57:00 GMT
expires: Wed, 01 Feb 2023 11:57:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame F086 8 KB
1 KB 143ms
50ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=3088186576&adf=1211923703&pi=t.aa~a.1353764755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252618&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252618455&bpp=2&bdt=1420&idt=378&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P1HtvYpNTR&p=http%3A//elstem.eu&dtd=381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 10:59:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:56:59 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame F086 2 KB
818 B 145ms
52ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5489
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame F086 22 KB
9 KB 133ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5489
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame F086 3 KB
1 KB 139ms
53ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4706
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:38:33 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame F086 18 KB
7 KB 138ms
46ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5489
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F086 157 KB
48 KB 2105ms
1976ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:01 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame F086 33 KB
14 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 06:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F086 0
0 95ms
94ms Fetch
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZ-f1ilPaY4ixNsjK6gSv_oqIB4j-j6Bum4azlO8Qmuj09ZEOEAEg-7j3lgFglcKmgrAHoAHDwZTKA8gBCakCh0FETJ02sj6oAwHIA8sEqgTJAU_Q42JqmKWEyy3D05UNI5MCneSMDwmaAjRn65bYkpawIGnieA4IuW9y0AQTifvFOXq1sf9SkJXPV20rtceeuz8AgIs51du4vjdDaEkCKWIJoD7ztMqBnbqyRx1KAezXIWJEQQz3k8_-QKdHvV-AsjZ8AYY_eKAwOhJrHNNJWErQGHkikJEssFr-2AtC6xY6y7WcUpxizNiqQsIh3z7NinJLPzf9xWTO9trpotimPo0jJF81RcZCl4wdDVXR5-S_2v05gGknj7ZeM8AE2Paaj6UEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB6W-6zWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRCe_f4P0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItODM1OTk5NDcwNzg2NjU5NRgA&sigh=9TXoDZq4xZY&uach_m=[UACH]&cid=CAQSGwDUE5ym3ZCvTRbyH5vnIGRQYMs20_PDF1UmPBgB&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=3088186576&adf=1211923703&pi=t.aa~a.1353764755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252618&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252618455&bpp=2&bdt=1420&idt=378&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=114&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=P1HtvYpNTR&p=http%3A//elstem.eu&dtd=381
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 11:56:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 01 Feb 2023 11:56:59 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/9603007652346076394/ Frame F086 34 KB
34 KB 127ms
54ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9603007652346076394/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25f0660b413822826a8248d8058a465b0d7df5c8ea347bec1713f6ab360cc7dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 17:14:09 GMT
x-content-type-options: nosniff
age: 326570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34434
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 23:55:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 17:14:09 GMT

GET
DATA 200
OK truncated
/ Frame F086 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F086 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 76ms
75ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=elstem.eu

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame A458 10 KB
4 KB 55ms
54ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:02 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/ Frame 1842 10 KB
4 KB 52ms
52ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 18:54:02 GMT
etag: 10353107486223812946
expires: Tue, 14 Feb 2023 18:54:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F086 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93a4d32ea819c4413cae8d6f7f5af395d610d0cad4daee02e5d4c0cedf9488dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css2
fonts.googleapis.com/ Frame A458 4 KB
709 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:56:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:03:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:56:59 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A458 205 B
518 B 45ms
43ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:51:50 GMT
x-content-type-options: nosniff
age: 3909
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 01 Feb 2024 10:51:50 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A458 604 B
694 B 45ms
44ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:49:24 GMT
x-content-type-options: nosniff
age: 455
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 01 Feb 2024 11:49:24 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/ Frame A458 19 KB
8 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

962b5a0b1058fb793fa137b948d5751e208b016bd67b27f886ba1b888e3ef9c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 23:31:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44753
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8248
x-xss-protection: 0
server: cafe
etag: 14490807653988091183
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 23:31:06 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/ Frame A458 13 KB
6 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c4ee54ddd9966cf45e32c29842f92d9a6b55eed5e3a53456f53cf747bb83ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 20:21:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5698
x-xss-protection: 0
server: cafe
etag: 7221767663144930367
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 20:21:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1842 8 KB
991 B 52ms
52ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:03:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:57:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1842 2 KB
799 B 45ms
44ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5489
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1842 0
0 96ms
95ms Fetch
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUGvbilPaY_GDNoLT6gSusoCYDYj-j6Bu64azlO8Qmuj09ZEOEAEg-7j3lgFglcKmgrAHoAHDwZTKA8gBCakC8YTvs0RBsj6oAwHIA8sEqgTDAU_QxQrylNE7goTIsvg35pMZ0KZzBgozAxfUaxpQZaSRnDJ-VHcyCI3hF8xmbOS-u2ZHTLeMwyrvaLlWvkeEFsyy1v91wGVO8_PYoysIkalBT9eMcSkta5uMdmHVETBPn8db-ery33eH89HsJnW5WGw9wfRBhLLn5Skom8BGqIolz2ElaE2kDsx6lwM8b-H8TjEA6wECD01QAkKXH0rgGnAOAX9JuypbUL8gMdbhtzy8WEVT_ZMjKxt7upK63-RooIjOHcAE2Paaj6UEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB6W-6zWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRCa1KQS0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItODM1OTk5NDcwNzg2NjU5NRgA&sigh=BezyWWWRmlI&uach_m=[UACH]&cid=CAQSGwDUE5ymABpV8GLmPyBk4869A7WqAyZaNG0hgBgB&template_id=5000

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 1842 22 KB
9 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5489
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1842 3 KB
1 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:38:33 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 1842 18 KB
7 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1842 157 KB
48 KB 2034ms
2033ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:01 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 1842 33 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 06:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/9603007652346076394/ Frame 1842 18 KB
18 KB 51ms
51ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9603007652346076394/14763004658117789537?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8955f4d71feb546d0418b51d02c2f1d31ee4f492915b681ff263ee68d481d26b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:43:14 GMT
x-content-type-options: nosniff
age: 328426
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18330
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 23:55:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 16:43:14 GMT

GET
DATA 200
OK truncated
/ Frame 1842 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1842 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 css
fonts.googleapis.com/ Frame 572F 8 KB
968 B 49ms
49ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:04:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:57:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 572F 2 KB
799 B 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 572F 22 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 572F 3 KB
1 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:38:33 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 572F 18 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 572F 157 KB
48 KB 1884ms
1883ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:01 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 572F 33 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 06:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
DATA 200
OK truncated
/ Frame 1842 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bc2a0b5bb605f6e04ec1547fd988badcbb11bcc51ee6d8a2eb9f066c6714a0c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F164 143 B
166 B 52ms
52ms Document
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:32:10 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F164
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

80ms
76ms

Document
text/html

2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230125/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:57:00 GMT
expires: Wed, 01 Feb 2023 11:57:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:57:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 3746 4 KB
621 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:01:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:57:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3746 2 KB
765 B 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3746 0
0 92ms
92ms Fetch
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CV8dHi1PaY_n4MqSb78EPhMmI0AKI_o-gbpuGs5TvEJro9PWRDhABIPu495YBYJXCpoKwB6ABw8GUygPIAQmpAvGE77NEQbI-qAMByAPLBKoEyAFP0If5azlKdRN6phsk_kF5BPNIiRbkhaGaELD-BaOgaYDds5rQG4EzgObv1tjkO3ogoPIySHJh0LGma9sc4YolPVA_zltRD504Z1J8oS6yF801sIcSpjPVrow21S47Um7uAK6aEBsv5Fu5oUEtpNH45-loqGISN7rKJXMd1_q9zQnW2iejQq0SHx9dQ2AEwmnXcJFPw5gh3FOFeFpn6Ajdi2PL_W0ER5tvU9rtkL-dnB1tuYK5sve11AF0A6unmXSfoszk2fKcs8AE2Paaj6UEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB6W-6zWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRDp098V0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMM0BUBgBcBshccChoIABIUcHViLTgzNTk5OTQ3MDc4NjY1OTUYAA&sigh=ZvCW2k4ZNUw&uach_m=[UACH]&cid=CAQSPADUE5ymx4gMhuxHkwMa2aedRqESVEGY3z_Xf3H0tiENGPG275iSvPFaioVmRdBwyJ2D60e0wpeLWV3VuBgB&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 3746 22 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3746 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:38:33 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 3746 18 KB
7 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3746 0
0 52ms
49ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQfxMz5qPmqx--oSuLUuVgCz51lI8D_q9LOkYh2szDo3i1oinvkepHx6x3xKAYZRYoUzzAIzf19dGozJrVO4xWSHayM_g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 200 6592766407814317453
tpc.googlesyndication.com/simgad/10021322227363911131/ Frame 3746 34 KB
34 KB 46ms
44ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10021322227363911131/6592766407814317453

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8814c22977f023c8b3ed155e0ef4b22e2a47205cd97f2c557a1325713e9bb3d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 08:09:41 GMT
x-content-type-options: nosniff
age: 272839
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34371
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 23:55:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 29 Jan 2024 08:09:41 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/13778110882439694553/ Frame 3746 1 KB
1 KB 45ms
44ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13778110882439694553/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6017643e655dec75edf1dbdcd281cee21a9be1507da1070b43406a13dbfe7c80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 20:01:59 GMT
x-content-type-options: nosniff
age: 316501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1164
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 17:52:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 20:01:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3746 157 KB
48 KB 1420ms
1419ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:01 GMT

GET
H3 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 3746 33 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 06:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 800D 1 KB
643 B 53ms
52ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 06:14:03 GMT
etag: 48472445140208031
expires: Thu, 02 Feb 2023 06:14:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3746 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b9827664a4f7d77fe794512284453a1bbd3f70e71decaed9425a743b6ba3fac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 800D
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEBJiIB2tcTft5sGoz6EUTjI&google_cver=1&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDo...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE5NTE1NTIxNTQ3OTg2MzQ0Ng%3D%3D&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDov-QX...

170 B
232 B

52ms
51ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE5NTE1NTIxNTQ3OTg2MzQ0Ng%3D%3D&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDov-QXT19fDpiGEfzQ

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE5NTE1NTIxNTQ3OTg2MzQ0Ng%3D%3D&google_push=Aa02lx8jp5j4-masCH-74rparjKy2WTgB_cZ-yc8P_xGFWqJcjH7loIlMlN_A33wMj6PIDOCEMJSFp_bMe1aDov-QXT19fDpiGEfzQ
Date: Wed, 01 Feb 2023 11:57:00 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 800D
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDbIaFwACtP7kiTNzJM9I38&google_cver=1&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHug...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sXjUAWjTTQi-0Gty2WavOQ2&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHugmbPP8gcTD90omXo

170 B
329 B

60ms
53ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sXjUAWjTTQi-0Gty2WavOQ2&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHugmbPP8gcTD90omXo

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 01 Feb 2023 11:57:00 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=sXjUAWjTTQi-0Gty2WavOQ2&google_push=Aa02lx8-kK2JbmtFBAGummHTD875p-saITBB-T39Ir1HpgNn8c_S0rA2PBNCfZstBTOuF19GEQaRXwDWARRCFHugmbPP8gcTD90omXo
x-host: tde-deliveryengine-production-fb497649f-w4d4z
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 800D 43 B
356 B 156ms
51ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEOW3sFSEhOv6V2WIPWXJIsM&google_push=Aa02lx-A1XjG9zR0gRy-8-sBBr4_QgPyzfbx0Qx19U0sta50_rkP8uT3yq4UvWgbpSvBDF-QC3sFW_SM-kFNhFXRawRAJZ3EFCbb_g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 800D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG8LR_ruutmnitebxo89gGg&google_cver=1&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZ...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG8LR_ruutmnitebxo89gGg&google_cver=1&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhh...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODQ3NDgyNTA0MTEzMDQ3MDEx&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZ...

170 B
232 B

50ms
50ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODQ3NDgyNTA0MTEzMDQ3MDEx&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZhyQQ6Nm8Ve20WD4QQeR7mDA

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODQ3NDgyNTA0MTEzMDQ3MDEx&google_push=Aa02lx_n76JWCVwJo1Y8JmA_Hnq-MS21myOXYxUt9wyyUNBr43WJ0u51K6jeK9uflAlAiWaJYhhuhBYZhyQQ6Nm8Ve20WD4QQeR7mDA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 800D
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED8FmnwOIOTwb7bJoSAIpNQ&google_cver=1&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlB...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBV...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2Njk4OTA5NjA4NzAzMTkwNDMwNQ%3D%3D&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-M...

170 B
232 B

56ms
54ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2Njk4OTA5NjA4NzAzMTkwNDMwNQ%3D%3D&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBVtBDU

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU2Njk4OTA5NjA4NzAzMTkwNDMwNQ%3D%3D&google_push=Aa02lx-kWxRXiXnqsIiuPGcG1f3Coqefe8Q8qFMhK06Y6IyHBi5zBj-Mj0lhfj_TZhQpT-KOA_Oxs3pWnUAy5_8iZK17aE9NlBVtBDU
date: Wed, 01 Feb 2023 11:57:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

report
sync.teads.tv/um/ Frame 800D
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEGh5db5ESckibIH2QXHJF_k&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx_vETVY_OhVa71ut4bdhVrS0cAYBaiPJ2qj3GNvSOQj3NY6B5UJf-0wmbz0bl72TJVub17xE732FybeTYbVeTGMdntq59xz7Le3
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

91ms
86ms

Image
image/gif

2.18.69.48
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.3093707004~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x90&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2733&idt=0&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=2164&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=Q0vZWsIaPG&p=http%3A//elstem.eu&dtd=12
Protocol: H2
Server: 2.18.69.48 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-69-48.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

expires: Wed, 01 Feb 2023 11:57:01 GMT
pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 800D
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOERh1w6W...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOE...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

79ms
64ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%
date: Wed, 01 Feb 2023 11:57:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 800D 0
130 B 140ms
49ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LI7-NXizBvO86VetZiQOtK5o35uYOWLde8_1y_yduJn_-s2HXbFq9jfBUTOjqHx6pXpRyQFYg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 8229fa5a5c3ebd24f3e2eb95db7eba72.js Show response
www.gstatic.com/mysidia/ Frame 0C71 9 KB
4 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8229fa5a5c3ebd24f3e2eb95db7eba72.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b597bf422617af67b2ffe3e420f0fd2d9a01a3b95020e368c57b2a131151158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4209
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
H3 200 9f1a5ca513cd67f408268f629c2a8fce.js Show response
www.gstatic.com/mysidia/ Frame 0C71 19 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51170a4b170834d9061b8c85adb281b534d13763f76cc4f329e3e39a63277447

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 12:07:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7963
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 00:31:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 30 Apr 2023 12:07:52 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0C71 4 KB
621 B 54ms
53ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Feb 2023 11:57:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 11:04:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Feb 2023 11:57:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 0C71 2 KB
765 B 50ms
48ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 200 2c96be29c806e6a30d72c34b34031cd2.js Show response
www.gstatic.com/mysidia/ Frame 0C71 5 KB
2 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/2c96be29c806e6a30d72c34b34031cd2.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

909e4f36928b8676e7947d125e90b8c2baee1afc6c0dead2ddc05a665811470a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 12:07:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2003
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 03:52:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 30 Apr 2023 12:07:52 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/ Frame 0C71 22 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8871
x-xss-protection: 0
server: cafe
etag: 9510037503091481574
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 0C71 3 KB
1 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:38:33 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/ Frame 0C71 18 KB
7 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 10:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7523
x-xss-protection: 0
server: cafe
etag: 641023367890010850
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 10:25:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0C71 0
0 58ms
56ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxQg4WLvOw0DpMzm_OWRNhOC4mO4S1cd7_ufrJNQw6FHIKcNAxZpd0BEQzqmsSpyOuQAQm5ZWeLDH7HHqOiS3gEKKbwA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0C71 157 KB
49 KB 1047ms
1044ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49075
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675083396089714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:01 GMT

GET
H3 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 0C71 33 KB
14 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 06:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 02 May 2023 11:22:21 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1460322333655084839/ Frame 0C71 8 KB
8 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1460322333655084839/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

067f01ab9d9aec24bf30157cdd769a4625c415d2db3366d3c039e98c0b31fc8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 18:19:02 GMT
x-content-type-options: nosniff
age: 495478
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8032
x-xss-protection: 0
last-modified: Sun, 01 Jan 2023 15:48:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 26 Jan 2024 18:19:02 GMT

GET
H3 200 3974295938494546615
tpc.googlesyndication.com/simgad/ Frame 0C71 2 KB
2 KB 42ms
42ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3974295938494546615?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ec50f64921ad3f27786836b128eb33b1e434d0e40f347807777b9e021da15b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 00:24:10 GMT
x-content-type-options: nosniff
age: 387170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 14:59:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 28 Jan 2024 00:24:10 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 88ms
87ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 107ms
100ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 105ms
98ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 106ms
100ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 108ms
101ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 107ms
101ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 107ms
102ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0C71 0
0 113ms
104ms Fetch
text/html 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C20F0i1PaY5XxMqOX78EPzbGNmATi5JOjbo2x_8TnENS3qq6pOBABIPu495YBYJXCpoKwB6ABvuuT_QLIAQmpAodBREydNrI-qAMByAPLBKoE0wFP0EwWIz6GDLldNRsRMWgGJiG40ZC6puv73hEP-Lvp9V5_9djBHefF67KfFgUvbr5k_qV08fJNpUujhws6luOX045ZyQ9w2vYE3OX2bDqPoWPDl99uVXdNcoLozDj9zhsVcdj-q9ZDq6rHxZwd1aM8az7b3XY6XMkC4YJycJ6E_Oi9wOzMe2AX0VThW2iHbFEDc4nWQK5m_ZwhN-5g3lUnTR_GnG21wvXNDb0OYEhxZMYhRNDLe_CH5d3S_B2kt_31lDjbs9dJn-Bxa0CuisG5aEnEwATE3brcngSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHqpTsggGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRDdjN4V0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMM0BUBgBcBshccChoIABIUcHViLTgzNTk5OTQ3MDc4NjY1OTUYAA&sigh=a-sUjsT2tvQ&uach_m=[UACH]&cid=CAQSPADUE5ymBeqKu-xT5BDV6BJXxQiJ5fhujnkoVD9fuFP7puLuHIfzdv1SMY9aHhQdPt-5CHhJfsZyw1yibxgB&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Feb 2023 11:57:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3647 1 KB
643 B 59ms
56ms Document
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 06:14:03 GMT
etag: 48472445140208031
expires: Thu, 02 Feb 2023 06:14:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0C71 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa62790834d182e3661f329eb5b9a910e37ce6f8d53d7fb2599483da2f82056b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 3647 0
104 B 279ms
78ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEEsKHEh8iX6K_MtBUXH2PgY&google_cver=1&google_push=Aa02lx-R6dGtALUKNL1svXVWrlBwKViNRXCLwDMg8N68wNS9cL5TDUnOVQ22afIwXhuIpt9lTR8VSS6z1HMkI0cxL9d3mPkFkJdLvw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3647
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHEpW175N6g555yzFDnkBfw&google_cver=1&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratu...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratus0-B51QuvOCHTw

170 B
188 B

53ms
52ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratus0-B51QuvOCHTw

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 01 Feb 2023 11:57:01 GMT
Server: MT3 404 ce67235 master zrh-pixel-x29 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx8v-7gWiQOr-oV39Zempkd8zqLjq14OzmpptgN1_2IelXQqvfpmpAkxgclxE2QC_SmVfH85-RaufgByratus0-B51QuvOCHTw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 01 Feb 2023 11:57:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3647
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEC5M-95mHwD87vwzm86NvGM&google_push=Aa02lx81Wz-dYUBIyXj3U-79G9qGJdMpggQTH4mTTvq47wIvZjZplprEZk...

170 B
188 B

67ms
54ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEC5M-95mHwD87vwzm86NvGM&google_push=Aa02lx81Wz-dYUBIyXj3U-79G9qGJdMpggQTH4mTTvq47wIvZjZplprEZkE7sWUNi92eMkeneae_x3Ju1b8ETrjQRJJz-mGTuADW

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220088-HHN
pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1675252621.079534,VS0,VE91
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEC5M-95mHwD87vwzm86NvGM&google_push=Aa02lx81Wz-dYUBIyXj3U-79G9qGJdMpggQTH4mTTvq47wIvZjZplprEZkE7sWUNi92eMkeneae_x3Ju1b8ETrjQRJJz-mGTuADW
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 3647 70 B
265 B 196ms
65ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOVYxhh68vd-kIh9t103ISM&google_cver=1&google_push=Aa02lx_uKmyDyV-0P5vj-3LY9WNPw_WsccoNjr5oMjW-CzXIX8Va30Z_7TFgvhj3ElduT8vGGZJBrxW0jaEngs8ofue_lRElnhnhBA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3647
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKrFzTcKj56z6TNEO7pA1MM&google_cver=1&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30w...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERMTTVOQjAtUC02SkpR&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30wHNviuWGrzn9MzdTpTX6YD4EzdRw

170 B
188 B

54ms
54ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERMTTVOQjAtUC02SkpR&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30wHNviuWGrzn9MzdTpTX6YD4EzdRw

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TERMTTVOQjAtUC02SkpR&google_push=Aa02lx-UztRm0Hnpq7n8FsfXLVg5BffRDV86V7qYR7dp9ZR1QGDr8DFQSf4xyTjikkPPG4sb30wHNviuWGrzn9MzdTpTX6YD4EzdRw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 3647 0
75 B 823ms
392ms Image
text/plain 185.86.137.108
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEEnan-jwtMfNLyvuEopCe9s&google_cver=1&google_push=Aa02lx-734f4rE3IZchw4xPrlXJKe2JgAo_oF3GK0eVCrGnMD9MFwnQBbnn-smZRe71C0GIpAM3LmJleX_dGdWdhy-9erRbCDSGW
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8359994707866595&output=html&h=280&adk=2732199629&adf=730467196&pi=t.aa~a.952912505~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1675252619&rafmt=1&to=qs&pwprc=5700639299&format=1200x280&url=http%3A%2F%2Felstem.eu%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675252619768&bpp=1&bdt=2734&idt=-M&shv=r20230125&mjsv=m202301190101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De0eb6e140596dc4b-22111e3f80db00ee%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ&gpic=UID%3D00000bad5b72772e%3AT%3D1675252618%3ART%3D1675252618%3AS%3DALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=7631517422333&frm=20&pv=1&ga_vid=1563652937.1675252619&ga_sid=1675252619&ga_hid=1203010815&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=1289&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071756%2C31071766%2C44774293&oid=2&pvsid=3298644728497812&tmod=1493674523&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=mFSznZvcpn&p=http%3A//elstem.eu&dtd=8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.108 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:01 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3647
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOssPyW8v...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=dc2f714e-aca9-4efe-9753-e6b778fb56d1&%%GOOGLE_PUSH_PAIR%%
date: Wed, 01 Feb 2023 11:57:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3647 0
12 B 50ms
49ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JdtI6bISZgQ37028dB7luxrDVV8FBNa4NMUGPcnBZW5s7hwuf3z-TXfHDiXsxDHjA6UAh7lw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 84ms
84ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0C71 15 KB
16 KB 184ms
42ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 01:29:06 GMT
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Jan 2024 01:29:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0C71 16 KB
16 KB 191ms
51ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 21:51:10 GMT
x-content-type-options: nosniff
age: 569152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Jan 2024 21:51:10 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 84ms
83ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame 3EB3 36 KB
14 KB 53ms
52ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C71 0
20 B 85ms
85ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgocCAEqGGJhbm5lckJfdGVzdDJfdHJlYXRtZW50MwoKCAIqBnNlcnZlcgoxCAQqLW15c2lkaWFfYW5hbHl0aWNzX2V4cDEsbXlzaWRpYV9yZWxlYXNlX2NhbmFyeQoNEDIhAAAAQDMz0z8wBAoNEDMhAAAAAAAA8D8wBAoNEDQhAAAAAAAA8D8wBAoNEDUhAAAAAAAA8D8wBAoNEDYhAAAAAAAA8D8wBAoNEDchAAAAAAAA8D8wBAoNEDghAAAA0MzM9D8wBAoNEDkhAAA4MzM3jkAwBAoNEDohAADQzMy0jkAwBAoNEDshAABmZmZqoUAwBAoNEDwhAABmZmZqoUAwBAoNED0hAADOzMxyoUAwBAoNED4hAABmZmZ0oUAwBAoNED8hAABmZmZ0oUAwBAoNEEAhAABmZmaXoUAwBBIaQ05YaXdhcWk5UHdDRmFQTE93SWR6VmdEUXciJ3NjcmVhbS90aHJvbmVfaW1hZ2VfbG9nb19vY2hfaG90Zml4YWJsZSgR

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/9f1a5ca513cd67f408268f629c2a8fce.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame C04B 36 KB
14 KB 52ms
52ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F086 0
20 B 83ms
83ms Ping
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20230125&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame F086 28 KB
28 KB 173ms
110ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 29 Jan 2023 17:04:17 GMT
x-content-type-options: nosniff
age: 240765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 17:04:17 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3746 15 KB
16 KB 147ms
84ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 05:09:29 GMT
x-content-type-options: nosniff
age: 456453
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jan 2024 05:09:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3746 15 KB
15 KB 162ms
99ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 01:29:06 GMT
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Jan 2024 01:29:06 GMT

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame 3F74 36 KB
14 KB 52ms
52ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Host: elstem.eu
URL: http://elstem.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 98ms
97ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230125&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fe8edb18e3d2636c7ff733c22ce49f186a71a73c74156baf68a9cd8de322017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11193
x-xss-protection: 0

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame 31C4 36 KB
14 KB 52ms
51ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame 1CFB 36 KB
14 KB 52ms
52ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Feb 2023 11:57:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 656D 13 KB
5 KB 43ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2076
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:22:26 GMT
expires: Thu, 01 Feb 2024 11:22:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B48E 783 B
536 B 58ms
55ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

499cb70ddf42881251a91bf7bdfcea89192e2c3aba7e3d3ec1a0f7e2bc41ae54

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DoGLe6CM9FJX0f7ToL43RA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://elstem.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-DoGLe6CM9FJX0f7ToL43RA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:57:02 GMT
expires: Wed, 01 Feb 2023 11:57:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js Show response
pagead2.googlesyndication.com/bg/ Frame 656D 36 KB
14 KB 54ms
51ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CCt-TX4C-UC1pEBNoA0lzE8uYZ_Sg6IPn_rSOQp8B5g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 20:21:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 574534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14102
x-xss-protection: 0
last-modified: Tue, 24 Jan 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 20:21:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B48E 0
0 84ms
83ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230125&jk=3298644728497812&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 656D 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XkuP-Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 11:57:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1842 42 B
64 B 87ms
87ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvd3h0QXAQynciEP2a-Y3KHPBZaQxB4Yf-IvwDPp1VtON-nuxzCLFe05sK7yr9c_rycLqP4i2cwYBZYLjlSXXSkmk0cEiR-vemc7sglqxwl6guqDunbaWrXMZIJXKUVo7d0MQlOXA&sai=AMfl-YT1qCvZ7cCSYrDbncrEc1zwmflrwfPILhLkHgDFtomJdK6PDzJwQRsVX6jYelapJn8NO3T1vf_UAqXe&sig=Cg0ArKJSzMyuKY_lTlDVEAE&cid=CAQSGwDUE5ymABpV8GLmPyBk4869A7WqAyZaNG0hgBgB&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1675252619909&rpt=2211&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F086 42 B
64 B 87ms
87ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjste2MEEky1Qi3B53LbefyGVLcbSKGDdIu6mhE50oihD6Te0vVly7LnkeriZnGiYSgbkHEDVXD_xGPDettuVWoaaqpBC_ebTKIVTP8AF1rvEvozAyacI730y1w1_rSE_AOFrs8CgqQ&sai=AMfl-YQzn8_HdmQnZVhzPqzSLwjdNul3MkUlGLsQ-M6cj6MaPbbix9_X2SmcSpzpfh-0tUOMnSrc-cIPcZos&sig=Cg0ArKJSzHsciHYx9Gg-EAE&cid=CAQSGwDUE5ym3ZCvTRbyH5vnIGRQYMs20_PDF1UmPBgB&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230130&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3088186576&rs=2&la=1&cr=0&vs=4&r=v&rst=1675252618837&rpt=3491&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Feb 2023 11:57:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 88ms
88ms Image
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230125&jk=3298644728497812&bg=!v7ylvPjNAAbFy4Ck5cs7ACkAdvg8WgZUA-gUFGEKM5hpoQ21EMAVV7ecdo3AQ_AsBggbbEs6FQJHwwIAAABgUgAAAAJoAQcKAFuXAyQs1xzqdwYmVL7z9M3GMSgOROt0wAjHak3B4eAmp2YWiyNH0K78DF6LUl_Z3qC3rk0lc0G8kkKSWkEK8WhwTlVdAW-cANlblOCyQkvAiNzi-reOgOg2O9JlmQKK1RgSw7a037ZigC0hBOD7fc9NAdj7N8_cnmoTP7Ejh6_ZhJ9UqZkgWnUywEwArpt2OMy8awIzCBw3d8WP520tpFX166Hf9_NOVf70NKgnPvRnXTY3IlZiy5a2WYpTDcpyUWn26DK7f8bd72YnLNYAyv1FZ0PCrUHus1eo2Q8b6SlM8ib5G6-LpY7WuvKi9R7K6l6NYfPK6R43fGfsBRkUEFN6-BYNoEJK4u5XDnJXaUe5k1hu0hX8V9Es6O8K7635rSx6fwejTsoicW6NDnrbPVFjPbrAbAxUenLqxtm2x2CYcdx_r7KRWFGxbF4BfjGqzBHRhNkaXg5Dr1x2pTTySrRT7SfUeEPE4_P7a-ebDL8wGUaS-PJo66vP37Ofti5fDXF31DL9pjDAtlPnvf-EAUGSKwElgnd72KUqzW0vscqkZKk4m9VD_7SS3InJL-3yoEJ_5g2SnhMawYrYJZ6x-bD6xdcbclXg6SyWlOdhHogeyC0olynaI07W6U1LsRCr76BdH2UglcoN9OGNQ7EJkXUX71TfzyMjCMxCpJcyU16bzj5iYcL34uccHuO4sFtnvllHVeocDfIjg3mpRFoFsbyBccTQ03czONTR8Kck7j323ABTzJZ7QvhybUxtpXXurrj9oQcRbGSysOP6FQTolgBQ8qhrWC76mvmqsjhR5QLIQJFnjJXrAeRXVQoRtiRNXAaaL84Mhbz7J5mLmhQI8rJi8eebAnn0NqJrX7RlXfe06gC07ZnpsLHikq3fYaxbYwxE-dVuxHNGsEmc5r0G9y8XOF2L7rtsFRCUFv4FCd0JRrMj7_HJO8sgDlXtNN5y19HxStOCM_9ffoETEktfUtXJ1Ktt7GeKAow
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://elstem.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
elstem.eu/	1969-12-31 23:59:59	Name: 2e8a6538fa2d69b650a00d23a95123ee Value: fdd028216419c3b430fe0e31f571c340
elstem.eu/	1970-01-20 09:25:11	Name: userReferer Value: eyJtZWRpdW0iOiJ1bmtub3duIiwic291cmNlIjoiIn0%3D
.elstem.eu/	1970-01-20 18:42:28	Name: __gads Value: ID=e0eb6e140596dc4b-22111e3f80db00ee:T=1675252618:RT=1675252618:S=ALNI_Maq4IBx-ksEPe6st_L0_FkKq4_XLQ
.elstem.eu/	1970-01-20 18:42:28	Name: __gpi Value: UID=00000bad5b72772e:T=1675252618:RT=1675252618:S=ALNI_MbEpyHSAhHOAQ8zXQAixRCUwtApsQ
.doubleclick.net/	1970-01-20 09:20:56	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 18:42:28	Name: IDE Value: AHWqTUlx_kxSTSgznDdDHD0mnhIe_1kqBUzAciwhcahwHEQvaaKKWljG856ZTL5wYYg
.3lift.com/	1970-01-20 11:30:28	Name: tluid Value: 3566989096087031904305
.adform.net/	1970-01-20 10:01:11	Name: C Value: 1
.travelaudience.com/	1970-01-20 18:48:14	Name: _tracker Value: %7B%22UUID%22%3A%22B178D401-68D3-4D08-BED0-6B72D966AF39%22%7D
.adfarm1.adition.com/	1970-01-20 11:30:28	Name: UserID1 Value: 7195155215479863446
.adform.net/	1970-01-20 10:47:16	Name: uid Value: 847482504113047011
.bidswitch.net/	1970-01-20 18:06:28	Name: tuuid Value: dc2f714e-aca9-4efe-9753-e6b778fb56d1
.bidswitch.net/	1970-01-20 18:06:28	Name: c Value: 1675252620
.bidswitch.net/	1970-01-20 18:06:28	Name: tuuid_lu Value: 1675252620
.everesttech.net/	1970-01-20 18:06:28	Name: everest_g_v2 Value: g_surferid~Y9pTjQAAA-67UwAh
.mathtag.com/	1970-01-20 18:46:47	Name: uuid Value: 543363da-538e-4600-bf50-49e9c144b6d3
.mathtag.com/	1970-01-20 10:04:04	Name: mt_mop Value: 4:1675252622

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.travelaudience.com
adservice.google.com
adservice.google.de
c1.adform.net
cm.g.doubleclick.net
dclk-match.dotomi.com
dsp.adfarm1.adition.com
eb2.3lift.com
elstem.eu
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
match.adsrvr.org
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
ssbsync.smartadserver.com
sync-tm.everesttech.net
sync.mathtag.com
sync.teads.tv
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
142.250.185.66
151.101.2.49
170.130.40.14
18.193.153.159
185.29.132.241
185.86.137.108
2.18.69.48
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::200a
2a00:1450:4001:828::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2002
2a00:1450:400d:805::2002
2a00:1450:400d:80d::2002
2a00:1450:400d:80e::2002
2a02:fa8:8806:12::1370
3.33.220.150
34.98.67.61
35.190.0.66
37.157.6.233
69.173.144.138
76.223.111.18
85.114.159.93
067f01ab9d9aec24bf30157cdd769a4625c415d2db3366d3c039e98c0b31fc8a
07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a
082b7e4d7e02f940b5a4404da00d25cc4f2e619fd283a20f9ffad2390a7c0798
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc2a0b5bb605f6e04ec1547fd988badcbb11bcc51ee6d8a2eb9f066c6714a0c
0e8cf6358098cc355d0e7fb443159e93d83a5832570ebb1ab15609b60c1ccdbc
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c4ee54ddd9966cf45e32c29842f92d9a6b55eed5e3a53456f53cf747bb83ed2
2037abfb39f9ca7887e829675159cfe678bfa6171374a025b54b6de3fba192ae
2153e93a2e601ce9d1787e684f2ee21bba1ac3ff6fd5022e96197ff7848e8332
25f0660b413822826a8248d8058a465b0d7df5c8ea347bec1713f6ab360cc7dd
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
416b7d85025652bbce8b4e11805d33f2ffa5e6f1d83b4ecc54c6964b1947bf6f
4370122af0715a15b6a6ecb787b18de826a304761a29d998c9ec50905fbef3a9
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
499cb70ddf42881251a91bf7bdfcea89192e2c3aba7e3d3ec1a0f7e2bc41ae54
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e79fa0d66635280df67f28ad935aa03213d3f0c19d9f5459f668d43b7891490
51170a4b170834d9061b8c85adb281b534d13763f76cc4f329e3e39a63277447
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57d5e7f4fc92246cd848ac785e137bddf46e210b044654f57c719ab9bafc0d45
599ebaa78e2fc70662492021606fea05e1fc796cf28be9cfbebe76a286ed1852
5b54ce8cb46dba8c4e3313c5ab325d3639494e4e697f243ed1d2b79082289205
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6017643e655dec75edf1dbdcd281cee21a9be1507da1070b43406a13dbfe7c80
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65161a8bfc314b26da38de6c4c264dbc4880fbf4918d871abce03526bbf831c2
658febf03f1f23a892f589b803b588acd2dd9ee0598d371120652a40ad77902b
682b9a643ebc5c5b7f54f802fe82d4d9117b6cdff3479110b81afdccfd6148c2
6b597bf422617af67b2ffe3e420f0fd2d9a01a3b95020e368c57b2a131151158
6c5dfbda676ecba9be672fa6ef7ac45faa80be19eadf570e3ab7419f6ad17033
71b6005a55fe8deb210b713ac3524662b4460bffdbc3dd1e987d6ea608581db5
8036ee368eb17d6693c86a5ac0a927c811683145fd8fb7dc7e91ff5f609291a8
810a2011c9816c819305fc3d09b660d39c700a9301c5c1e926676e78bf9e97fd
845e8feead41771d09741c6bad7bb74d9b26a08fdfdd0b6ab9b58e6302321322
864bb970dbf64edbe28758fbebfce5692cb51e39363ef7442e3119daf8239ac6
873a016e116ae3da644d79b9f148babd1c79f863dd9a82d4256243d05fc4b62d
8814c22977f023c8b3ed155e0ef4b22e2a47205cd97f2c557a1325713e9bb3d4
8955f4d71feb546d0418b51d02c2f1d31ee4f492915b681ff263ee68d481d26b
8d02f59b4e4e552eabbec6b305103fcb1ab3fa9830b64d852a1702ec7d2139fc
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec50f64921ad3f27786836b128eb33b1e434d0e40f347807777b9e021da15b3
8fe8edb18e3d2636c7ff733c22ce49f186a71a73c74156baf68a9cd8de322017
909e4f36928b8676e7947d125e90b8c2baee1afc6c0dead2ddc05a665811470a
90fef9d0acae0cc250d08d7b98da896c6c0dc6bb33999ffce7819fad76e5ff02
93a4d32ea819c4413cae8d6f7f5af395d610d0cad4daee02e5d4c0cedf9488dc
962b5a0b1058fb793fa137b948d5751e208b016bd67b27f886ba1b888e3ef9c9
99cce4e73afb2ea799f6a12a1ae42ea5745caa0bdd1657a87342591ec627f03a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b9827664a4f7d77fe794512284453a1bbd3f70e71decaed9425a743b6ba3fac
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a354267dabbde19e2d278a8c5fe755c8bb1317137381d8d639e5ec941fb61be6
a482b87b1055665d77c94492bf4739724380d45b00083575738386b2c7ee9d80
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
aa62790834d182e3661f329eb5b9a910e37ce6f8d53d7fb2599483da2f82056b
ad5fb4c161d14915fb891dbb7467ea0e1fb1e5a8c2e8176bdee72c438e97a9d5
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1a7762a2b248637b4fc71f232b62203a0c5c30ff2384210842ff9b78e897d05
c18ac222670912566735de79b1d70144631df8159c51bd8a1166b58a9aee87b3
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c27f9e94c8fef3f382aae6d99cc89871cee469bdfdd4e366a73a8e422bd29175
cbe86b5d283b697e0477f10cb14b1ffee741ba9049ebd59240b8b73ab66590c8
cbf79ae6534b4384dbfc70bce0a5dfc9505956d57ed388ebbac4618919c23799
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da24a7b13f92a560d9ec3fa6273d0bc436c380e506e4c581090a7afdf58a2bd5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f49e505ed04067b64fd4e20028be4c88da787ec3236fa43bd7b9634f8f0e78ee
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8aa8ea1a00b19a0a5a4aab0b1c44ccfa44317b418715abb2a3e7b3a20dc888b

elstem.eu Open in urlscan Pro 170.130.40.14 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

146 Requests

77 %HTTPS

44 %IPv6

22 Domains

26 Subdomains

18 IPs

8 Countries

1715 kBTransfer

4152 kBSize

17 Cookies

0 Outgoing links

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

elstem.eu Open in urlscan Pro
170.130.40.14 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

77 %
HTTPS

44 %
IPv6

22
Domains

26
Subdomains

18
IPs

8
Countries

1715 kB
Transfer

4152 kB
Size

17
Cookies

146 HTTP transactions
10 data transactions