www.tweakschanges.com Open in urlscan Pro
209.126.98.163 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.tweakschanges.com/
Effective URL:
https://www.tweakschanges.com/
Submission Tags: falconsandbox
Submission: On January 04 via api (January 4th 2022, 11:44:53 pm UTC) from US — Scanned from DE

Summary HTTP 165 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 32 IPs in 7 countries across 40 domains to perform 165 HTTP transactions. The main IP is 209.126.98.163, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is www.tweakschanges.com.
TLS certificate: Issued by R3 on December 26th 2021. Valid for: 3 months.

This is the only time www.tweakschanges.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	209.126.98.163 209.126.98.163	30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
13	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
10	163.171.128.148 163.171.128.148	54994 (QUANTILNE...) (QUANTILNETWORKS)
25	172.66.41.9 172.66.41.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
6	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
9	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
12	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	67.202.105.31 67.202.105.31	32748 (STEADFAST) (STEADFAST)
2 8	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
4 4	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 6	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 4	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3 3	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
2 3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	70.42.32.95 70.42.32.95	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	34.254.209.189 34.254.209.189	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	34.248.198.194 34.248.198.194	16509 (AMAZON-02) (AMAZON-02)
2 2	52.57.25.105 52.57.25.105	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.158 38.27.122.158	174 (COGENT-174) (COGENT-174)
2 2	216.52.2.30 216.52.2.30	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
1 2	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
2 2	135.125.160.160 135.125.160.160	16276 (OVH) (OVH)
1	3.120.57.143 3.120.57.143	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2	199.212.255.245 199.212.255.245	25948 (FHMNET) (FHMNET)
27	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
165	32

6 209.126.98.163 (St Louis, United States) 1 redirects

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: usve36976.server4you.net

www.tweakschanges.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 163.171.128.148 (Germany)

ASN54994 (QUANTILNETWORKS, US)

cydia.saurik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rt3056.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.31 (United States)

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.21.141.232 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.79 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.36 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.95 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.209.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-209-189.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.198.194 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-198-194.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.25.105 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-25-105.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.158 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.177.54 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 135.125.160.160 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.57.143 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-57-143.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.212.255.245 (Canada)

ASN25948 (FHMNET, CA)

node228.impressionssl.adshop.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	475 KB
27	infolinks.com resources.infolinks.com router.infolinks.com rt3056.infolinks.com node228.impressionssl.adshop.infolinks.com	542 KB
21	doubleclick.net 6 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	193 KB
18	gstatic.com www.gstatic.com fonts.gstatic.com	364 KB
10	saurik.com cydia.saurik.com	62 KB
9	googleapis.com fonts.googleapis.com	6 KB
8	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	8 KB
7	pubmatic.com 7 redirects image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com	2 KB
7	google.com 2 redirects www.google.com adservice.google.com	2 KB
6	twitter.com platform.twitter.com syndication.twitter.com	150 KB
6	tweakschanges.com 1 redirects www.tweakschanges.com	420 KB
5	googletagservices.com www.googletagservices.com	183 KB
4	adnxs.com 4 redirects ib.adnxs.com	4 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com	1 KB
2	facebook.com 1 redirects www.facebook.com	3 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	647 B
2	dyntrk.com 2 redirects gu.dyntrk.com	850 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	676 B
2	360yield.com 2 redirects ad.360yield.com	650 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	facebook.net connect.facebook.net	84 KB
2	google.de adservice.google.de	914 B
2	google-analytics.com www.google-analytics.com	20 KB
1	sitescout.com 1 redirects pixel-sync.sitescout.com	299 B
1	bidswitch.net x.bidswitch.net	220 B
1	33across.com ssc-cms.33across.com	72 B
1	rfihub.com 1 redirects p.rfihub.com	759 B
1	bnmla.com match.bnmla.com	114 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	944 B
1	sonobi.com sync.go.sonobi.com	478 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	475 B
1	openx.net u.openx.net	305 B
1	onetag-sys.com onetag-sys.com	814 B
1	tynt.com de.tynt.com	289 B
1	googleadservices.com partner.googleadservices.com	648 B
165	40

	Domain	Requested by
27	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
15	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
13	pagead2.googlesyndication.com	www.tweakschanges.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
12	fonts.gstatic.com	fonts.googleapis.com
10	cydia.saurik.com	www.tweakschanges.com
9	fonts.googleapis.com	www.tweakschanges.com googleads.g.doubleclick.net
7	resources.infolinks.com	www.tweakschanges.com resources.infolinks.com
6	cm.g.doubleclick.net	6 redirects
6	www.gstatic.com	www.google.com googleads.g.doubleclick.net
6	www.tweakschanges.com	1 redirects www.tweakschanges.com
5	www.googletagservices.com	googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
5	www.google.com	2 redirects www.tweakschanges.com googleads.g.doubleclick.net tpc.googlesyndication.com
4	ib.adnxs.com	4 redirects
4	image8.pubmatic.com	4 redirects
4	platform.twitter.com	www.tweakschanges.com platform.twitter.com
3	match.adsrvr.org	2 redirects ssum-sec.casalemedia.com
3	ups.analytics.yahoo.com	3 redirects
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com ssum-sec.casalemedia.com
3	rt3056.infolinks.com	resources.infolinks.com www.tweakschanges.com
2	www.facebook.com	1 redirects connect.facebook.net
2	node228.impressionssl.adshop.infolinks.com	www.tweakschanges.com
2	sync-tm.everesttech.net	2 redirects
2	gu.dyntrk.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ap.lijit.com	2 redirects
2	pixel.advertising.com	2 redirects
2	ad.360yield.com	2 redirects
2	sync.1rx.io	2 redirects
2	image4.pubmatic.com	2 redirects
2	syndication.twitter.com	platform.twitter.com www.tweakschanges.com
2	connect.facebook.net	www.tweakschanges.com connect.facebook.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.tweakschanges.com www.google-analytics.com
1	pixel-sync.sitescout.com	1 redirects
1	x.bidswitch.net	ssum-sec.casalemedia.com
1	ssc-cms.33across.com	router.infolinks.com
1	p.rfihub.com	1 redirects
1	match.bnmla.com	router.infolinks.com
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	router.infolinks.com
1	b1sync.zemanta.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	u.openx.net	router.infolinks.com
1	image2.pubmatic.com	1 redirects
1	onetag-sys.com	router.infolinks.com
1	de.tynt.com	router.infolinks.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
165	51

This site contains links to these domains. Also see Links.

Domain
workingwithpixels.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
tweakschanges.com R3	`2021-12-26` - `2022-03-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
ssl2.cdngc.net DigiCert SHA2 High Assurance Server CA	`2021-11-16` - `2022-04-29`	5 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-15` - `2022-07-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-01-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G2	`2021-12-30` - `2023-01-31`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
node228.impressionssl.adshop.infolinks.com R3	`2021-11-01` - `2022-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://www.tweakschanges.com/
Frame ID: E823044595225CFA9D225938D9FBCA22
Requests: 54 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: F7CDEA5013E69ADADA2E8413243A5B17
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&adk=1812271804&adf=3025194257&lmt=1641339882&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.tweakschanges.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339882238&bpp=15&bdt=687&idt=163&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2627453327289&frm=20&pv=2&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=184
Frame ID: 42AF858FF1C8BF15B019590534677027
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.tweakschanges.com
Frame ID: A14DFD5DF3BE20A9351109A1EA5450A6
Requests: 2 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Frame ID: 7BB3A4C54C3E431F8B4689888E572306
Requests: 18 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.21f942bb866c2823339b839747a0c50c.en.html
Frame ID: 2CDD32DF14A6646ED86FB592D08C41E1
Requests: 2 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: 3EF45C37DBE2843F17DCBBA0D1562166
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 677AF08366577F89F7DE2539426BE8E4
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 260B22ECE545B1AFE512B055D5E9EA76
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.2771321384~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=3&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0&nras=2&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2363&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l8pckOiGMG&p=https%3A//www.tweakschanges.com&dtd=14
Frame ID: 889CE679ED98ACFD783F0DFA8C169196
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3088186576&adf=3476139620&pi=t.aa~a.1754647604~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280&nras=3&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2693&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AZPWjf1Uya&p=https%3A//www.tweakschanges.com&dtd=19
Frame ID: B97A9F239B3ED1C908E83A99153EEDE1
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1303732688&pi=t.aa~a.3498274842~rp.4&w=750&lmt=1641339883&nsk=e29f4be3&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jQrtsVpGIz&p=https%3A//www.tweakschanges.com&dtd=24
Frame ID: D3DD003922B3F8750DA91D2D96BA1968
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28
Frame ID: 51740E9B086BDDEAB94313277E4E431F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: CEC7E7C03453710ABA14F07DE1DBB795
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: BA92EFD08D29E6CC7FAD7CA04585E3A5
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: C74AC0CCACD7F4C0CF3982D667E4912F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 48D6CE66B798D6605F04936A758989B6
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: AFDFCA05292A13481F95E64E0E3C86E8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: D7DCDC525786DDA5814796FB406FD856
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7B4FB755CA03C1C5CD44BB31DE819D7E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: 30474E9AEEEDAD070A1BA26EECF8A2C9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js
Frame ID: A3C199BE7E3DF32F0E98C1DF57FE467E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D778175558901792%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfdd42437f78c4%2526domain%253Dwww.tweakschanges.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252Ff3708270a2869f8%2526relation%253Dparent.parent%26container_width%3D320%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftweakschanges%252F%26locale%3Den_GB%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue
Frame ID: 79776DA9E8CE401D73A33B33B240DA2E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E442B6EB954CD83E413C24BF754C280F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 35B00BFDF7FA009DB63E3807D18CA70C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tweaks Changes - All new and updated Cydia Tweaks

Page URL History Show full URLs

http://www.tweakschanges.com/ HTTP 301
https://www.tweakschanges.com/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

165
Requests

90 %
HTTPS

28 %
IPv6

40
Domains

51
Subdomains

32
IPs

7
Countries

2511 kB
Transfer

5160 kB
Size

50
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://workingwithpixels.com/
Title: WWP

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TweaksChanges
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/TweaksChanges
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.youtube.com/c/TheBestCydiaTweaks
Title: YouTube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.tweakschanges.com/ HTTP 301
https://www.tweakschanges.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 46

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkVGOTRDMTUtN0QxNi00NzZDLUFEOTgtNUUwNkZENDdGMjRF&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkVGOTRDMTUtN0QxNi00NzZDLUFEOTgtNUUwNkZENDdGMjRF&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D2EF94C15-7D16-476C-AD98-5E06FD47F24E HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=2EF94C15-7D16-476C-AD98-5E06FD47F24E

Request Chain 47

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=9038970066739705690

Request Chain 49

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-vQY8o6ZE2uEuNuItb9hB3iiDTjsdLPGG4NYuTOc-~A

Request Chain 50

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5204774707 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5204774707 HTTP 302
https://sync.1rx.io/usersync/tradedesk/54eae20f-efd9-4932-9edf-f14ee3cc639b HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003 HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003

Request Chain 51

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 53

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.tweakschanges.com%252F&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252F%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.tweakschanges.com%2F&pid=12306&adnxs_uid=9038970066739705690

Request Chain 55

https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
https://router.infolinks.com/dyn/an-usersync?user_id=f799e2cf-9c8d-496c-857c-dcede314ed0c&partner_id=1531

Request Chain 56

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP4ac706e2-6db8-11ec-9f15-022c60069800 HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-4npRFzRE2uHItL9.41YtgeEs8TPWN39q~A~UP4ac706e2-6db8-11ec-9f15-022c60069800

Request Chain 58

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=d21b8fd49e91ff31f819317e

Request Chain 59

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D2EF94C15-7D16-476C-AD98-5E06FD47F24E HTTP 302
https://router.infolinks.com/dyn/usersync?pmuservalue=2EF94C15-7D16-476C-AD98-5E06FD47F24E

Request Chain 60

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=5108559722144053508

Request Chain 63

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEEss6Dia1lnscmhiUZHSsdI&google_cver=1

Request Chain 64

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&dcc=t

Request Chain 65

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YdTb6zOjzoWNHv3htQseZQAA HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YdTb6zOjzoWNHv3htQseZQAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGeKDJpkLa0VFgw4a8Eejbg&google_cver=1&gdpr=1

Request Chain 67

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

Request Chain 69

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YdTb6wADJlRqDwAF HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YdTb6wADJlRqDwAF&gdpr=1&_test=YdTb6wADJlRqDwAF

Request Chain 70

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1643931883

Request Chain 126

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 157

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 164

https://www.facebook.com/v2.3/plugins/page.php?adapt_container_width=true&app_id=778175558901792&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfdd42437f78c4%26domain%3Dwww.tweakschanges.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.tweakschanges.com%252Ff3708270a2869f8%26relation%3Dparent.parent&container_width=320&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Ftweakschanges%2F&locale=en_GB&sdk=joey&show_facepile=true&small_header=true HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D778175558901792%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfdd42437f78c4%2526domain%253Dwww.tweakschanges.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252Ff3708270a2869f8%2526relation%253Dparent.parent%26container_width%3D320%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftweakschanges%252F%26locale%3Den_GB%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue

165 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.tweakschanges.com/
Redirect Chain

http://www.tweakschanges.com/
https://www.tweakschanges.com/

37 KB
37 KB

5887ms
5512ms

Document
text/html

209.126.98.163
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.126.98.163 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: usve36976.server4you.net
Software: nginx / PHP/5.6.40 PleskLin
Resource Hash: 91faa9ab61d4c8ea63c3aab7094b3e2a18fa94475c2c9a484317a522d54bd0a1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Tue, 04 Jan 2022 23:44:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40 PleskLin

Redirect headers

Server: nginx
Date: Tue, 04 Jan 2022 23:44:36 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 309
Connection: keep-alive
Location: https://www.tweakschanges.com/
X-Powered-By: PleskLin

GET
H/1.1 200
OK a48e4a7a436819146a7c829db779a2b6.css
www.tweakschanges.com/assets/cache/ 132 KB
132 KB 203ms
118ms Stylesheet
text/css 209.126.98.163
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tweakschanges.com/assets/cache/a48e4a7a436819146a7c829db779a2b6.css
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.126.98.163 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: usve36976.server4you.net
Software: nginx / PleskLin
Resource Hash: ca35b932f51f2e89016d40c53241db329f1b7c29381d53d69e0eeec5baf40a27

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:42 GMT
Last-Modified: Fri, 04 Dec 2020 09:16:10 GMT
Server: nginx
X-Powered-By: PleskLin
ETag: "5fc9fe5a-20fc6"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 135110

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 92ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ded2dba8c1e83920a5eea2317c3b8a555b2f26c5499f3a243160c7976d15b532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51895
x-xss-protection: 0
server: cafe
etag: 15541374141317369785
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 04 Jan 2022 23:44:42 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
970 B 43ms
15ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f5844d119b0d7d2d0f427bb92c5e16959b51f66509c63bf2f44a4795d7886537

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Tue, 04 Jan 2022 23:44:42 GMT

GET
H/1.1 200
OK xc.lzsxcl.h2.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 492ms
431ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/xc.lzsxcl.h2.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdTb6wqOTUYAAHM@d@AAAABM
Via: 1.1 PSdgflkfFRA1bc200:5 (W), 1.1 PSdgflkfFRA1gi91:15 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:43 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_35822-17913
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1gi91FRA,ms PSdgflkfFRA1bc200FRA(origin)
Connection: keep-alive

GET
H/1.1 200
OK topme.ios.fakegps.png
cydia.saurik.com/icon@2x/ 9 KB
9 KB 243ms
181ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/topme.ios.fakegps.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: a67b650bfe7b2da8f5232933efb9c8c1c3b161e4620a9e818086441f6d69abd4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdTb6gq6DQUAAAPm6bAAAAZF
Via: 1.1 PSdgflkfFRA1hb199:6 (W), 1.1 PSdgflkfFRA1bc95:12 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:43 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_36515-3786
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1bc95FRA,ms PSdgflkfFRA1hb199FRA(origin)
Connection: keep-alive

GET
H/1.1 200
OK com.steveham3.groupmessagerenamer.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 69ms
8ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.steveham3.groupmessagerenamer.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdRSdwqOTUYAAHM@upcAAABf
Via: 1.1 shb237:5 (W), 1.1 kf230:7 (W), 1.1 PSdgflkfFRA1bc95:15 (W)
Server: PWS/8.3.1.0.8
Age: 35186
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_32381-19180
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ht PSdgflkfFRA1bc95FRA
Connection: keep-alive

GET
H/1.1 200
OK com.said.jodelkarma.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 70ms
9ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.said.jodelkarma.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdRQswq6DQUAAAPkJ@gAAAYB
Via: 1.1 PS-IAD-01cry236:5 (W), 1.1 PSdgflkfFRA1hb199:8 (W), 1.1 PSdgflkfFRA1dm92:13 (W)
Server: PWS/8.3.1.0.8
Age: 35251
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1eq94_12541-50832
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ht PSdgflkfFRA1dm92FRA
Connection: keep-alive

GET
H/1.1 200
OK com.asmallman.redbag.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 70ms
9ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.asmallman.redbag.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdR3Pgq6DQUAAAPfWysAAASe
Via: 1.1 VMmgasbIAD1pn58:2 (W), 1.1 kf230:1 (W), 1.1 PSdgflkfFRA1dm92:9 (W)
Server: PWS/8.3.1.0.8
Age: 25771
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_35822-17914
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ht PSdgflkfFRA1dm92FRA
Connection: keep-alive

GET
H/1.1 200
OK netskao.awemepurification.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 76ms
15ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/netskao.awemepurification.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdPcUwqOTUYAAHM@FpAAAABC
Via: 1.1 shb237:3 (W), 1.1 PSdgflkfFRA1bc200:12 (W), 1.1 PSdgflkfFRA1eq94:14 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1bc95_29350-59569
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1eq94FRA,ht PSdgflkfFRA1bc200FRA
Connection: keep-alive

GET
H/1.1 200
OK com.said.pubgjbbypass.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 11ms
11ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.said.pubgjbbypass.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdSlbwq6DQUAAAPmaBMAAAZd
Via: 1.1 shb237:1 (W), 1.1 kf230:1 (W), 1.1 PSdgflkfFRA1vg90:15 (W)
Server: PWS/8.3.1.0.8
Age: 13947
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1eq94_12541-50833
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ht PSdgflkfFRA1vg90FRA
Connection: keep-alive

GET
H/1.1 200
OK com.crazymind90.appeditor.png
cydia.saurik.com/icon@2x/ 20 KB
20 KB 13ms
12ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.crazymind90.appeditor.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: e206bce8218b9edcadab09b67baaaf452a492e3ce6187e806ab18dc714f0d587

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdS4pAqOTUYAAHM-HaUAAACW
Via: 1.1 shb237:0 (W), 1.1 kf230:2 (W), 1.1 PSdgflkfFRA1je97:13 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_32381-19182
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1je97FRA,ht kf230FRA
Connection: keep-alive

GET
H/1.1 200
OK me.liuming.apphider.png
cydia.saurik.com/icon@2x/ 10 KB
10 KB 15ms
15ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/me.liuming.apphider.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: f0d14eeddafdc5b95c87fa40a3b4b4da9e625f4b26bba02d145f60ea6c99bcd3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdSvvAqOTUYAAHM@YUkAAABP
Via: 1.1 PS-IAD-01cry236:4 (W), 1.1 PSdgflkfFRA1hb199:5 (W), 1.1 PSdgflkfFRA1je97:7 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1gi91_35822-17915
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1je97FRA,ht PSdgflkfFRA1hb199FRA
Connection: keep-alive

GET
H/1.1 200
OK com.erik.simpleapplock.png
cydia.saurik.com/icon@2x/ 3 KB
3 KB 11ms
10ms Image
image/png 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cydia.saurik.com/icon@2x/com.erik.simpleapplock.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-Cypeed: YdSckgq6DQUAAAPmT3oAAAZD
Via: 1.1 PS-IAD-01cry236:3 (W), 1.1 kf230:6 (W), 1.1 PSdgflkfFRA1vg90:15 (W)
Server: PWS/8.3.1.0.8
Date: Tue, 04 Jan 2022 23:44:42 GMT
X-Ws-Request-Id: 61d4dbea_PSdgflkfFRA1bc95_29350-59570
Content-Type: image/png
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
X-Px: ms PSdgflkfFRA1vg90FRA,ht kf230FRA
Connection: keep-alive

GET
H/1.1 200
OK 1686292b5d563bd6f0b4ac8facad31e8.js Show response
www.tweakschanges.com/assets/cache/ 162 KB
162 KB 402ms
253ms Script
text/javascript 209.126.98.163
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tweakschanges.com/assets/cache/1686292b5d563bd6f0b4ac8facad31e8.js
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.126.98.163 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: usve36976.server4you.net
Software: nginx / PleskLin
Resource Hash: 8966f69ca34f4a36d84479c907850349fdd81c18934f7d1d2517101ce16c0281

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:42 GMT
Last-Modified: Sat, 25 Aug 2018 09:03:49 GMT
Server: nginx
X-Powered-By: PleskLin
ETag: "5b811b75-28846"
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 165958

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 51ms
22ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45a070473f1aa1d15aa41ff8e3b27b733e5e54d0fd50ccfe912ab15712807827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c88561c2ef22bca-FRA
date: Tue, 04 Jan 2022 23:44:42 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 03 Jan 2022 19:10:39 GMT
server: cloudflare
age: 2018
etag: W/"d5f-5d4b246b74b78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 05 Jan 2022 00:11:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2616
date: Tue, 04 Jan 2022 23:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 05 Jan 2022 01:01:06 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
100 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7853613394601642&plah=www.tweakschanges.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 04 Jan 2022 23:44:42 GMT

GET
H/1.1 200
OK logo.png
www.tweakschanges.com/assets/img/ 5 KB
6 KB 125ms
125ms Image
image/png 209.126.98.163
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tweakschanges.com/assets/img/logo.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/assets/cache/a48e4a7a436819146a7c829db779a2b6.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.126.98.163 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: usve36976.server4you.net
Software: nginx / PleskLin
Resource Hash: 5462a40dcca1ac8cdc6073d7e2d9dbd7a85653aa8f3b7fed3e5b74a23c04ae50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/assets/cache/a48e4a7a436819146a7c829db779a2b6.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:42 GMT
Last-Modified: Wed, 11 May 2016 22:24:13 GMT
Server: nginx
X-Powered-By: PleskLin
ETag: "5733b10d-1580"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5504

GET
H/1.1 200
OK fontawesome-webfont.woff
www.tweakschanges.com/assets/fonts/ 82 KB
82 KB 118ms
117ms Font
application/octet-stream 209.126.98.163
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tweakschanges.com/assets/fonts/fontawesome-webfont.woff?v=4.1.0
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/assets/cache/a48e4a7a436819146a7c829db779a2b6.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.126.98.163 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),
Reverse DNS: usve36976.server4you.net
Software: nginx / PleskLin
Resource Hash: 66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

Request headers

Referer: https://www.tweakschanges.com/assets/cache/a48e4a7a436819146a7c829db779a2b6.css
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:42 GMT
Last-Modified: Wed, 11 May 2016 21:56:42 GMT
Server: nginx
X-Powered-By: PleskLin
ETag: "5733aa9a-14730"
Content-Type: text/plain
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 83760

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame F7CD 11 KB
5 KB 38ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 04 Jan 2022 18:37:20 GMT
expires: Tue, 18 Jan 2022 18:37:20 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 18442
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 73ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: 97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:35:27 GMT
Server: ECS (frb/6739)
Age: 1088
Etag: "50ec7e701ed018305368886c39cac301+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29126

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/ 348 KB
137 KB 41ms
7ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/VZKEDW9wslPbEc9RmzMqaOAP/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tweakschanges.com/
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 21:02:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139097
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 05:04:24 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 21:02:49 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 31ms
15ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=945924345&t=pageview&_s=1&dl=https%3A%2F%2Fwww.tweakschanges.com%2F&ul=en-us&de=UTF-8&dt=Tweaks%20Changes%20-%20All%20new%20and%20updated%20Cydia%20Tweaks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=639969894&gjid=282270493&cid=1742053608.1641339882&tid=UA-1721190-35&_gid=589788852.1641339882&_r=1&_slc=1&z=209481840

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tweakschanges.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tweakschanges.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
648 B 50ms
15ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.tweakschanges.com&callback=_gfp_s_&client=ca-pub-7853613394601642

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7853613394601642&plah=www.tweakschanges.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

143e7e770f65cf3caba18e5fbaf7fdfe777342a969be2b433835d98f0c0cabbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 40ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tweakschanges.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tweakschanges.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 42AF 169 KB
44 KB 1177ms
1161ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&adk=1812271804&adf=3025194257&lmt=1641339882&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.tweakschanges.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339882238&bpp=15&bdt=687&idt=163&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2627453327289&frm=20&pv=2&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=184

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

614e75cdd2cd0d539d8ce32c95e50ab0f6fe52ea5664bb7556688abae5cc8b5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 44515
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 Jan 2022 23:44:44 GMT
cache-control: private

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 28ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6ff124b34a23a43a24f081af1684dda2899c72cc881d56bb378f8cf27cc34c2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: hrNirjoh7FNun1C6qp97Sw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: pTCtDS67iE6LI5joJjycvpF1Lc7BToG6HVAkd5hl1nOhjfgEJBa3pmfO7IPVlqLUSNKUXVi7MXeEA9gXqXMZwQ==
x-fb-trip-id: 917726464
x-fb-content-md5: 5069f69653cf396c78b62839383b74e8
x-frame-options: DENY
date: Tue, 04 Jan 2022 23:44:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "c9476e03910c28957b872e9f26a13f9c"
timing-allow-origin: *
expires: Tue, 04 Jan 2022 23:50:05 GMT

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ 207 KB
67 KB 23ms
23ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c88561e592f2bca-FRA
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 29 Dec 2021 10:27:21 GMT
server: cloudflare
age: 4037
etag: W/"33cd8-5d446620e56ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 03 Feb 2022 22:37:26 GMT

GET
H/1.1 200
OK widget_iframe.21f942bb866c2823339b839747a0c50c.html Show response
platform.twitter.com/widgets/ Frame A14D 319 KB
103 KB 10ms
9ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.tweakschanges.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2258297
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 04 Jan 2022 23:44:43 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Thu, 02 Dec 2021 21:34:18 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6739)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 41ms
15ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/assets/cache/1686292b5d563bd6f0b4ac8facad31e8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:11:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:43 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:43 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame A14D 232 B
447 B 134ms
111ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=c0ce20157c694a31b0ae13ef3200b30751f5ee2d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.tweakschanges.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-response-time: 104
date: Tue, 04 Jan 2022 23:44:42 GMT
content-encoding: gzip
last-modified: Tue, 04 Jan 2022 23:44:43 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: bc8c10539e356ad3e590e23b2e0f72743e1f7e03ec2f560273175596bff91b67
content-length: 166

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 290 KB
82 KB 17ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=86b12a5919a739234439c2b9f9acd72c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16da101757c67ceae14f5bdd63f157c6e8a2cf4259d80072490cc204e3e1bea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.tweakschanges.com/
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: aszi58UETew7pc49hpE1kA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 83418
x-fb-rlafr: 0
x-fb-debug: NaBkHshHJNR/JgrPp/ECb21CS18f9CXVTTGrZcfldUQqY1F4qR1YB9SFQYGne6JckHtBRvt3WAzDcf1SAjQKLw==
x-fb-content-md5: 22ce7a266faa4bbea8915a4f8783c620
x-frame-options: DENY
date: Tue, 04 Jan 2022 23:44:43 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "607d114cb9cf71e443135a034e814c33"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 04 Jan 2023 21:29:38 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 38ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 597037
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 01:54:06 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ 12 KB
12 KB 40ms
11ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 11:23:17 GMT
x-content-type-options: nosniff
age: 44486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11860
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Jan 2023 11:23:17 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 35ms
13ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.tweakschanges.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 13008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Jan 2023 20:07:55 GMT

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 7BB3 9 KB
2 KB 133ms
124ms Document
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b817700ba0db45da21a12ccd48134663e88290465fc9c7e0f30ff0ec6f4b559

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c88561f2a142bca-FRA
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
44 B 128ms
123ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c88561f2a162bca-FRA
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 321 B
525 B 117ms
112ms Script
text/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F&jsv=1775.005-3.025.ab.1771.005-3.025&_cb=16413398827120
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88293fc9cd99c5e2952c6a91a7e5ade2e5f3f75b54ab363b3ca07b6a627a019e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cache-control: max-age=0
cf-ray: 6c88561f2a182bca-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js Show response
platform.twitter.com/js/ 7 KB
3 KB 7ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: 186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:34:11 GMT
Server: ECS (frb/6739)
Age: 2258298
Etag: "e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK follow_button.21f942bb866c2823339b839747a0c50c.en.html Show response
platform.twitter.com/widgets/ Frame 2CDD 36 KB
14 KB 7ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.21f942bb866c2823339b839747a0c50c.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6739) /
Resource Hash: be0d47110b6ef3e7efa5a47c9d3665bc955046da0073c074b93c1e4a3553eb55

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2258295
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Tue, 04 Jan 2022 23:44:43 GMT
Etag: "3f25eb725a3d06a99339655298fec2e4+gzip"
Last-Modified: Thu, 02 Dec 2021 21:34:12 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6739)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13631

GET
DATA 200
OK truncated
/ Frame 2CDD 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 doq.htm Show response
rt3056.infolinks.com/action/ 1 KB
1 KB 478ms
451ms XHR
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3056.infolinks.com/action/doq.htm?pcode=utf-8&r=16413398828491
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a16bec6c2ae872bc878992544f3b03b6b4af19547d01a758a25139691a14b1f

Request headers

Referer: https://www.tweakschanges.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
x-application-context: application:prod
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-language: de-DE
access-control-allow-origin: https://www.tweakschanges.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
cf-ray: 6c885620296b2c56-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
de.tynt.com/deb/ Frame 3EF4 75 B
289 B 348ms
113ms Document
text/html 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Wed, 05 Jan 2022 23:44:43 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Tue, 04 Jan 2022 23:44:43 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

19ms
19ms

Document
text/html

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fa09c0b087990cb648cb910b443ba6953ea096770db3b3617cd2a946c4b071a6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|241|45|39|196|51|88|64
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1633
Expires: Tue, 04 Jan 2022 23:44:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 04 Jan 2022 23:44:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 260B 2 KB
814 B 36ms
10ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkVGOTRDMTUtN0QxNi00NzZDLUFEOTgtNUUwNkZENDdGMjRF&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkVGOTRDMTUtN0QxNi00NzZDLUFEOTgtNUUwNkZENDdGMjRF&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D2EF94C15-7D16-476C-AD98-5E06FD47F24E
https://router.infolinks.com/dyn/pbm-usync?uid=2EF94C15-7D16-476C-AD98-5E06FD47F24E

0
210 B

114ms
114ms

Image
text/html

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=2EF94C15-7D16-476C-AD98-5E06FD47F24E
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 6c8856236e762bca-FRA
content-length: 0
expires: Mon, 04 Jan 2021 23:44:44 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=2EF94C15-7D16-476C-AD98-5E06FD47F24E
date: Tue, 04 Jan 2022 23:44:42 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=9038970066739705690

35 B
188 B

177ms
177ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=9038970066739705690
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856208b562bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:43 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
X-Proxy-Origin: 194.36.108.20; 194.36.108.20; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1a740654-e431-4393-a26a-0142a93a02a8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=9038970066739705690
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cm
u.openx.net/w/1.0/ Frame 7BB3 43 B
305 B 61ms
17ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-vQY8o6ZE2uEuNuItb9hB3iiDTjsdLPGG4NYuTOc-~A

35 B
210 B

116ms
115ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-vQY8o6ZE2uEuNuItb9hB3iiDTjsdLPGG4NYuTOc-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856217c2b2bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:43 GMT

Redirect headers

location: https://router.infolinks.com/dyn/VR-usync?uid=y-vQY8o6ZE2uEuNuItb9hB3iiDTjsdLPGG4NYuTOc-~A
date: Tue, 04 Jan 2022 23:44:43 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5204774707
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5204774707
https://sync.1rx.io/usersync/tradedesk/54eae20f-efd9-4932-9edf-f14ee3cc639b
https://sync.targeting.unrulymedia.com/csync/RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003
https://router.infolinks.com/dyn/r1-usync?uid=RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003

35 B
275 B

113ms
113ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856236e6a2bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:44 GMT

Redirect headers

location: https://router.infolinks.com/dyn/r1-usync?uid=RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003
date: Tue, 04 Jan 2022 23:44:44 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXf60c5ad400cd4c1eb3a518c56402c26a003
content-type: text/html

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
90 B

111ms
111ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store
cf-ray: 6c8856228d592bca-FRA
content-length: 35

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 7BB3 0
478 B 75ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame 7BB3
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.tweakschanges.com%252F&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252F%26pid%3D12306%26adnxs_uid%3D%24UID
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.tweakschanges.com%2F&pid=12306&adnxs_uid=9038970066739705690

95 B
944 B

137ms
29ms

Image
image/png

34.254.209.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.tweakschanges.com%2F&pid=12306&adnxs_uid=9038970066739705690

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F

Protocol

HTTP/1.1

Server

34.254.209.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-254-209-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 04 Jan 2022 23:44:43 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 04 Jan 2022 23:44:43 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
X-Proxy-Origin: 194.36.108.20; 194.36.108.20; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b59e9102-3250-4342-b799-e249198a4eca
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.tweakschanges.com%2F&pid=12306&adnxs_uid=9038970066739705690
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 7BB3 42 B
233 B 273ms
88ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

an-usersync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fan-usersync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
https://router.infolinks.com/dyn/an-usersync?user_id=f799e2cf-9c8d-496c-857c-dcede314ed0c&partner_id=1531

35 B
199 B

112ms
112ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/an-usersync?user_id=f799e2cf-9c8d-496c-857c-dcede314ed0c&partner_id=1531
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856213c012bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:43 GMT

Redirect headers

location: https://router.infolinks.com/dyn/an-usersync?user_id=f799e2cf-9c8d-496c-857c-dcede314ed0c&partner_id=1531
date: Tue, 04 Jan 2022 23:44:43 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP4ac706e2-6db8-11ec-9f15-022c60069800
https://router.infolinks.com/dyn/outh-usync?uid=y-4npRFzRE2uHItL9.41YtgeEs8TPWN39q~A~UP4ac706e2-6db8-11ec-9f15-022c60069800

35 B
234 B

120ms
119ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-4npRFzRE2uHItL9.41YtgeEs8TPWN39q~A~UP4ac706e2-6db8-11ec-9f15-022c60069800
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c885621ac632bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:43 GMT

Redirect headers

location: https://router.infolinks.com/dyn/outh-usync?uid=y-4npRFzRE2uHItL9.41YtgeEs8TPWN39q~A~UP4ac706e2-6db8-11ec-9f15-022c60069800
date: Tue, 04 Jan 2022 23:44:43 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK usersync
match.bnmla.com/ Frame 7BB3 0
114 B 533ms
96ms Image
text/plain 38.27.122.158
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:44 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
https://router.infolinks.com/dyn/sovrn-usync?uid=d21b8fd49e91ff31f819317e

35 B
217 B

248ms
248ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=d21b8fd49e91ff31f819317e
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c885623aecc2bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:44 GMT

Redirect headers

Date: Tue, 04 Jan 2022 23:44:44 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=d21b8fd49e91ff31f819317e
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

usersync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D2EF94C15-7D16-476C-AD98-5E06FD47F24E
https://router.infolinks.com/dyn/usersync?pmuservalue=2EF94C15-7D16-476C-AD98-5E06FD47F24E

0
164 B

116ms
115ms

Image
text/plain

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/usersync?pmuservalue=2EF94C15-7D16-476C-AD98-5E06FD47F24E
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
cache-control: no-store
cf-ray: 6c8856236e752bca-FRA
content-length: 0

Redirect headers

location: https://router.infolinks.com/dyn/usersync?pmuservalue=2EF94C15-7D16-476C-AD98-5E06FD47F24E
date: Tue, 04 Jan 2022 23:44:42 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame 7BB3
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=5108559722144053508

35 B
199 B

113ms
113ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=5108559722144053508
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856237e982bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:44 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=5108559722144053508
Date: Tue, 04 Jan 2022 23:44:44 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 7BB3 0
72 B 355ms
114ms Image
text/plain 67.202.105.24
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-105.static.steadfastdns.net
Software: 33XP003 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status: 2000208
date: Tue, 04 Jan 2022 23:44:43 GMT
server: 33XP003

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame 7BB3 0
35 B 112ms
111ms Image
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/usync/manage?pid=1472363&wsid=2&pdom=www.tweakschanges.com&purl=https%3A%2F%2Fwww.tweakschanges.com%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c885621ecb52bca-FRA
content-length: 0

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEEss6Dia1lnscmhiUZHSsdI&google_cver=1

43 B
315 B

14ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEEss6Dia1lnscmhiUZHSsdI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 Jan 2022 23:44:43 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEEss6Dia1lnscmhiUZHSsdI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 677A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&dcc=t

43 B
645 B

105ms
105ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

HTTP/1.1

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1FYMB3AMRFCFY53KGRGC
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 66NJS5JT635MD1PBRGV6
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YdTb6zOjzoWNHv3htQseZQAABKsAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YdTb6zOjzoWNHv3htQseZQAA
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YdTb6zOjzoWNHv3htQseZQAA&google_tc=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGeKDJpkLa0VFgw4a8Eejbg&google_cver=1&gdpr=1

43 B
999 B

13ms
12ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGeKDJpkLa0VFgw4a8Eejbg&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 Jan 2022 23:44:43 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGeKDJpkLa0VFgw4a8Eejbg&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 677A 70 B
265 B 91ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

43 B
315 B

11ms
10ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 04 Jan 2022 23:44:43 GMT

Redirect headers

date: Tue, 04 Jan 2022 23:44:43 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 677A 43 B
220 B 449ms
7ms Image
image/gif 3.120.57.143
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.57.143 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-57-143.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 04 Jan 2022 23:44:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YdTb6wADJlRqDwAF
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YdTb6wADJlRqDwAF&gdpr=1&_test=YdTb6wADJlRqDwAF

43 B
998 B

13ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YdTb6wADJlRqDwAF&gdpr=1&_test=YdTb6wADJlRqDwAF
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 Jan 2022 23:44:43 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1641339884.743885,VS0,VE0
x-served-by: cache-hhn4029-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YdTb6wADJlRqDwAF&gdpr=1&_test=YdTb6wADJlRqDwAF
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 677A
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1643931883

43 B
982 B

17ms
12ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1643931883
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 04 Jan 2022 23:44:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 04 Jan 2022 23:44:43 GMT

Redirect headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:42 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1643931883
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 677A 35 B
252 B 112ms
111ms Image
image/gif 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=YdTb6zOjzoWNHv3htQseZQAA%261195
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c8856208b5c2bca-FRA
content-length: 35
expires: Mon, 04 Jan 2021 23:44:43 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 122ms
122ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.tweakschanges.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1641339882951%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%229fd78d5%3A1638479056965%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 114
pragma: no-cache
last-modified: Tue, 04 Jan 2022 23:44:43 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: bc8c10539e356ad3e590e23b2e0f72743e1f7e03ec2f560273175596bff91b67
x-transaction: 275536139cb0e0d9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 in_search.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ 123 KB
46 KB 22ms
21ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/in_search.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c885622fe0c2bca-FRA
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 29 Dec 2021 10:27:21 GMT
server: cloudflare
age: 3745
etag: W/"1eb61-5d446620e52c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 03 Feb 2022 22:42:19 GMT

GET
H2 200 bubble.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ 156 KB
47 KB 30ms
30ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/bubble.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c885622fe0e2bca-FRA
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 29 Dec 2021 10:27:21 GMT
server: cloudflare
age: 3881
etag: W/"27044-5d446620e4ede"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 03 Feb 2022 22:40:03 GMT

GET
H2 200 getads.htm Show response
rt3056.infolinks.com/action/ 1 KB
730 B 268ms
267ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3056.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22apple%22%2C%22scs%22%3A%22B7jnKQXBez%22%7D%5D&rid=2afd9e32-058e-4039-9225-1f33e6549d02&jsv=1775.005-3.025.ab.1771.005-3.025&sr=1600X1200&rts=1641339883392&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fwww.tweakschanges.com%2F&tzo=-0000&c=c&strg=true&rsd=YOb-j0QPKBa4kdiscEW-SaRkpDszbALhhLWvIFkL2_KmFIun3pdhghH6xLMimgoXlGceTq40UT4zH7bHvHTyKPcq2BnphmfikocQCUse4Jtrepu1rtI7sKPXoEVLsOIpWGkPPpX2v0wsNKMr-ZcJG4T6jYh9SCLy&rsk=56&rcs=rzRcOMnXRsmGgheeSFRpzA&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e5beb43540c8fb507a97589bce63ca6f84ec5601621ee055b690cb65cc15ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c8856236e682bca-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 in_text.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ 10 KB
4 KB 22ms
21ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/in_text.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1771.005-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10000e50858213f4e33be0c6e50ffac69e77fe180e9aa08d4aa241273506bb91

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c8856236e732bca-FRA
date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 29 Dec 2021 10:27:21 GMT
server: cloudflare
age: 319
etag: W/"29f5-5d446620e4af6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 03 Feb 2022 23:39:25 GMT

GET
H2 200 loader.gif
resources.infolinks.com/static/skins/ 962 B
1 KB 21ms
20ms Image
image/gif 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.infolinks.com/static/skins/loader.gif
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b8ee13d35110d7006bc5c5147ee0a0c6c3e1f26b2f246b8d5e57edf4f6b97b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: HIT
age: 10915
cf-polished: origSize=1631, status=webp_bigger
content-length: 962
last-modified: Mon, 14 Nov 2016 12:31:03 GMT
server: cloudflare
etag: "65f-54142035d0066"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
expires: Thu, 03 Feb 2022 20:42:49 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6c885623aec02bca-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 loader-bg.png
resources.infolinks.com/static/skins/ 902 B
1 KB 20ms
19ms Image
image/webp 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.infolinks.com/static/skins/loader-bg.png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ddb995fe37710a4be439e4e3f45016cd7b7ecfa3423a29e4f4f4dcce63efff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
via: 1.1 google
cf-cache-status: HIT
age: 8346
cf-polished: origFmt=png, origSize=1488
content-disposition: inline; filename="loader-bg.webp"
content-length: 902
last-modified: Mon, 14 Nov 2016 12:31:03 GMT
server: cloudflare
etag: "5d0-541420359b4a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 03 Feb 2022 21:25:38 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6c885623aec32bca-FRA
cf-bgj: imgq:85,h2pri

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42AF 0
20 B 39ms
39ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20211207&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&adk=1812271804&adf=3025194257&lmt=1641339882&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.tweakschanges.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339882238&bpp=15&bdt=687&idt=163&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2627453327289&frm=20&pv=2&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=184

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 149 KB
53 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54385
x-xss-protection: 0
server: cafe
etag: 4993246191385855005
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tweakschanges.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tweakschanges.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 889C 85 KB
29 KB 829ms
828ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.2771321384~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=3&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0&nras=2&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2363&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l8pckOiGMG&p=https%3A//www.tweakschanges.com&dtd=14

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa459a94616984ec586a505dda19782dadab47693c6e7d5160b8cc510f9610a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 04 Jan 2022 23:44:45 GMT
server: cafe
content-length: 29755
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B97A 81 KB
28 KB 463ms
463ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3088186576&adf=3476139620&pi=t.aa~a.1754647604~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280&nras=3&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2693&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AZPWjf1Uya&p=https%3A//www.tweakschanges.com&dtd=19

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9453b7a89481212126ee982b2501db1ba673a33064045521dedfe030d562cf9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 29042
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D3DD 114 KB
40 KB 410ms
410ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1303732688&pi=t.aa~a.3498274842~rp.4&w=750&lmt=1641339883&nsk=e29f4be3&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jQrtsVpGIz&p=https%3A//www.tweakschanges.com&dtd=24

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fdca495293c1474f3a74dbb3b469c838137019ec132a45030940d8c88f3f60b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 41328
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5174 114 KB
40 KB 625ms
625ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2ddc8c94dc722b334aee513564e7d1a8cd67af1a995db84b44dd67fa68c8df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 41377
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adview.htm
rt3056.infolinks.com/action/ 0
135 B 473ms
472ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3056.infolinks.com/action/adview.htm?rid=2afd9e32-058e-4039-9225-1f33e6549d02&bdc=1&midx=0&emd=NDI0fmFwaS5hcHB0YXAuY29t&rts=1641339883688&prod_t=d&jsv=1775.005-3.025.ab.1771.005-3.025&skin=sidebar&theme=def&sdata=apple&scs=B7jnKQXBez&rsd=YOb-j0QPKBa4kdiscEW-SaRkpDszbALhhLWvIFkL2_KmFIun3pdhghH6xLMimgoXlGceTq40UT4zH7bHvHTyKPcq2BnphmfikocQCUse4Jtrepu1rtI7sKPXoEVLsOIpWGkPPpX2v0wsNKMr-ZcJG4T6jYh9SCLy&rsk=56&rcs=rzRcOMnXRsmGgheeSFRpzA
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c88562548b02bca-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
node228.impressionssl.adshop.infolinks.com/impression/ 37 B
221 B 955ms
97ms Image
image/gif 199.212.255.245
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1415712148&agy=414981&aid=637313&cid=640282&gid=643136&id=643139&st=1641339883&kwid=0&skw=apple&sid=1472363_2&sip=3257166848&img=643139&pid=15&tid=2&dev=0&mtyp=502&agtyp=0&rid=2afd9e32-058e-4039-9225-1f33e6549d02&idfa=&gaid=&site_cat=5&pixel=1
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.245 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 21:13:42 GMT
x-replied-from: 199.212.255.224:26080
server: nginx/1.16.1
content-type: image/gif
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 37
expires: 0

GET
H2 200 /
node228.impressionssl.adshop.infolinks.com/impression/ 367 KB
368 KB 954ms
97ms Image
image/png 199.212.255.245
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1415712148&agy=414981&aid=637313&cid=640282&gid=643136&id=643139&st=1641339883&kwid=0&skw=apple&sid=1472363_2&sip=3257166848&img=643139&pid=15&tid=2&dev=0&mtyp=502&agtyp=0&rid=2afd9e32-058e-4039-9225-1f33e6549d02&idfa=&gaid=&site_cat=5&mime=image/png
Requested by: Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.245 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: d94bac38691c9f17500412df310412c391ef4bfe68a4b27abce05c4879af0d57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 21:13:42 GMT
x-replied-from: 199.212.255.75:26080
server: nginx/1.16.1
content-type: image/png
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 375756
expires: 0

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame CEC7 11 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 04 Jan 2022 19:07:16 GMT
expires: Tue, 18 Jan 2022 19:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 16648
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame CEC7 4 KB
634 B 31ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:16:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CEC7 205 B
229 B 21ms
7ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 02 Jan 2022 02:17:40 GMT
x-content-type-options: nosniff
age: 250024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 02 Jan 2023 02:17:40 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CEC7 604 B
628 B 21ms
7ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 20:32:52 GMT
x-content-type-options: nosniff
age: 97912
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 03 Jan 2023 20:32:52 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame CEC7 19 KB
9 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:19:59 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BA92 3 KB
579 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:16:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BA92 1 KB
880 B 26ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:28:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:28:25 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame BA92 19 KB
8 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:41:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BA92 2 KB
1 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1097
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:26:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA92 119 KB
37 KB 52ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BA92 15 KB
6 KB 22ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:39:14 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame BA92 27 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Apr 2022 22:16:39 GMT

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame C74A 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Host: www.tweakschanges.com
URL: https://www.tweakschanges.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16245
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D3DD 6 KB
669 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1303732688&pi=t.aa~a.3498274842~rp.4&w=750&lmt=1641339883&nsk=e29f4be3&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jQrtsVpGIz&p=https%3A//www.tweakschanges.com&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:16:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D3DD 6 KB
669 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&text=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:13:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D3DD 32 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/m_js_controller_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23375fd2e0c63e3d79d1e26c31e908a63310221ff8c10e5b7bafb71ae478f555

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:16:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13177
x-xss-protection: 0
server: cafe
etag: 14559802278604478720
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:16:47 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame D3DD 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:41:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D3DD 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1097
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:26:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D3DD 119 KB
36 KB 37ms
22ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D3DD 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:39:14 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6899358199605426286/ Frame D3DD 9 KB
9 KB 45ms
45ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6899358199605426286/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIlQEQlQEYASABLQAAAD8wlQE4lQFFAACAPw&rs=AOga4qkH16nLXgXu7BS6ssGFWR37cwR0nw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a86c19bf1d1f4362961ec25ce27640e4b43b4be135005f560724bc936db75bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9381
x-xss-protection: 0
last-modified: Sun, 15 Aug 2021 22:11:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 04 Jan 2023 23:44:44 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D3DD 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ClVVa7NvUYe32FY3s3wOA07vICpzb9rxn_o6w34UPsJAfEAEgj8iWHmCV-puCrAegAaH81NoDyAEGqAMByAPLBKoE1wFP0ITZaB4Xvoe7pYh6oSs6sdbj18ONquPt_6yADsgDBIjQ32vmq5MHfxmbDplKuzdhYKux_jTTnkKN_WPqobpsYajsT6T7G85jYGEwZZUK2lMzltWClnr9adUCfhpfu1UUnjDeWt63o7tA5kbKu6OvT2M_NTassYcXBYUhSNVMOXsSiMOqaGrGLWvkQfd0HgGZKBAltxQIHsz9mMbg9wmOjBU8ltquwsxOslN49kzJxDEkPgiqkliyuWG7LN8y1dnFt65yFo_1JggTPR0VbiOr0bLUbwujq8AEqJ2vg-YDkgUECAQYAZIFBAgFGASgBjeAB8eDqyWoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCbgDrSCAkIgOGAcBABGB-ACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItNzg1MzYxMzM5NDYwMTY0MhgA&sigh=xchDHP6EOF0&uach_m=[UACH]&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1303732688&pi=t.aa~a.3498274842~rp.4&w=750&lmt=1641339883&nsk=e29f4be3&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jQrtsVpGIz&p=https%3A//www.tweakschanges.com&dtd=24
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 04 Jan 2022 23:44:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 48D6 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1303732688&pi=t.aa~a.3498274842~rp.4&w=750&lmt=1641339883&nsk=e29f4be3&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=jQrtsVpGIz&p=https%3A//www.tweakschanges.com&dtd=24

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 04 Jan 2022 23:02:26 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame D3DD 16 KB
16 KB 25ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 583886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 05:33:18 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame D3DD 15 KB
15 KB 26ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 597038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 01:54:06 GMT

GET
DATA 200
OK truncated
/ Frame D3DD 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eba58911436346b738be306cc9eac4be3b090b1b55306ef12e05ec57dec63e2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame B97A 6 KB
670 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3088186576&adf=3476139620&pi=t.aa~a.1754647604~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280&nras=3&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2693&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AZPWjf1Uya&p=https%3A//www.tweakschanges.com&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:11:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame B97A 1 KB
880 B 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:28:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:28:25 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame B97A 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:41:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame B97A 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1097
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:26:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B97A 119 KB
36 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jan 2022 23:44:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame B97A 15 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:39:14 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame B97A 27 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Apr 2022 22:16:39 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14064462811705544626/ Frame B97A 34 KB
34 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14064462811705544626/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa456d055ff829255df5f3a1a17b8de1b0da08ad11e784d27adacb479ca047d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 04:25:20 GMT
x-content-type-options: nosniff
age: 587964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34495
x-xss-protection: 0
last-modified: Wed, 23 Jan 2019 22:50:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Dec 2022 04:25:20 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B97A 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz-DB7NvUYauzFbeDjuwPob-ouA6ezKPEZ9KQmej5CI3Gpsj9ERABII_Ilh5glfqbgqwHoAHdzLjvA8gBCakCf0-26Wnwsj6oAwHIA8sEqgTZAU_QxHF1-snNrfJSNuK9tYMp19D6SKnaR_Qmc6PQPwWLY36iuOPl07AzvtTCByRlHzMbVGOc77XQon4OOnXcmWogxbIjxbqRf2dnNu9ytbiZlyPn4JWfi_GTuMzAu9Y0cz_pkHxm1X6xeNJFi-7sgkmGg3CLA8L2Lp96Y47WdpRuwusLM60qdeCzcnLaILpJlaH_048ZQLdQHGB-B29X7-tvv33bOe-N_4JchFfk9U9AM4_ROdBJrLp3fCPgKfPvQtbEJdPScxi67KHJHsFJsDusUKWtoWxJfLbABMyr34n7AZIFBAgEGAGSBQQIBRgEoAYugAeLs8cQqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQvtwN0ggJCIDhgHAQARgfgAoByAsB2BMNiBQB0BUBgBcBshccChoIABIUcHViLTc4NTM2MTMzOTQ2MDE2NDIYAA&sigh=sLFTAovvE04&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3088186576&adf=3476139620&pi=t.aa~a.1754647604~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280&nras=3&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2693&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=AZPWjf1Uya&p=https%3A//www.tweakschanges.com&dtd=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 04 Jan 2022 23:44:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 48D6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

38ms
38ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 Jan 2022 23:44:44 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 Jan 2022 23:44:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame AFDF 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16245
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
DATA 200
OK truncated
/ Frame B97A 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8551d29413d1eb5d00cb919d4dc727a1d3a53843db4cdb1c50456bb9551f6a6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B97A 15 KB
15 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 13009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Jan 2023 20:07:55 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B97A 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 11:22:37 GMT
x-content-type-options: nosniff
age: 562927
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 11:22:37 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B97A 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 597038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 01:54:06 GMT

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame D7DC 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5174 6 KB
669 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:15:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5174 6 KB
669 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&text=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:20:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5174 32 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23375fd2e0c63e3d79d1e26c31e908a63310221ff8c10e5b7bafb71ae478f555

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:16:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13177
x-xss-protection: 0
server: cafe
etag: 14559802278604478720
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:16:47 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 5174 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:41:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5174 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1098
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:26:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5174 119 KB
36 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5174 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:39:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5174 0
0 16ms
15ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTueiN7aobseKV0tXn-XJG0Xgdi8W1sNYd1Pmiqf2C_Xqvmzdje_scxi0TtMoJ4-nKngWtU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17820512142089989348/ Frame 5174 4 KB
4 KB 54ms
54ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17820512142089989348/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIlQEQlQEYASABLQAAAD8wlQE4lQFFAACAPw&rs=AOga4qnYlFfNpO7qKYrMzpXYoSQR_kwc8g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

564c08699d786cef8e49a705d659b839be1a39dac7600909e40b78ddb772c298

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:45 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4244
x-xss-protection: 0
last-modified: Sun, 15 Aug 2021 22:11:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 04 Jan 2023 23:44:45 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5174 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6MSo7NvUYdLzFcaKjuwP-NGc4A-c2_a8Z_6OsN-FD7CQHxABII_Ilh5glfqbgqwHoAGh_NTaA8gBBqgDAcgDywSqBNcBT9DQohHWe_WYia6IGmphjhzw4F_2BQgASi1o1x31z2zFpZt_wZZJd-pgEsMzzlhy6gxfGtRcT8YX1eAkU5xLuaNvBaD8sN4dDrIDyVWiODHmuVMEfrc6caJJbEAKCXazXzXP2zrfWp-DgNmaecZNYhrThML348aQqnmYVaUFzJpr0NuCHNICHsrb6M4hGqdJsmZYe2pXjQfALxE1UC1Io9WOE-GNZByzCzwVucVbbuVt-VLJPn6mA3_ljrvlFlHq8LlXQUq4u4w8gTAAW8Hs0LsZHXnXou3ABKidr4PmA5IFBAgEGAGSBQQIBRgEoAY3gAfHg6slqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ4vgX0ggJCIDhgHAQARgfgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc4NTM2MTMzOTQ2MDE2NDIYAA&sigh=pPzrr_PCPW8&uach_m=[UACH]&template_id=492

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 04 Jan 2022 23:44:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B4F 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 04 Jan 2022 23:02:26 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2539
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5174 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b9e81f437c8ba1adb65d7113e5d01f59864e9816a1fbab0013b72fc8542045ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5174 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 05:33:18 GMT
x-content-type-options: nosniff
age: 583887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 05:33:18 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5174 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 597039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 01:54:06 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 889C 3 KB
579 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.2771321384~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=3&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0&nras=2&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2363&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l8pckOiGMG&p=https%3A//www.tweakschanges.com&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 22:12:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 04 Jan 2022 23:44:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 889C 1 KB
880 B 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:28:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 980
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:28:25 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 889C 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:41:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:41:40 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 889C 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1098
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:26:27 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 889C 119 KB
36 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 889C 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jan 2022 23:39:14 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame 889C 27 KB
11 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 03 Jan 2022 22:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 03 Apr 2022 22:16:39 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5945949906696083297/ Frame 889C 11 KB
11 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5945949906696083297/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7abcab931d6244c2e4f50fac508b82269bf9fc9648d6794330613ffd876c457e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 31 Dec 2021 07:24:37 GMT
x-content-type-options: nosniff
age: 404408
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11098
x-xss-protection: 0
last-modified: Wed, 17 Mar 2021 14:54:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 31 Dec 2022 07:24:37 GMT

GET
DATA 200
OK truncated
/ Frame 889C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 889C 0
0 54ms
53ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZWNM7NvUYc6cFc_k3wOy2p-gC8OftM5lzJ7Dn7gN2tkeEAEgj8iWHmCV-puCrAegAcnQ_9gByAEJqAMByAPLBKoE3QFP0KWTp7V61IlP5f9TvinT8D6TkJlO5gXZLLR-0IstcP7vsC5jQCQ9yCs_wPN0YCYwpu2hH2tHrPim1UnV3wmv66UstCS-In9XIRX-YLMvmWM4kJSRC4WZzwcroQzWakUQir-_gpFxzBScXdkAqGi-xPCSLbPKs0SfxvWkRJsuFqeFzZVYWu_PsAop9Nrhhh-xOR6w7VOHTummJS4VmZGvXWm9Wfm1gRGk3sQMqzLONgdmKB5WB8d8nv8t6jflx7lAfvT3utzqprV_kKG0RbYke_PAR3iPB4tnHRkKhsAE0_rdtcoDkgUECAQYAZIFBAgFGASgBi6AB5-vgKcCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ98wM0ggJCIDhgHAQARgfgAoByAsBuBOIJ9gTDYgUBdAVAZgWAYAXAbIXHAoaCAASFHB1Yi03ODUzNjEzMzk0NjAxNjQyGAA&sigh=ZwDU-Nxbt54&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=280&adk=3809598800&adf=54630664&pi=t.aa~a.2771321384~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1641339883&rafmt=1&to=qs&pwprc=7902131900&psa=0&format=1200x280&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=3&bdt=2099&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0&nras=2&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2363&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l8pckOiGMG&p=https%3A//www.tweakschanges.com&dtd=14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 04 Jan 2022 23:44:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B4F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

37ms
37ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 Jan 2022 23:44:45 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 04 Jan 2022 23:44:45 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 04 Jan 2022 23:44:45 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame 3047 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7853613394601642&output=html&h=146&adk=2013927646&adf=1640785077&pi=t.aa~a.3498276904~rp.4&w=750&lmt=1641339883&nsk=d1e0dc89&rafmt=11&pwprc=7902131900&psa=0&ad_type=text_image&format=750x146&url=https%3A%2F%2Fwww.tweakschanges.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1641339883649&bpp=1&bdt=2098&idt=0&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2e85df126ce14739-22f437a015cd0033%3AT%3D1641339883%3ART%3D1641339883%3AS%3DALNI_MbyAuLsxFEPndK91kr_cffARGSDjg&prev_fmts=0x0%2C1200x280%2C1200x280%2C750x146&nras=5&correlator=2627453327289&frm=20&pv=1&ga_vid=1742053608.1641339882&ga_sid=1641339882&ga_hid=945924345&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1725&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21065724&oid=2&pvsid=3575920752213873&pem=594&tmod=984&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=JMErvGLiFE&p=https%3A//www.tweakschanges.com&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
DATA 200
OK truncated
/ Frame 889C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b4c150ee378284c0b403036d4acfc784b9ec7834b1f100c68de0a82b2747ae9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 889C 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 10:56:24 GMT
x-content-type-options: nosniff
age: 46101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Jan 2023 10:56:24 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 889C 21 KB
21 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 20:07:29 GMT
x-content-type-options: nosniff
age: 13036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 04 Jan 2023 20:07:29 GMT

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame A3C1 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 38ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

703512f193db6215893cf1363ccb501c0a2a4039444a4081f6c256c511dc7d32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 04 Jan 2022 23:44:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8479
x-xss-protection: 0

GET
H3

200

/
www.facebook.com/login/ Frame 7977
Redirect Chain

https://www.facebook.com/v2.3/plugins/page.php?adapt_container_width=true&app_id=778175558901792&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfdd4...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D778175558901792%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook....

0
0

129ms
120ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D778175558901792%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfdd42437f78c4%2526domain%253Dwww.tweakschanges.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252Ff3708270a2869f8%2526relation%253Dparent.parent%26container_width%3D320%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftweakschanges%252F%26locale%3Den_GB%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js?hash=86b12a5919a739234439c2b9f9acd72c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* attachment.fbsbx.com blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: hJNuSuwlmMAk1w1aBa2Kw6DTx9fgYq3tBdAjZupllm4csF61cq9kIsq5UnVeQmUczGG52KsxIgf0lz7NOLVbjQ==
date: Tue, 04 Jan 2022 23:44:46 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D778175558901792%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Dfdd42437f78c4%2526domain%253Dwww.tweakschanges.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.tweakschanges.com%25252Ff3708270a2869f8%2526relation%253Dparent.parent%26container_width%3D320%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Ftweakschanges%252F%26locale%3Den_GB%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: KioFDcQG7ovXTJhmC6ZBfUPB4WjxzDmePCngYGoLEqo42Fe1ZJH4Q7oX174O0mui1gFFGNgxhlu/Io28NQy6eg==
content-length: 0
date: Tue, 04 Jan 2022 23:44:46 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Tue, 04 Jan 2022 23:44:45 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E442 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Tue, 04 Jan 2022 22:14:57 GMT
expires: Wed, 04 Jan 2023 22:14:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5389
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 35B0 783 B
534 B 16ms
15ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

52cb1030295f4739b592d97b756036726e41358610ae7a2e16b076c65ecd03d6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9XBt8EKN3C+drELmv1Zkeg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 04 Jan 2022 23:44:46 GMT
date: Tue, 04 Jan 2022 23:44:46 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-9XBt8EKN3C+drELmv1Zkeg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js Show response
pagead2.googlesyndication.com/bg/ Frame E442 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f8gou5y2Dfq0zn72-W9hYw99gWviw2ua4IRi-orcC78.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 19:13:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13559
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Jan 2023 19:13:59 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 35B0 0
0 47ms
47ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=3575920752213873&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=3575920752213873&bg=!2Nul25_NAAZKWFskSlg7ACkAdvg8WsY-zNzbI9qlPn96yN2-XvFx8xgUC-m8aQUQLJzueS_ZUA9pTwIAAABGUgAAAApoAQeZAt74jO5hEmhqG6zS0A8ZDeRYTZfn0dn5wd-PpkVUZpaAvoNJcfuv64uI5kIGPpGpCLsjv7s4fVkodekrlhmUF1RnXwhD1UjrGIpuPETB0f5RmK8w8gw9ftbDhRLk-IjI3VyPmOt0zZtsb8drT9DPVYCoojgYEWzwvdt6yv-zi9LzeM8owBKLgYwHCoRAq4jfPlHKRkKjNH3VOkBAIOrp3nwzpipTVpTFxuzhMkIZ4jgP1R3TofEYvLoyq2vEF5QUBWawggP6eyEPxSvpwRuE4kSuznUDzRePEHh1CVtLnnOiOngvpvw52FVhjOT5Jqe3gqtYK6a0DzXucW6Ep2gyMx6TBiT_7WeuoN0pzdu-yLusZ7-f2jHyWjm0dqX05578tf3nn6turoIQcW4vdxJ_264lbmuOIjfzULCt0ZLYYEKGG-p6g2DjfDs3RrGg-WQHETbaWYDqiYGJlyBdSOW4l5BEehk60-TrNSgb6pql8DllPQdhufQl9-OEskMcn1q_-im1Rx0Rb4bPnimGhj32ooTufZ8EW-4ylWrQUoXr8mC1l0CF4tmusUcuCl0OrXZiHJpJfayBe6ivobxFahXU2323Zev-KSpSdIbM9RQn6W3E2B90h3Jnzk8Xs3f6o1jbM7-FJvoPUVi6gtRXMfrV4IrGyIO-T_VBfAOrYUUmGF3UfZNEenAePyQhsg725dAM1_WSjoH1k3uVoeglTpwnDdg1Opq67kj8rHdY21ykoOX0go4HaFNTVk3VtKyMNSjjta_CF2YuLSOSA-Xw4t8gBc4hpJHz4NAxJKwVWkiqPUZ8Wy7Ns8Wfjr6Zh37uSitbOt1w34xBVGZcsV_S2mpzUKJb00kJpklQlefu7riQ8R3gs-Ug0K2taZsX0qru1BSS9MvwhjkcvOykI2GhUZBuzkCqSwidPamQyRiR_MFyKTNefLO2xoMJIRe6PptTqJxWeYHJ6r1R7bL_N2E__jhcnQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.tweakschanges.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 04 Jan 2022 23:44:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tweakschanges.com/	1970-01-20 17:26:51	Name: _ga Value: GA1.2.1742053608.1641339882
.tweakschanges.com/	1970-01-19 23:57:06	Name: _gid Value: GA1.2.589788852.1641339882
.tweakschanges.com/	1970-01-19 23:55:39	Name: _gat Value: 1
.tweakschanges.com/	1970-01-20 09:17:15	Name: __gads Value: ID=2e85df126ce14739-22f437a015cd0033:T=1641339883:RT=1641339883:S=ALNI_MbyAuLsxFEPndK91kr_cffARGSDjg
www.tweakschanges.com/	1969-12-31 23:59:59	Name: logglytrackingsession Value: 4ebd3758-c5d7-48ff-a108-3490ed052dee
.infolinks.com/	1970-01-20 17:26:51	Name: cuid Value: d931001f-75ae-4506-a502-a90ccb722d1a
.casalemedia.com/	1970-01-20 08:41:15	Name: CMID Value: YdTb6zOjzoWNHv3htQseZQAA
.casalemedia.com/	1970-01-20 02:05:15	Name: CMPS Value: 5221
.adnxs.com/	1970-01-20 02:05:15	Name: uuid2 Value: 9038970066739705690
.casalemedia.com/	1970-01-20 02:05:15	Name: CMPRO Value: 1195
.casalemedia.com/	1970-01-19 23:57:06	Name: CMST Value: YdTb62HU2+sA
.pubmatic.com/	1970-01-19 23:57:06	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 02:05:15	Name: SyncRTB3 Value: 1642464000%3A220
.pubmatic.com/	1970-01-20 02:05:15	Name: KADUSERCOOKIE Value: 2EF94C15-7D16-476C-AD98-5E06FD47F24E
.360yield.com/	1970-01-20 02:05:15	Name: tuuid Value: f799e2cf-9c8d-496c-857c-dcede314ed0c
.360yield.com/	1970-01-20 02:05:15	Name: tuuid_lu Value: 1641339883
.doubleclick.net/	1970-01-20 09:17:15	Name: IDE Value: AHWqTUlPmYAFxsDjTOEq5Pig5mgDBMiZtQhs1nGNgFuTABH7vBacTdGIa1IgwKNF_gY
.adsrvr.org/	1970-01-20 08:41:15	Name: TDID Value: 54eae20f-efd9-4932-9edf-f14ee3cc639b
.infolinks.com/	1970-01-19 23:57:06	Name: IXUSERCOOKIE Value: YdTb6zOjzoWNHv3htQseZQAA&1195
.adsrvr.org/	1970-01-20 08:41:15	Name: TDCPM Value: CAEYBSABKAIyCwjIrMqg3fmnOhAFOAE.
.cpx.to/	1970-01-20 08:41:15	Name: cpSess Value: 161202c63549789
.cpx.to/	1970-01-20 08:41:15	Name: dsp_app_nexus Value: 9038970066739705690#1641339883716
.everesttech.net/	1970-01-20 08:41:15	Name: everest_g_v2 Value: g_surferid~YdTb6wADJlRqDwAF
.yahoo.com/	1970-01-20 08:41:37	Name: A3 Value: d=AQABBOvb1GECEFToJMoGTVc6Ej846GRpuHgFEgEBAQEt1mHeYQAAAAAA_eMAAA&S=AQAAAmIl7ULAojucYl5fSEZ2J_8
.1rx.io/	1970-01-20 08:41:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003%22%7D
.casalemedia.com/	1970-01-20 08:41:15	Name: CMRUM3 Value: f161d4dbeb05a0&5861d4dbeb2760YdTb6wADJlRqDwAF&4061d4dbeb2760no-consent&2761d4dbeb0b40&e661d4dbeb2760&c461d4dbeb05a0&2d61d4dbeb05a0&3361d4dbeb05a0
.advertising.com/	1970-01-20 08:42:42	Name: APID Value: UP4ac706e2-6db8-11ec-9f15-022c60069800
.analytics.yahoo.com/	1970-01-20 08:42:42	Name: IDSYNC Value: "192u~22hb:18xp~22hb"
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UP4ac706e2-6db8-11ec-9f15-022c60069800
.yahoo.com/	1970-01-19 23:57:06	Name: APIDTS Value: 1641339883
.pubmatic.com/	1970-01-20 02:05:15	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 23:57:06	Name: pi Value: 156872:3
.pubmatic.com/	1970-01-20 02:05:15	Name: chkChromeAb67Sec Value: 3
.infolinks.com/	1970-01-20 02:05:15	Name: ANUSERCOOKIE Value: f799e2cf-9c8d-496c-857c-dcede314ed0c
.infolinks.com/	1970-01-19 23:57:06	Name: VRUSERCOOKIE Value: y-vQY8o6ZE2uEuNuItb9hB3iiDTjsdLPGG4NYuTOc-~A
.infolinks.com/	1970-01-19 23:57:06	Name: OUTHUSERCOOKIE Value: y-4npRFzRE2uHItL9.41YtgeEs8TPWN39q~A~UP4ac706e2-6db8-11ec-9f15-022c60069800
.targeting.unrulymedia.com/	1970-01-20 08:41:15	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003%22%7D
.lijit.com/	1970-01-20 08:41:15	Name: ljt_reader Value: d21b8fd49e91ff31f819317e
.rfihub.com/	1970-01-20 09:17:15	Name: eud Value: H4sIAAAAAAAAAFslzmtoZmJobGxpYWFiYGYJALxcbNAQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjI0MTEwNTY1sBDiM9QtNShNdI4qSdYNzjIEAAJuyA0lAAAA
.rfihub.com/	1970-01-20 09:17:15	Name: rud Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjI0MTEwNTY1sBDiM9QtNShNdI4qSdYNzjKU4jU0MzE0Nra0sDAxMLMEAKBH8J40AAAA
.infolinks.com/	1970-01-19 23:57:06	Name: R1USERCOOKIE Value: RX-f60c5ad4-00cd-4c1e-b3a5-18c56402c26a-003
.infolinks.com/	1970-01-19 23:57:06	Name: PUBMUSERCOOKIE Value: 2EF94C15-7D16-476C-AD98-5E06FD47F24E
.infolinks.com/	1970-01-19 23:57:06	Name: KADUSERCOOKIE Value: 2EF94C15-7D16-476C-AD98-5E06FD47F24E~1641339970521
.infolinks.com/	1970-01-19 23:57:06	Name: ZTUSERCOOKIE Value: 5108559722144053508
.tweakschanges.com/	1970-01-20 08:41:15	Name: fc Value: %7B%22NDI0fmFwaS5hcHB0YXAuY29t%22%3A%221%3A1641339883686%22%7D
.tweakschanges.com/	1970-01-20 08:41:15	Name: pv Value: %7B%22d%22%3A%221%3A1641339883687%22%7D
.infolinks.com/	1970-01-19 23:57:06	Name: SOVRNUSERCOOKIE Value: d21b8fd49e91ff31f819317e
.infolinks.com/	1970-01-19 23:56:09	Name: tv Value: \|NDI0fmFwaS5hcHB0YXAuY29t~1
.doubleclick.net/	1970-01-19 23:55:43	Name: DSID Value: NO_DATA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
adservice.google.com
adservice.google.de
ap.lijit.com
b1sync.zemanta.com
cm.g.doubleclick.net
connect.facebook.net
cydia.saurik.com
de.tynt.com
dsp.adkernel.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gu.dyntrk.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
match.adsrvr.org
match.bnmla.com
node228.impressionssl.adshop.infolinks.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.advertising.com
platform.twitter.com
resources.infolinks.com
router.infolinks.com
rt3056.infolinks.com
s.amazon-adsystem.com
s.cpx.to
ssc-cms.33across.com
ssum-sec.casalemedia.com
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
syndication.twitter.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.tweakschanges.com
x.bidswitch.net
104.244.42.136
135.125.160.160
142.250.186.66
15.197.193.217
151.101.130.49
163.171.128.148
172.217.16.130
172.66.41.9
174.137.133.49
178.162.133.149
185.64.190.79
185.64.190.80
193.0.160.128
198.47.127.20
199.212.255.245
2.21.141.232
209.126.98.163
209.54.177.54
213.19.147.44
216.52.2.30
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.120.57.143
3.126.56.137
34.248.198.194
34.254.209.189
35.244.159.8
37.252.172.36
38.27.122.158
51.89.9.251
52.57.25.105
66.155.71.149
67.202.105.24
67.202.105.31
70.42.32.95
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10000e50858213f4e33be0c6e50ffac69e77fe180e9aa08d4aa241273506bb91
143e7e770f65cf3caba18e5fbaf7fdfe777342a969be2b433835d98f0c0cabbd
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
16da101757c67ceae14f5bdd63f157c6e8a2cf4259d80072490cc204e3e1bea5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
1a16bec6c2ae872bc878992544f3b03b6b4af19547d01a758a25139691a14b1f
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb
23375fd2e0c63e3d79d1e26c31e908a63310221ff8c10e5b7bafb71ae478f555
295409307a58f3d19608932eac3c022cff1cacc8671dd26b5614a28f7e25e0b0
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2ddefcdc9f260c5ffeb93fed110fe9d929028226f9a2d8a4934ea52b546e9640
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473
3fa456d055ff829255df5f3a1a17b8de1b0da08ad11e784d27adacb479ca047d
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
45a070473f1aa1d15aa41ff8e3b27b733e5e54d0fd50ccfe912ab15712807827
4a86c19bf1d1f4362961ec25ce27640e4b43b4be135005f560724bc936db75bb
4b4c150ee378284c0b403036d4acfc784b9ec7834b1f100c68de0a82b2747ae9
4b817700ba0db45da21a12ccd48134663e88290465fc9c7e0f30ff0ec6f4b559
4c22596c78011b0cd3af3a95c9de51688e59653d093cb0895b2557611da20930
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
52cb1030295f4739b592d97b756036726e41358610ae7a2e16b076c65ecd03d6
5462a40dcca1ac8cdc6073d7e2d9dbd7a85653aa8f3b7fed3e5b74a23c04ae50
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
564c08699d786cef8e49a705d659b839be1a39dac7600909e40b78ddb772c298
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
614e75cdd2cd0d539d8ce32c95e50ab0f6fe52ea5664bb7556688abae5cc8b5b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
6ff124b34a23a43a24f081af1684dda2899c72cc881d56bb378f8cf27cc34c2b
703512f193db6215893cf1363ccb501c0a2a4039444a4081f6c256c511dc7d32
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
7abcab931d6244c2e4f50fac508b82269bf9fc9648d6794330613ffd876c457e
7fc828bb9cb60dfab4ce7ef6f96f61630f7d816be2c36b9ae08462fa8adc0bbf
8551d29413d1eb5d00cb919d4dc727a1d3a53843db4cdb1c50456bb9551f6a6f
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88293fc9cd99c5e2952c6a91a7e5ade2e5f3f75b54ab363b3ca07b6a627a019e
8966f69ca34f4a36d84479c907850349fdd81c18934f7d1d2517101ce16c0281
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91faa9ab61d4c8ea63c3aab7094b3e2a18fa94475c2c9a484317a522d54bd0a1
9453b7a89481212126ee982b2501db1ba673a33064045521dedfe030d562cf9e
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46
9fdca495293c1474f3a74dbb3b469c838137019ec132a45030940d8c88f3f60b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a67b650bfe7b2da8f5232933efb9c8c1c3b161e4620a9e818086441f6d69abd4
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b9e81f437c8ba1adb65d7113e5d01f59864e9816a1fbab0013b72fc8542045ea
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
be0d47110b6ef3e7efa5a47c9d3665bc955046da0073c074b93c1e4a3553eb55
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c5ddb995fe37710a4be439e4e3f45016cd7b7ecfa3423a29e4f4f4dcce63efff
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
ca35b932f51f2e89016d40c53241db329f1b7c29381d53d69e0eeec5baf40a27
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d94bac38691c9f17500412df310412c391ef4bfe68a4b27abce05c4879af0d57
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
db2ddc8c94dc722b334aee513564e7d1a8cd67af1a995db84b44dd67fa68c8df
ded2dba8c1e83920a5eea2317c3b8a555b2f26c5499f3a243160c7976d15b532
e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e206bce8218b9edcadab09b67baaaf452a492e3ce6187e806ab18dc714f0d587
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b8ee13d35110d7006bc5c5147ee0a0c6c3e1f26b2f246b8d5e57edf4f6b97b
e5e5beb43540c8fb507a97589bce63ca6f84ec5601621ee055b690cb65cc15ff
eba58911436346b738be306cc9eac4be3b090b1b55306ef12e05ec57dec63e2c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d14eeddafdc5b95c87fa40a3b4b4da9e625f4b26bba02d145f60ea6c99bcd3
f5844d119b0d7d2d0f427bb92c5e16959b51f66509c63bf2f44a4795d7886537
fa09c0b087990cb648cb910b443ba6953ea096770db3b3617cd2a946c4b071a6
fa459a94616984ec586a505dda19782dadab47693c6e7d5160b8cc510f9610a3
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

www.tweakschanges.com Open in urlscan Pro 209.126.98.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

165 Requests

90 %HTTPS

28 %IPv6

40 Domains

51 Subdomains

32 IPs

7 Countries

2511 kBTransfer

5160 kBSize

50 Cookies

4 Outgoing links

Page URL History

Redirected requests

165 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tweakschanges.com Open in urlscan Pro
209.126.98.163 Public Scan

Screenshot
Live screenshot

Full Image

165
Requests

90 %
HTTPS

28 %
IPv6

40
Domains

51
Subdomains

32
IPs

7
Countries

2511 kB
Transfer

5160 kB
Size

50
Cookies

165 HTTP transactions
7 data transactions