bontontv.com Open in urlscan Pro
185.62.73.31 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bontontv.com/
Submission: On November 16 via api (November 16th 2023, 3:32:26 pm UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 25 domains to perform 146 HTTP transactions. The main IP is 185.62.73.31, located in Zagreb, Croatia and belongs to SETCOR, HR. The main domain is bontontv.com.

This is the only time bontontv.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	185.62.73.31 185.62.73.31	61211 (SETCOR) (SETCOR)
4	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
6 6	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
9	146.75.116.193 146.75.116.193	54113 (FASTLY) (FASTLY)
2	2a04:4e42:8d::84 2a04:4e42:8d::84	54113 (FASTLY) (FASTLY)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1 10	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6 8	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.192.84 151.101.192.84	54113 (FASTLY) (FASTLY)
2	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
8	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
3	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
3 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
3	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	2.23.68.89 2.23.68.89	16625 (AKAMAI-AS) (AKAMAI-AS)
1	85.10.231.200 85.10.231.200	24940 (HETZNER-AS) (HETZNER-AS)
1	13.42.237.35 13.42.237.35	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	18.132.19.32 18.132.19.32	16509 (AMAZON-02) (AMAZON-02)
146	39

21 185.62.73.31 (Zagreb, Croatia)

ASN61211 (SETCOR, HR)
PTR: cp010.mydataknox.com

bontontv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::200e (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

docs.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

doc-14-58-docs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
doc-0c-58-docs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

doc-0g-58-docs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
doc-08-58-docs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 146.75.116.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:8d::84 (United States)

ASN54113 (FASTLY, US)

assets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.16.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.85 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.192.84 (United States)

ASN54113 (FASTLY, US)

log.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.63.145 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.150 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 3 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.23.68.89 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-68-89.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.10.231.200 (Fellbach, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 85-10-231-200.clients.your-server.de

www.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.42.237.35 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-42-237-35.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.132.19.32 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-19-32.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	431 KB
22	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 325135	106 KB
21	bontontv.com bontontv.com	65 KB
15	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal90008.redintelligence.net — Cisco Umbrella Rank: 263856 hal900026.redintelligence.net — Cisco Umbrella Rank: 209913	107 KB
9	imgur.com i.imgur.com — Cisco Umbrella Rank: 7022	174 KB
8	google.com 6 redirects docs.google.com — Cisco Umbrella Rank: 125 adservice.google.com — Cisco Umbrella Rank: 105 www.google.com — Cisco Umbrella Rank: 2	4 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	4 KB
6	googleusercontent.com doc-14-58-docs.googleusercontent.com — Cisco Umbrella Rank: 619492 doc-0g-58-docs.googleusercontent.com — Cisco Umbrella Rank: 662274 doc-08-58-docs.googleusercontent.com — Cisco Umbrella Rank: 593573 doc-0c-58-docs.googleusercontent.com — Cisco Umbrella Rank: 598508	2 MB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
4	media01.eu pb.media01.eu — Cisco Umbrella Rank: 74479 www.media01.eu — Cisco Umbrella Rank: 866153	2 KB
4	medialead.de 3 redirects pv.medialead.de — Cisco Umbrella Rank: 44040	3 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	298 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	19 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	192 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
3	pinterest.com assets.pinterest.com — Cisco Umbrella Rank: 3321 log.pinterest.com — Cisco Umbrella Rank: 4488	19 KB
2	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 18131	1 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 150278	6 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	gstatic.com www.gstatic.com fonts.gstatic.com	49 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	437 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	923 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 313699	401 B
146	25

	Domain	Requested by
23	pagead2.googlesyndication.com	bontontv.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
21	bontontv.com	bontontv.com
17	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
10	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
9	i.imgur.com	bontontv.com
8	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900026.redintelligence.net hal90008.redintelligence.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	docs.google.com	6 redirects
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	pv.medialead.de	3 redirects hal90008.redintelligence.net
4	hal90008.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90008.redintelligence.net
4	www.googletagmanager.com	bontontv.com www.googletagmanager.com adv.office-partner.de
3	pb.media01.eu	hal90008.redintelligence.net googleads.g.doubleclick.net hal900026.redintelligence.net
3	hal900026.redintelligence.net	hal9000.redintelligence.net hal900026.redintelligence.net
3	fonts.googleapis.com	googleads.g.doubleclick.net hal900026.redintelligence.net hal90008.redintelligence.net
3	www.googletagservices.com	googleads.g.doubleclick.net
2	api.webgains.io	analytics.webgains.io
2	8019191.fls.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.awin1.com	1 redirects googleads.g.doubleclick.net
2	cdn.retailads.net	1 redirects futalis.de
2	www.googleadservices.com	bontontv.com
2	ad.doubleclick.net	googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	assets.pinterest.com	bontontv.com assets.pinterest.com
2	doc-0g-58-docs.googleusercontent.com	bontontv.com
2	doc-14-58-docs.googleusercontent.com	bontontv.com
1	www.google.com	tpc.googlesyndication.com
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	adservice.google.com	8019191.fls.doubleclick.net
1	track.webgains.com	googleads.g.doubleclick.net
1	www.media01.eu	hal900026.redintelligence.net
1	adv.office-partner.de	hal90008.redintelligence.net
1	futalis.de	hal90008.redintelligence.net
1	fonts.gstatic.com	fonts.googleapis.com
1	log.pinterest.com	bontontv.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	doc-0c-58-docs.googleusercontent.com	bontontv.com
1	doc-08-58-docs.googleusercontent.com	bontontv.com
146	41

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
lopudska-sirotica.wixsite.com
poglednaprijed.wixsite.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.futalis.de R3	`2023-10-13` - `2024-01-11`	3 months	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
pv.medialead.de R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 21 frames:

Primary Page: http://bontontv.com/
Frame ID: 00075C57294E770161DC67FD6158B2F0
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: A98AE1A4F41DFBA03B9DB534FC8B011E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&adk=1812271804&adf=3025194257&lmt=1555257909&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x945_l%7C356x945_r&format=0x0&url=http%3A%2F%2Fbontontv.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&aslcwct=1&asacwct=1&dt=1700148739310&bpp=3&bdt=176&idt=279&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=881158549952&frm=20&pv=2&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=309
Frame ID: C9A62E81589ACC7A90E7E0A1BDAE2F82
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Frame ID: 069A0A2F5C44880EBDFB31F46824C7E3
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324
Frame ID: C4712729707FF306FD2936C17C2B158A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329
Frame ID: E7595E049E49DF83CBFF21278FE1B625
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXs93wn_XCoEabMF4S7vAVuHUeLMc-GYnDe6a1I-vpEC6ioYiH4IuDT1OnGQ99kUtUx9ww52A23DIPeQTajLIMRiOiMTeVvMyUtm8ZxgN1pcSvsD6hwwqS7ou3DZgEa0er8JfL-FUj2CsPEXkzIJN4tQBlcXgR9tLlQ9U9kM_zW5q_ug_o
Frame ID: F40A73902A33B3AA06EEDBEDAE282C0E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW_X2l1sY-VKpIGUrm_eE2Szn0xwJZ7DEVA6mrLbBNs8d3Ul92l-0c7xVpBGnQvhxs6KruREd40NbxVTrzoDwHlvLQxgMBIf2YjJvhS72dT5oub1sB0r6plRJleMLbdNwmXAzxeHe-tW65mLqYlwLxRpMoynIvttpxG2Ui-pqqgV5UbPUY
Frame ID: 61B348D9E82EE276A0EAD62EE8AB37C3
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 86DD4CF2CEE36797EF8BC6F7867A59AD
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Frame ID: 352001D1D4E930BB759690DA877DE370
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 0B6B30A7CE91D91440B6420C0EAFDFEB
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243
Frame ID: 1F6DC1B8726AC78A681317C4C4E3B272
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 9DFFE1BBB43D78662961830E04E27008
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 0FB1252289CF4C2A043F92A2FFB15FF8
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6556360597345f2ebea2f67f&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
Frame ID: 2235A06B960F9C41F2E06753A6D9B9A3
Requests: 1 HTTP requests in this frame

Frame: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700148741_55491330-8495-11ee-92fe-22394270969d&dt_mode=iframe&dt_url=
Frame ID: 7B2DF913989C0B3D58451FC659D34EC5
Requests: 1 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Frame ID: 783B37EDA54D8DE843064681F25903C4
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303
Frame ID: 041B0BDEA931B43596DD1B7CF7744C66
Requests: 2 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Frame ID: DD415D7F17C0105BFA250B8D28922857
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5B23D260898E335A0ABA7AB97B64C38B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 80516BCD4676160FE0CF256A5C52EE8B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BonTon TV - Zabavni portal za djecu - Igrice za djecu, pjesme i pjesmice za djecu, priče i bajke, basne, crtići, bojanke, slikovnice

Detected technologies

RightJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

right\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Pinterest (Widgets) Expand

Overall confidence: 100%
Detected patterns

//assets\.pinterest\.com/js/pinit\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

146
Requests

73 %
HTTPS

46 %
IPv6

25
Domains

41
Subdomains

39
IPs

6
Countries

4031 kB
Transfer

6076 kB
Size

25
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/c/BonTonTV

Search URL Search Domain Scan URL

URL: http://lopudska-sirotica.wixsite.com/lopudska-sirotica
Title: LEGENDA O LOPUDSKOJ SIROTICI

Search URL Search Domain Scan URL

URL: http://poglednaprijed.wixsite.com/multimedija
Title: POGLED NAPRIJED MULTIMEDIJA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://docs.google.com/uc?id=1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI HTTP 303
https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mt0ks846as2ftmge41vdukkf6tuci3go/1700148675000/07841582679744115683/*/1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI?uuid=f0f129a0-99f0-4e4f-93d6-8639e09816fe

Request Chain 6

https://docs.google.com/uc?id=1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U HTTP 303
https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2eki13po157a2md5q4vp6ovp015p6ept/1700148675000/07841582679744115683/*/1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U?uuid=60084ada-0896-495b-8011-8476f4bc4acb

Request Chain 8

https://docs.google.com/uc?id=1P_3532QUurr_sEwj_5xrtO6yt3VegIfu HTTP 303
https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mu6q6t4t2v2pd1sg1soa231oslkp1o2o/1700148675000/07841582679744115683/*/1P_3532QUurr_sEwj_5xrtO6yt3VegIfu?uuid=915ea06f-f94b-4608-b270-8f3e20f08877

Request Chain 9

https://docs.google.com/uc?id=1v5vhS3rMewM12WGrk9KilguNUZeVbCX8 HTTP 303
https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7q0tnpqhkj9e20g90ij9gj54ik7gudbs/1700148675000/07841582679744115683/*/1v5vhS3rMewM12WGrk9KilguNUZeVbCX8?uuid=4191e80a-30cd-4ca0-9ac7-df9182167f4f

Request Chain 10

https://docs.google.com/uc?id=1fwjH3mmbDDddacd-YbMlPrihELFRId8S HTTP 303
https://doc-08-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pkd924upfo4u32j1oi70fqvc51bqgin0/1700148675000/07841582679744115683/*/1fwjH3mmbDDddacd-YbMlPrihELFRId8S?uuid=65a9772b-3ec9-44e2-a41a-448c89e74e91

Request Chain 11

https://docs.google.com/uc?id=1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2 HTTP 303
https://doc-0c-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aq2eb4e497skcfgqlobc11ljfeec7cmk/1700148675000/07841582679744115683/*/1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2?uuid=413b6a81-0ec6-4c07-b60e-f1f4d002e32b

Request Chain 21

http://assets.pinterest.com/js/pinit.js HTTP 307
https://assets.pinterest.com/js/pinit.js

Request Chain 56

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1

Request Chain 57

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVY2BBPfcyC4pLlIy.SqogAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2

Request Chain 58

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

Request Chain 59

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1

Request Chain 82

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVY2BBPfcyC4pLlIy.SqogAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

Request Chain 84

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

Request Chain 92

https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 96

https://googleads.g.doubleclick.net/pagead/adview?ai=Ch1RyAzZWZYv1M4XZtweMv4vgBeXpjvdzzLqlgOIR0Z7bicEBEAEgnOmNb2CVgoCAuAegAdOBmcwDyAEJqQK_2Gm_FTSyPqgDAcgDywSqBN4BT9CDgPZaC6dw08vpuumOW4hbr6VZQTSBIro89QWXp8u9f0Upu3U-nrXvZRKciIkP_LXxvl3OIoIhYPNG_dV7KoNseapPJ34qhrFe5JefDu91lLdJuxkLvs7hyw0AoHxIKUp8_a00jKQrzXEeIo58LgYn2GGM9uSBEAuu8ELbJrbX-cjsAb2xop4LN_I7Upa3UkAeJkcOGtsaXKUnCAobwit9r6MAl0hgOK4LdAHPRnGlTyjQGymZS7eTjSNMa7EfWUMVoJLh_A1mYMllcpkk71DzUzoHnFiisP-T8oUYwATUx57RxQSIBe3R4Z1NkgUECAQYAZIFBAgFGASgBi6AB_uZ0MYEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQqMYI0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJiwJodHRwczovL3d3dy5hbGxpYW56LmRlL2FuZ2Vib3QvYXV0by92L2tmei12ZXJzaWNoZXJ1bmctbGVpc3R1bmcvP0FaTUVESUQ9U0VNX1NFLUdHX1ZULXhfUFItU1AuS3JhZnRQLktyYWZ0X0tBLXBlcm1hJTdDb3BlbiU3Q0tGWkxvY2FsUGVyZm9ybWFuY2VNYXhfQUctUE1heExvY2FsLlZlcnRyZXRlci5nZWJ1ZW5kZWx0X0tXLV9NVC1fQVotX1NMLWtlaW5TTF9FRy1NdWx0aXBsZSZnX2FjY2lkPTIzNTUxOTI2NjAmZ19tY2NpZD0yNTM4Njk3MDIwJmdjbHNyYz1hdy5kcyaACgHICwGYDOGS5pzHBKIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxArgTgwTYEw7QFQGAFwGyFxwKGggAEhRwdWItOTE1MzE1ODgwMzA5NTA0MhgA&sigh=KmFQU47r2Vk&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTQDICaaNw4bm3unk5aNresJJOIV3zixUgbQqfaWKyzP2WyDslZymWI-rZ8u2xYyCZEt9TxZ6cjTq2fvEiqdLmZ-JlWcIcvIhK53E1r16GAE&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211791616255404307803%22,%22debug_reporting%22:true,%22destination%22:%22https://allianz.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22965099731%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218322690365860284401%22}&andc=true

Request Chain 104

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=81638200106544204444550012510008&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243

Request Chain 105

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=81638200106544204444550012510008&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 107

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=81638200106544204444550012510008&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 109

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=64284900108069304444550012510026&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6556360597345f2ebea2f67f&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Request Chain 110

https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=64284900108069304444550012510026&pv=1 HTTP 302
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700148741_55491330-8495-11ee-92fe-22394270969d&dt_mode=iframe&dt_url=

Request Chain 124

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303

146 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
bontontv.com/ 28 KB
6 KB 132ms
21ms Document
text/html 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

d1fa3dd13812a2915735dcc431b499f5c2d5057a0dfa753aefd7a1df7f1593b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 16 Nov 2023 15:32:18 GMT
Last-Modified: Sun, 14 Apr 2019 16:05:09 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK podloga.css
bontontv.com/ 1 KB
990 B 17ms
17ms Stylesheet
text/css 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/podloga.css

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

3db138cc64764589260280ad919dd06ab383c5e3682e06e6ea7110c30bf90111

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:18 GMT
Date: Thu, 16 Nov 2023 15:32:18 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Tue, 12 Feb 2019 15:34:26 GMT
Server: nginx
Content-Encoding: gzip
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 59ms
20ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-132394199-1

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5f286292dac1231115c4a8d888ea987fd763c2da47bdf542895fa19e689d178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68945
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Nov 2023 15:32:19 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
55 KB 64ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d096830deebf86eb527df38656bb137fc7db9d76ca69fdd2dde6f305e85cf51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Length: 55593
X-XSS-Protection: 0
Server: cafe
ETag: 17148219425816290543
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=3600
Timing-Allow-Origin: *
Expires: Thu, 16 Nov 2023 15:32:19 GMT

GET
H/1.1 200
OK BLANK_50x50.png
bontontv.com/elementi/ 1 KB
2 KB 35ms
18ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/BLANK_50x50.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

6f44673fac0fa486e34eb2e822bc8793e21bdfa8a385c920e2680453c12db71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:18 GMT
Date: Thu, 16 Nov 2023 15:32:18 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:32:37 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1170
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK linkovi_main.js Show response
bontontv.com/ 1 KB
800 B 35ms
17ms Script
application/javascript 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/linkovi_main.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

4ac3172741ae459e06f1110441dceb6a3dad997c93e7c2d08b92681f0bd9b10b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:18 GMT
Date: Thu, 16 Nov 2023 15:32:18 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Thu, 13 Jun 2019 15:25:14 GMT
Server: nginx
Content-Encoding: gzip
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2

200

1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI
doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mt0ks846as2ftmge41vdukkf6tuci3go/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI
https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mt0ks846as2ftmge41vdukkf6tuci3go/1700148675000/07841582679744115683/*/1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI?u...

2 MB
2 MB

291ms
290ms

Image
image/png

2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mt0ks846as2ftmge41vdukkf6tuci3go/1700148675000/07841582679744115683/*/1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI?uuid=f0f129a0-99f0-4e4f-93d6-8639e09816fe

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ebb668f2594702d530814bf791c1d3fe2993d5331d86adad7f0c875ff12fe38b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPppQbcurtxQ_x8LepIXNLmWiysfo3NX11pKeo4IIxPISKcng2WuUn9cfjX13EBwD4zxyZqN6NbtaTL_xBgTDfGbjw
content-disposition: inline; filename="NASLOVNA za SITE.png"; filename*=UTF-8''NASLOVNA%20za%20SITE.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2198958
last-modified: Sat, 09 Feb 2019 11:44:24 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=mRct/A==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: script-src 'report-sample' 'nonce-Qf3xddjPwS7roFi3BPSmxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mt0ks846as2ftmge41vdukkf6tuci3go/1700148675000/07841582679744115683/*/1KihvlO3tPYsOTo1POM9S7qM0a_sF1yyI?uuid=f0f129a0-99f0-4e4f-93d6-8639e09816fe
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U
doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2eki13po157a2md5q4vp6ovp015p6ept/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U
https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2eki13po157a2md5q4vp6ovp015p6ept/1700148675000/07841582679744115683/*/1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U?u...

77 KB
80 KB

240ms
181ms

Image
image/png

2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2eki13po157a2md5q4vp6ovp015p6ept/1700148675000/07841582679744115683/*/1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U?uuid=60084ada-0896-495b-8011-8476f4bc4acb

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b448544bee173b37645ff146318279d8bc96485f59cee92f6d02e26b5aff20cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPqDWMToxYSHX8RsP4EBgrngiqsUACyKYz41xAgy-KjPsnVKmJ-D8PeKt9sPoLN5g9hdp1Yh4EiD1yIfjAANhHPK2w
content-disposition: inline; filename="GUMB_naslov_video_pjesmice.png"; filename*=UTF-8''GUMB_naslov_video_pjesmice.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78835
last-modified: Sat, 09 Feb 2019 11:42:52 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=x+w+Qg==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'report-sample' 'nonce-Qu5bGYYA1pDV38ljp-1nrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2eki13po157a2md5q4vp6ovp015p6ept/1700148675000/07841582679744115683/*/1wNJDIL1GMu8z8VRRn3ct2rjvEehdE-3U?uuid=60084ada-0896-495b-8011-8476f4bc4acb
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK GUMB_naslov_arrow_D.png
bontontv.com/elementi/ 2 KB
2 KB 30ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_naslov_arrow_D.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

a50a900c0f7ce1489e1e8338af84ef5347b1577cf1f2867a19968c19126ea383

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:13:28 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1551
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2

200

1P_3532QUurr_sEwj_5xrtO6yt3VegIfu
doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mu6q6t4t2v2pd1sg1soa231oslkp1o2o/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1P_3532QUurr_sEwj_5xrtO6yt3VegIfu
https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mu6q6t4t2v2pd1sg1soa231oslkp1o2o/1700148675000/07841582679744115683/*/1P_3532QUurr_sEwj_5xrtO6yt3VegIfu?u...

77 KB
80 KB

404ms
343ms

Image
image/png

2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mu6q6t4t2v2pd1sg1soa231oslkp1o2o/1700148675000/07841582679744115683/*/1P_3532QUurr_sEwj_5xrtO6yt3VegIfu?uuid=915ea06f-f94b-4608-b270-8f3e20f08877

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

69ec94813aea720ddd4a935f1ee84e8f3179aa08bb08c02c22bd12c811b84162

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPpE8E9MIfWfmfGO57Dyh2P2HxcXLPcw2CzgSyv0h2E8HNYf7MCiqEqQJ8ClOF0oHcHrQiVckoh8zDX1CD_aE1ay4A
content-disposition: inline; filename="GUMB_naslov_igrice.png"; filename*=UTF-8''GUMB_naslov_igrice.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78865
last-modified: Sat, 09 Feb 2019 11:42:51 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=0WoBvw==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: script-src 'report-sample' 'nonce-oLrFLviJWvEq56Sgo2MGnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mu6q6t4t2v2pd1sg1soa231oslkp1o2o/1700148675000/07841582679744115683/*/1P_3532QUurr_sEwj_5xrtO6yt3VegIfu?uuid=915ea06f-f94b-4608-b270-8f3e20f08877
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1v5vhS3rMewM12WGrk9KilguNUZeVbCX8
doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7q0tnpqhkj9e20g90ij9gj54ik7gudbs/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1v5vhS3rMewM12WGrk9KilguNUZeVbCX8
https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7q0tnpqhkj9e20g90ij9gj54ik7gudbs/1700148675000/07841582679744115683/*/1v5vhS3rMewM12WGrk9KilguNUZeVbCX8?u...

72 KB
72 KB

191ms
190ms

Image
image/png

2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7q0tnpqhkj9e20g90ij9gj54ik7gudbs/1700148675000/07841582679744115683/*/1v5vhS3rMewM12WGrk9KilguNUZeVbCX8?uuid=4191e80a-30cd-4ca0-9ac7-df9182167f4f

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

74996428763a36e80a29b58c37f59186186c9ac73afca42cf0f49d14d16ab7f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPoBTSoTNmG4We6KSJGMl3vo6Uhd-buE_lCR_3Wkqlk1wd7KENUBOrMMK2xAjdZpqfuma1-2xtKSynNzFPqCnitEOT-1Hsrp
content-disposition: inline; filename="GUMB_naslov_bojanke.png"; filename*=UTF-8''GUMB_naslov_bojanke.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73551
last-modified: Sat, 09 Feb 2019 11:42:55 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=OkM74w==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport, script-src 'report-sample' 'nonce-ytQWQE5hZv0G3tMr2k_dTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-0g-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7q0tnpqhkj9e20g90ij9gj54ik7gudbs/1700148675000/07841582679744115683/*/1v5vhS3rMewM12WGrk9KilguNUZeVbCX8?uuid=4191e80a-30cd-4ca0-9ac7-df9182167f4f
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1fwjH3mmbDDddacd-YbMlPrihELFRId8S
doc-08-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pkd924upfo4u32j1oi70fqvc51bqgin0/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1fwjH3mmbDDddacd-YbMlPrihELFRId8S
https://doc-08-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pkd924upfo4u32j1oi70fqvc51bqgin0/1700148675000/07841582679744115683/*/1fwjH3mmbDDddacd-YbMlPrihELFRId8S?u...

74 KB
77 KB

255ms
192ms

Image
image/png

2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-08-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pkd924upfo4u32j1oi70fqvc51bqgin0/1700148675000/07841582679744115683/*/1fwjH3mmbDDddacd-YbMlPrihELFRId8S?uuid=65a9772b-3ec9-44e2-a41a-448c89e74e91

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e58ec394c0c2322a9833859b836faf7190619def0d9b240a6464fca782be423e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPrT4UVfQozw_SR6I1YXdtgaY8dbgtAjvbvNn2CvzhI8jI2orlbxb96ifuINbep9kgeO7ws_j7fGMPv_Cg5tJzIx41afIzim
content-disposition: inline; filename="GUMB_naslov_bajke_i_price.png"; filename*=UTF-8''GUMB_naslov_bajke_i_price.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75672
last-modified: Sat, 09 Feb 2019 11:42:53 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=ygCOPA==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: script-src 'report-sample' 'nonce-ZYWIywf5D8AzZsTNr9D9_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-08-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pkd924upfo4u32j1oi70fqvc51bqgin0/1700148675000/07841582679744115683/*/1fwjH3mmbDDddacd-YbMlPrihELFRId8S?uuid=65a9772b-3ec9-44e2-a41a-448c89e74e91
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2
doc-0c-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aq2eb4e497skcfgqlobc11ljfeec7cmk/1700148675000/07841582679744115683/*/
Redirect Chain

https://docs.google.com/uc?id=1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2
https://doc-0c-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aq2eb4e497skcfgqlobc11ljfeec7cmk/1700148675000/07841582679744115683/*/1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2?u...

70 KB
73 KB

307ms
232ms

Image
image/png

2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doc-0c-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aq2eb4e497skcfgqlobc11ljfeec7cmk/1700148675000/07841582679744115683/*/1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2?uuid=413b6a81-0ec6-4c07-b60e-f1f4d002e32b

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f558a2153ca91fa4eee98b8531d36d1e230fb4e983f88930c559c0a4a1219daa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
x-guploader-uploadid: ABPtcPq7kAxz6QfQ10YnEaPjl9p58QCiU5H4ZCmGiCytRtpKwxLWepCWehwoq9OKjA9GaEbilR7wYUn0M2tRQfg4E5Iq_g
content-disposition: inline; filename="GUMB_naslov_crtici.png"; filename*=UTF-8''GUMB_naslov_crtici.png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71519
last-modified: Sat, 09 Feb 2019 11:42:56 GMT
server: UploadServer
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=klZU9w==
cache-control: private, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
expires: Thu, 16 Nov 2023 15:32:19 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: script-src 'report-sample' 'nonce-9vPOOVqTpdHjUmZ6GbSegA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/binary
location: https://doc-0c-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aq2eb4e497skcfgqlobc11ljfeec7cmk/1700148675000/07841582679744115683/*/1tm08kS7Cl4VvGx6LWjkEdfOqaEnFkCz2?uuid=413b6a81-0ec6-4c07-b60e-f1f4d002e32b
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nlZ1LAn.jpg
i.imgur.com/ 12 KB
12 KB 236ms
32ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/nlZ1LAn.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

ff98e1f95730f9d8824b3a24d80ab3802906bb2101164edf2815cd200ac7d893

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: JFK50-P6
age: 2406083
x-cache: Miss from cloudfront, HIT, HIT
content-length: 12353
x-served-by: cache-iad-kjyo7100084-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:55 GMT
server: cat factory 1.0
x-timer: S1700148739.422496,VS0,VE2
etag: "5a119b55baffb5683f634d9fa58b5cb2"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: UxhjrPdLvkTUedg8uryJ-X23QGVs_YEjmrgEHeQvQIuzYqdssO8pjw==
x-cache-hits: 9, 1

GET
H2 200 Nmh4qNP.jpg
i.imgur.com/ 22 KB
22 KB 235ms
31ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Nmh4qNP.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

58cd2758d5a9623c01c15595c05327cf29e28cb7e0b1e7508b9868b8f1b402c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 2582247
x-cache: Miss from cloudfront, HIT, HIT
content-length: 22330
x-served-by: cache-iad-kjyo7100110-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:56 GMT
server: cat factory 1.0
x-timer: S1700148739.422953,VS0,VE1
etag: "c7555de0a1b1628c82339166f89a80af"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ukbzlQxXhmO5ZJM4_U-630aN0wA6HxqhkNci_9tPeaGimAgVFlVwMw==
x-cache-hits: 32, 1

GET
H2 200 xeQrx4E.jpg
i.imgur.com/ 12 KB
12 KB 235ms
31ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/xeQrx4E.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

2d63ac0146bc9cfd42428d32c69ea0261412714925ef2980681987e2459226fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-C4
age: 1841069
x-cache: Miss from cloudfront, HIT, HIT
content-length: 11987
x-served-by: cache-iad-kiad7000136-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:55 GMT
server: cat factory 1.0
x-timer: S1700148739.423346,VS0,VE1
etag: "4562ebdd7b4126423818af16a067bd30"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: SHN6JreEzjkSKi8xiPxlVzWJRLb9xsihygXGqXkz8ZEfT_NX78w9kg==
x-cache-hits: 23, 1

GET
H2 200 Mdc5cHp.jpg
i.imgur.com/ 17 KB
17 KB 233ms
30ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Mdc5cHp.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

e72f87b7a5b95823f2804cfa7da26bb35224d1f7356c29722edf6b82dc0ad3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P4
age: 3847343
x-cache: Miss from cloudfront, HIT, HIT
content-length: 16942
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230091-FRA
last-modified: Sat, 13 Apr 2019 14:55:55 GMT
server: cat factory 1.0
x-timer: S1700148739.422957,VS0,VE2
etag: "eda6db55875ff8ad131cb3ea02e7d10c"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ukl3jk3SA_Mc_rRd8MpuTJ88OxfmaOpXz5-CBALtWxQCps--4ab_ww==
x-cache-hits: 18, 1

GET
H2 200 G2pXlMv.jpg
i.imgur.com/ 17 KB
17 KB 233ms
30ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/G2pXlMv.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

348225694015af4715c43ebf537cfa5ee00a8d4a0ffa602f6c9a1139e20d6b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2495704
x-cache: Miss from cloudfront, HIT, HIT
content-length: 17497
x-served-by: cache-iad-kjyo7100047-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:54 GMT
server: cat factory 1.0
x-timer: S1700148739.422956,VS0,VE2
etag: "6f2b03d54c4831d5534aae645831efe4"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 3wf6tK5t9T1_NcQt3sXq7yfh6BH2L3SdQdfxCQR81ids8C53h9bNQQ==
x-cache-hits: 4, 1

GET
H2 200 FSdkzdR.jpg
i.imgur.com/ 14 KB
14 KB 235ms
31ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/FSdkzdR.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

74cc4ad4dbe146ced0bf4d006cd5abf55b1d5da636e55711d0661037ef53fe59

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2000958
x-cache: Miss from cloudfront, HIT, HIT
content-length: 14109
x-served-by: cache-iad-kiad7000044-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:55 GMT
server: cat factory 1.0
x-timer: S1700148739.422512,VS0,VE2
etag: "5983c8923fb210584bb35a11fa4f5798"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: UMWtEKSDjbmDRIO02sAymGVjx65SfbhXUGIIBITecjvnXZe9uVItyA==
x-cache-hits: 30, 1

GET
H2 200 sN8lAoo.jpg
i.imgur.com/ 15 KB
15 KB 236ms
32ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/sN8lAoo.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

63093ef963cdf2e6c2521fa1ef7f8be0d54d4ac06537047a54234be89c4b89c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P1
age: 1967675
x-cache: Miss from cloudfront, HIT, HIT
content-length: 14922
x-served-by: cache-iad-kjyo7100052-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:55 GMT
server: cat factory 1.0
x-timer: S1700148739.422451,VS0,VE2
etag: "110afb4ce851a3b19ce0645bae6764cc"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: vn15Z98tqoYxXW3TfWO20Ckj-oh9SybPXw4RWc3-rT4nYMAytBAKRQ==
x-cache-hits: 8, 1

GET
H2 200 ic57tBs.jpg
i.imgur.com/ 8 KB
8 KB 234ms
30ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ic57tBs.jpg

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

ec715264ef4ca17579815928c68d5e0b7716e1c445321095bf95e82b857b5c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 1975345
x-cache: Miss from cloudfront, HIT, HIT
content-length: 8112
x-served-by: cache-iad-kcgs7200020-IAD, cache-fra-eddf8230091-FRA
last-modified: Mon, 01 Apr 2019 11:32:56 GMT
server: cat factory 1.0
x-timer: S1700148739.423454,VS0,VE2
etag: "1c74cb58c42f0a87ccfdce87d919efaa"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: VRcu8NgGvkjOcXv7iq8n3JYz3hulEqlGKrgFiqS8rjXULtfkuwqGZQ==
x-cache-hits: 21, 1

GET
H2 200 nctmUtv.png
i.imgur.com/ 56 KB
57 KB 247ms
45ms Image
image/png 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/nctmUtv.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

714a8e2d385de706a2cbdbf79419f545811db0fac050e81d683165eb5f694e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 2582247
x-cache: Miss from cloudfront, HIT, HIT
content-length: 57809
x-served-by: cache-iad-kjyo7100034-IAD, cache-fra-eddf8230091-FRA
last-modified: Sat, 30 Mar 2019 12:28:50 GMT
server: cat factory 1.0
x-timer: S1700148739.422456,VS0,VE5
etag: "77cf325b245f12ca6f236c2d5138171c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6SAbnI5_WDFLaZmpyNHKvJ0SgIq7tZz9VEJaDwjUExwwZvQPXFDWcw==
x-cache-hits: 8, 1

GET
H2

200

pinit.js Show response
assets.pinterest.com/js/
Redirect Chain

http://assets.pinterest.com/js/pinit.js
https://assets.pinterest.com/js/pinit.js

361 B
452 B

214ms
7ms

Script
application/javascript

2a04:4e42:8d::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit.js
Requested by: Host: bontontv.com
URL: http://bontontv.com/
Protocol: H2
Server: 2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
content-encoding: br
x-cdn: fastly
etag: "62d32c28f14783b94192cd8d35bc010d"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=300
alt-svc: h3=":443";ma=600
content-length: 203

Redirect headers

Location: https://assets.pinterest.com/js/pinit.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK footer_01.js Show response
bontontv.com/ 920 B
1003 B 22ms
17ms Script
application/javascript 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/footer_01.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

510297e873943f25fa83801c02ab5017525ed283e5a85f966c438a1d55e28978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jan 2019 11:10:43 GMT
Server: nginx
Content-Encoding: gzip
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK footer_02.js Show response
bontontv.com/ 855 B
844 B 24ms
17ms Script
application/javascript 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/footer_02.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

0efad7edfad60d20d4c1d77bc016e5c797f07a6f64e478c2687cffa1f4d7c895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jan 2019 19:15:27 GMT
Server: nginx
Content-Encoding: gzip
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK footer_03.js Show response
bontontv.com/ 354 B
759 B 37ms
20ms Script
application/javascript 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/footer_03.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

37f6775b5cfc6e3ae5fff4b3a8fca3a053d57d5d5e3ce9dd99ef6a4d625270b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jan 2019 10:17:02 GMT
Server: nginx
Content-Encoding: gzip
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK copyright.js Show response
bontontv.com/ 89 B
518 B 20ms
19ms Script
application/javascript 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to

Full URL

http://bontontv.com/copyright.js

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

4522b39be924676f48907e66a03fcd4f366cc1482b0c4434029343d395e91ca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Sat, 16 Dec 2023 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Jan 2019 18:34:19 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK TOCKICE%20PATERN_3200x60px.png
bontontv.com/elementi/ 17 KB
18 KB 19ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/TOCKICE%20PATERN_3200x60px.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

9b295558af4bb2e37850a544223a1a2f8d204385d5114e3487a08991d3a84d8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 06:55:49 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17890
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK podloga%20menija%2050x73.png
bontontv.com/elementi/ 1 KB
2 KB 32ms
20ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/podloga%20menija%2050x73.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

e608c4a41bbb53d1d43a81df6e71481c5eda3d716f764200ad2de0edc8088e5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:27:52 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1120
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_naslovnica.png
bontontv.com/elementi/ 3 KB
4 KB 47ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_naslovnica.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

9458ed1b8799a60ef01e7601c95d71b3000ca6e9d9384752549f4e814f45f9b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3360
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_video.png
bontontv.com/elementi/ 3 KB
4 KB 36ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_video.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

06ebf5846bd14583ce04d367cf8ba63993d93abe76a75f6a52261f8257ad492d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3545
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_igre.png
bontontv.com/elementi/ 3 KB
3 KB 35ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_igre.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

e25f53fc4bae5d337cab5e3122515ed7d040bfbda3d68b1169d71ad1d5b5c230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3163
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_bojanka.png
bontontv.com/elementi/ 4 KB
4 KB 28ms
18ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_bojanka.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

433727d87227e6221e94db660dfdb7ccb2f76a5f4ff52d4ad8d3c7db8915e814

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:42 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3675
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_price.png
bontontv.com/elementi/ 3 KB
4 KB 29ms
18ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_price.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

f55c31468e0cae14e7f7856e99220f93b06c255fc0518d57e4a38aaf1f61c8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3378
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_razno.png
bontontv.com/elementi/ 3 KB
4 KB 30ms
18ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_razno.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

7cf41251861276133cfbf4b85fd2d83f798f1d9f1d8aaa0dbe6d5b5848e2ff0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3429
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_wallpapers.png
bontontv.com/elementi/ 3 KB
3 KB 48ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_wallpapers.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

a1797edd8b18f8c82ff3b2a5e1cb74d06c0868587fef14d01e958104d2df929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Thu, 13 Jun 2019 15:08:08 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2959
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_kontakt.png
bontontv.com/elementi/ 3 KB
3 KB 48ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_kontakt.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

b6bacf1897d34028408104e462bcc153ae1818c00ff2483023cb90575539323d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:21:43 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3153
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK GUMB_naslov_podloga_za_tekst.png
bontontv.com/elementi/ 1 KB
1 KB 26ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/GUMB_naslov_podloga_za_tekst.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

15b7c5beeae46c7d307820d5d37aad15b7b749331ed18a5a42ba60115d3a0f22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:25:18 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1079
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H/1.1 200
OK podloga%20o%20nama%2050x50.png
bontontv.com/elementi/ 980 B
1 KB 20ms
17ms Image
image/png 185.62.73.31
SETCOR

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bontontv.com/elementi/podloga%20o%20nama%2050x50.png

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

HTTP/1.1

Server

185.62.73.31 Zagreb, Croatia, ASN61211 (SETCOR, HR),

Reverse DNS

cp010.mydataknox.com

Software

nginx /

Resource Hash

c848f640268d1696c9a6e66de35b9d1659bcb876f1d3fcc4d4e3ae574d2d3ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: Mon, 15 Jan 2024 15:32:19 GMT
Date: Thu, 16 Nov 2023 15:32:19 GMT
X-Server-Powered-By: Engintron
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Apr 2019 07:27:07 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 980
X-XSS-Protection: 1; mode=block
X-Nginx-Upstream-Cache-Status: STALE

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
77 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZN2NEHGLHZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132394199-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8ce2cc7427a1235b70c288a1c372db25ee302b46158e239717f4e154664f9330

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79248
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 15:32:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 124ms
7ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132394199-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 13:49:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6158
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 16 Nov 2023 15:49:41 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 400 KB
136 KB 166ms
69ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9153158803095042&plah=bontontv.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b65ccbdefd1bde633631a7273ac0b5db9b95602a1715d007c55b6f006521151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138524
x-xss-protection: 0
server: cafe
etag: 1707690068368461312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:19 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame A98A 9 KB
4 KB 51ms
10ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 07:40:08 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 07:40:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
251 B 42ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-ZN2NEHGLHZ&gtm=45je3b81v9109982542&_p=1700148739163&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1186743976.1700148739&ul=en-us&sr=1600x1200&ir=1&_eu=EAAI&_s=1&sid=1700148739&sct=1&seg=0&dl=http%3A%2F%2Fbontontv.com%2F&dt=BonTon%20TV%20-%20Zabavni%20portal%20za%20djecu%20-%20Igrice%20za%20djecu%2C%20pjesme%20i%20pjesmice%20za%20djecu%2C%20pri%C4%8De%20i%20bajke%2C%20basne%2C%20crti%C4%87i%2C%20bojanke%2C%20slikovnice&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=471
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZN2NEHGLHZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://bontontv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pinit_main.js Show response
assets.pinterest.com/js/ 66 KB
18 KB 8ms
7ms Script
application/javascript 2a04:4e42:8d::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit_main.js?0.3441552633103333
Requested by: Host: assets.pinterest.com
URL: http://assets.pinterest.com/js/pinit.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:19 GMT
content-encoding: br
x-cdn: fastly
etag: "3725764cf05d1a0938de73d398772331"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=300
alt-svc: h3=":443";ma=600
content-length: 18679

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
203 B 21ms
14ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1543513663&t=pageview&_s=1&dl=http%3A%2F%2Fbontontv.com%2F&ul=en-us&de=windows-1250&dt=BonTon%20TV%20-%20Zabavni%20portal%20za%20djecu%20-%20Igrice%20za%20djecu%2C%20pjesme%20i%20pjesmice%20za%20djecu%2C%20pri%C4%8De%20i%20bajke%2C%20basne%2C%20crti%C4%87i%2C%20bojanke%2C%20slikovnice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=2058547180&gjid=1118416328&cid=1186743976.1700148739&tid=UA-132394199-1&_gid=1577925064.1700148740&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=65221388

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://bontontv.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://bontontv.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C9A6 1 KB
661 B 307ms
297ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&adk=1812271804&adf=3025194257&lmt=1555257909&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x945_l%7C356x945_r&format=0x0&url=http%3A%2F%2Fbontontv.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&aslcwct=1&asacwct=1&dt=1700148739310&bpp=3&bdt=176&idt=279&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=881158549952&frm=20&pv=2&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=309

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9153158803095042&plah=bontontv.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1c2d8d7d896e8a59c4c43da5d33706b8dd975ab8c47a57dbdf135ab00a3a85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 461
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 069A 25 KB
11 KB 545ms
533ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f353773218cc38d002b371b9e173e42af4cae9af221066d6b98f03f5557ca1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11259
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C471 161 KB
48 KB 687ms
676ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0896ec63fbb1545db5bdb91fb5f22d185f7738a5b851b38e1e11616bd338e27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 48480
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E759 25 KB
11 KB 671ms
661ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a627cd9fcb7123f46d00a224b69f941daae4eb6ae5f2f6eb20fb3879894a8238

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11161
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 069A 42 B
110 B 44ms
42ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BD7FY1OqY9LeU2p2ruWR6dVzxoo8pn0tMzAkoGFwVtYGD9KnOlgX4lxZYAoGhL2E2vCosO7h_ySf9Y8AR_ObemOHR4g_PhRnqDP07SWBT9xKvuB24

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 069A 0
121 B 42ms
40ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2992948288399418100&x=1&ct=77

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 069A 89 KB
31 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 069A 3 KB
1 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 14:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5347
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 14:03:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 069A 20 KB
9 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 15:51:29 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 069A 203 KB
64 KB 79ms
55ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F40A 624 B
246 B 51ms
50ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXs93wn_XCoEabMF4S7vAVuHUeLMc-GYnDe6a1I-vpEC6ioYiH4IuDT1OnGQ99kUtUx9ww52A23DIPeQTajLIMRiOiMTeVvMyUtm8ZxgN1pcSvsD6hwwqS7ou3DZgEa0er8JfL-FUj2CsPEXkzIJN4tQBlcXgR9tLlQ9U9kM_zW5q_ug_o

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame F40A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1

43 B
339 B

24ms
24ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXs93wn_XCoEabMF4S7vAVuHUeLMc-GYnDe6a1I-vpEC6ioYiH4IuDT1OnGQ99kUtUx9ww52A23DIPeQTajLIMRiOiMTeVvMyUtm8ZxgN1pcSvsD6hwwqS7ou3DZgEa0er8JfL-FUj2CsPEXkzIJN4tQBlcXgR9tLlQ9U9kM_zW5q_ug_o
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9H3eN5p6G4pLF0G0vu0BU%2BXx3v8E396VF7SvH23lRWFBPvCIJVEmbEPqP8CWWf1sEbwEI%2B9GcBM1TRQ%2FT3imzcLB7zYtGo%2FOrUPXldHXHwuGbzyv5wLd9jTtE5nucqjih73z6j5C15Nkw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8270c93c0c511e4d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F40A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVY2BBPfcyC4pLlIy.SqogAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2

43 B
739 B

54ms
54ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXs93wn_XCoEabMF4S7vAVuHUeLMc-GYnDe6a1I-vpEC6ioYiH4IuDT1OnGQ99kUtUx9ww52A23DIPeQTajLIMRiOiMTeVvMyUtm8ZxgN1pcSvsD6hwwqS7ou3DZgEa0er8JfL-FUj2CsPEXkzIJN4tQBlcXgR9tLlQ9U9kM_zW5q_ug_o
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aNTWlTHtoMWku1oAUwbyXGZmlV6RvUj9jP%2FMctvNGi9pUyYq0%2F7bg8Z2qkG9mXBG%2FmkLmTREMXQRHW6YXT9Y9pQ64TBbXioDYdW27rOJxXNjBWdl%2FO16U%2Bf%2FG2XauyhGiuvrqGxnOn3Ltw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8270c93c8f6c047e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F40A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

43 B
838 B

8ms
7ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXs93wn_XCoEabMF4S7vAVuHUeLMc-GYnDe6a1I-vpEC6ioYiH4IuDT1OnGQ99kUtUx9ww52A23DIPeQTajLIMRiOiMTeVvMyUtm8ZxgN1pcSvsD6hwwqS7ou3DZgEa0er8JfL-FUj2CsPEXkzIJN4tQBlcXgR9tLlQ9U9kM_zW5q_ug_o

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
an-x-request-uuid: f33f689a-8a76-4dcb-8822-883a72b38710
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.40; 81.95.5.40; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F40A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

170 B
243 B

28ms
27ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
an-x-request-uuid: 57ce843b-1008-46c6-8dcc-9462fdb7eaf0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D
x-proxy-origin: 81.95.5.40; 81.95.5.40; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 069A 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9240824358894&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 069A 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9240824358894&version=m202309260101&ct=77&x=1&cor=2992948288399418000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 069A 20 KB
14 KB 78ms
78ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CtNO9i8vsyu-fLXHXdIJBCUHyq7vgwy99ENaFG-SA5C0VgSXG51r7q-kW0ZXXMhaxf22Lydnm5I-kuIDA-zIF2qX3FdCJM22P5f0sAukwphNJm0ZiIGdJCY0mNqUCyZJTe2DojT0Uy5nBv1d3VwvbCd7I8_6knVukuufHmpf8OD_dm0RI&cry=1&dbm_d=AKAmf-CsumQoweRay4YgVfbS3qnYd0Y7B_8f6LYJ0P5QD6-GXVjU86UZkAilZFxg8o5hJgSxOPQPwlS32lOST9mhKBZU0wB-Ok-bn4cs2qshBYLHsGpeKWujbFcR3KGgzAPeV-yhtGzWHXiOmO36EfaRlT4fPK33aQDTd3jChtul3GntZjbyKqNL6j8czthnptnH6P4GOObQ71XPqL7SROO99Z4kWlSa2VhRYl8qeIkCEKPyUKefif5UipxTltpnGqBmnyG7stLcn3r8g-b3RFI4vYZAMK8U1oodNxlI1G9jwm1fFUL6eucPWM4XYO5J-gWFQ9jowjGhK3TkAVc4H0fagkLwesdoqieW2IWwya0pkOJRa2egsirkJFVhvJGlfam9gnS3VKiJEeinXJ9cY9VJ5S20eC8Q7jT7e9GUN6-ofAWNEQF0faeg9wtkoJOMOlTKQDebZusX6Iq7aLciPmI5lIPb1NmM266kkVP2k3tCF8ANy_CZDat5wJhOGxviPphLVjjxVwgcZWbZvUlGqCo2BT-gyz8UZ83aMcTEfKclwNqw7r0i5Wh8hW5hgu3qCnWaon9dDWvBHjbv5iCVe0SbiakMb96Ls-b0rAqzvTdAe9oTLctSw0QejxYpTXyD5c5akqnZn6XbS7wL5KUtd--MlQgSpcUMj2xn-NkI4Q9iFVWYEkx408wDgbK2wecvLHTS8Jd4PFjvyTDrPw425aQDAaX9X83glVkx0otkOxgrfUUwBGSG8thfSpcMMCw8MSfrZLN3YLGiQh_YeKwv8KgxcePf1-w2Yv5mrBsSASd8l0_ghHC2dxRmiTksc8QALmZvD38L7A9bKcOiO7tXZvliRVrM2vfkdCV4TIJo4oGwb2IKt7_PACXSI7VbK53gIeR4m-mr8WRmld-K7__CsVJnFM8cprv6Caf6N0NQWHnM3sG1NzZ6VGlfkjiWdVhXCdMMyyyOeNvdQzkb6o5z8FyaoP3S_9cQveM3JhpIKBE8E_E8kl7mTgMcb2aKzGyESQEoey0BRIJyLDonCGvxs8X52GMGXlCb-uCotJNZnCEazXcWtbtxELNy_ag9c5DV6J67DlSNvX8Myn_URB2IN3K3x4D__Xgm17lUiSHY7B21Sv5cW1hNMjT_Xd4NxtSml115_1Apci3J8RwpY4Zm_FUw6hV-DaL_JgrFDJ7Z4JcG2DfTzY6FVhh-x5MeCmxvVspC7HwOU0QSeX5pTP3WAf08tzTdYgaL1WQkKl44pfeH4J4d-PSayZZZG9-lYLLHR4j1yBYgQU-zs--IhEFRJuY9dKoD-NT5rhAUtlM_nywUArCqiEyrqgw1aqYlyFQsXY5xuwpRpcHiTrhDOH2XDx8k_qijd_UVPdvOMJo0mMeg7yMJzzyMv7igPwMcblKGcCdS8UzFG6X1FSDls200G4Q3IHQMNLc81UwesF1ZeRYuE9wmfI_Au7nkj60rIL05rb6nN0TlS2SJnfURcSMQrUq7VLGjzb7ASfRy4ubU2bqddjuLm97UrD3GdYg1LSAok0no91fD9tMChV5z-B0L9pFXFYsrcWbkSccBhgFvaZzJko-75z_XBht69_SC6AZQkfgDfRhGubtPHbsc8rckJFrlo5A2su7O_1h41jt7VcNHrwaYSLEvUYuZdQBCKwBkwNBoEMuuV8lxtxkYfJfbr8L6XpShyoK-NZb62p84V4viGG8J2hA30uvHkpSFneodcNJiZvd_cygK1RgV_3H8lIOvbNCVHfsJvDlM_ARkK09v1WcQfVvCoTZoTPIGvVBJq7nSYNkJ3_3RoCLG2NTebwIM18YEYq-pPsJylN1qI00s6S2FhrCrjRt1pgEciTWtEhejL1ubWviKDwK4fLH4a3EtROoNETATdI7KworDcaaH8KEoLHX3UCW4GoYZbu_Gv-ydoTMzzwLHNVH5ag8nNIfttez3ZQgVlvxKQYEOcWBE1axPoSlaQABz_9ZjH9iXPenJ30-FBURPt0U1YhyjejiuTc-dOng_Nz7TLODDpJ8ILMKMf6JszGXmeRd6nDB8GtTrUwYwMFSBhjaxZjkEG7jEnk4fUCclWHGsgSliEqaptCLJDtfi2gdV5J9QBE8miYkTy1chDJt0viXfvF1MyYDtMbgD8bsuR4VGOEQxISWusjCa1O6cgj60QMDTplTBZAbR4xh9e1ryCPAgz0hgWghcbQ8jKhg4NO9lFEmHTm7Fj_HU6oH_3gQ0fNTHbu7lKSzGkKOSZnhyy080UaX8JT4s_JPrfyeKbEGyKf5VWyBrKHcBtMi_vV3NSvlLUT8HJyVUxZS9t5TRDh3O3y4Ua4kNesMiOR8p062cUobulAr2Lkfexz-RHYTmR46r5GN_EZy4liVtsxGooACAva4xX8q4VGKOZEA1tx6WJR_HXX0xFo8mSWZvUbQ5CeR6eA8wDsbGaRdATwRJcKyHBFEAPwE-JYZAvoUxVFN88LPcy98svOHLgckNmsyf0euNWGtm7oNDQYNia0OLiHPSew589NA0dx8c2JPITst2AJF62q6h1Xcr2-D_nyytezD3LpdEYDStvSS-b1313A-5OuLWhMfOev8oSzG-5n0_al7A4OdOYXx_525IbzAQoHD3CDBDFJBY_gvQlJuBxwcZRj1xog0fb95jmEnDBaEeNtOurZeDjYE3SAg4ZgjQVoP5dfbi5B7eXP5RtYEAv1QSyed963ltpcQcgznG7NRg08CfZkOxTPsjegvnwauw7OZp5ICwubCk-2McmgmgCwg9SZ3Y0ExaToQ81AXRMucWfB5-fBGaXVH3SD-f-Pby2JhlNvIIO0XSOoSN828u7KXPzcdk6-9Gv3Sv6WZkKS9aKx3QQfe_vsm6vnBvYj_44EsA48nxk3emm3yqdVZkIhjkrZwduxOPel89BFm4FniRUSe9MsPmyrMkGZ-xlyWASDhacxtn6-EnEDEkkV1CrG5_2-6OkYxM86BmiYvaWmRmwXQck8ZTRjABCTkEyMghSOpxdXasX8kZXevZ1njUp5XV74Q0_uGJ1TXMrA4KdZNxxIU3N4tUjthmL3sEdFfFp6gwJU6_lOZTXKIlKfzD-qncmO0rZhUkcG3rYqUdJNOqzZRGeZX9-gaqEaTvcCJyGkCwKPZBKMu2pNnjwod6gjHFJiScPKzM7yOcTnMUDgsJtn9RSjzU8Tn7DIxW4OVoN_hYjGzg3WK9DfZ-noes4MtR4KRA6m38YQKSlg9QGQr_oWx3QWczkMxAOpaufrp9V8ge1OBHtMD87Ih-iP4YEYkkmdd3l7vhrOUZU_icdktkz-BmqWj82He7y8J5zXx-Aqss42W8y_YWVSC7tFRtc7vhUr5XKbZzR_KpdO9n7V96VlSFcrUbHlLaMDdBqN9VamKXjJTTvapDDvTu3_YAY2qK1yllgmX374N-NgQAgHGZXNcDGzUTgAtTQw9YnXUvFsk7QwDD82NJVLIgBlfjs1r2wKw_b9-lWN3w0yJaZ3nWGUleToZdlt5qhZoU8dXH54YFk-edziQlRjOhpj3eNeYq0a7vmxm63n6adFEXdgVMs_Dw_bDGhgQcOJlIucWpl8_heSeVa11RlUl9oAgmdNm84taORVHWa0ZV3EDXq1VZoa-dAKR4q3TzQzdUwfCXHrkPcwmwCKbEHiwI2BpiBZSUQyZtRQXkPjDIOQaP8oHmfH7imBxMA2ZBoIi3CeuqEetvpa1mcxmc_UHR6aKiCH_IzyZcA30coCBWbFiROmyUa1DhSTNKuoSFZ3kk9rVQ9u2mH3Q9PW5GeuJhz_qALp_PwsMu86dugcQLoHa6CFDImofe3p4j94z7dF34geTVmSc26WbQNu9gtknMWTLk&cid=CAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fbontontv.com%2F&ds=l&xdt=1&iif=1&cor=2992948288399418000&adk=2923430907&idt=90&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7609e19e770677480424dfc15a57979d394463711ff49deb4ac22d7e7a3e55b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14145
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E759 42 B
63 B 47ms
45ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DIAkHLk3tixUO8Rgh5GUPek4V3dyBXnbPCbRogW3EGyc-MwyuzWO4vDyjoH_XpwNj9nACzpZ9OZZuI8YfZ4kaYqwvcbAmOQ_gxzb2fU9lbJhkWR-E

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E759 0
20 B 48ms
47ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10160946022463997960&x=1&ct=77

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E759 89 KB
31 KB 84ms
82ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame E759 3 KB
1 KB 17ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 14:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5347
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 14:03:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame E759 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 15:51:29 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E759 203 KB
64 KB 50ms
42ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 61B3 624 B
245 B 58ms
56ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW_X2l1sY-VKpIGUrm_eE2Szn0xwJZ7DEVA6mrLbBNs8d3Ul92l-0c7xVpBGnQvhxs6KruREd40NbxVTrzoDwHlvLQxgMBIf2YjJvhS72dT5oub1sB0r6plRJleMLbdNwmXAzxeHe-tW65mLqYlwLxRpMoynIvttpxG2Ui-pqqgV5UbPUY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Thu, 16 Nov 2023 15:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame C471 14 KB
2 KB 57ms
21ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 14:41:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H2 200 nessie_icon_tiamat_white.png
tpc.googlesyndication.com/pagead/images/ Frame C471 225 B
356 B 18ms
11ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_white.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 04:32:33 GMT
x-content-type-options: nosniff
server: cafe
age: 39587
etag: 14085932017949564970
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 17 Nov 2023 04:32:33 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C471 2 KB
822 B 16ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 15:51:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C471 23 KB
9 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 02:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47695
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 02:17:25 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C471 3 KB
1 KB 17ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 14:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5347
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 14:03:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C471 20 KB
8 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 15:51:29 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C471 203 KB
64 KB 79ms
70ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Nov 2023 15:32:20 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame C471 37 KB
16 KB 51ms
9ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 06:24:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Thu, 09 Nov 2023 22:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 11 Feb 2024 06:24:32 GMT

GET
H3 200 594773951041160613
tpc.googlesyndication.com/simgad/ Frame C471 3 KB
3 KB 14ms
12ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/594773951041160613?w=100&h=100&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4e432ee3d45fe5a6fe807137717bd8f2c898064736603a980b1dff3fa1628e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 21:16:38 GMT
x-content-type-options: nosniff
age: 152142
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3178
x-xss-protection: 0
last-modified: Thu, 03 Aug 2023 10:51:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 13 Nov 2024 21:16:38 GMT

GET
DATA 200
OK truncated
/ Frame C471 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 /
log.pinterest.com/ 0
338 B 95ms
37ms Image
text/plain 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.pinterest.com/?type=pidget&guid=UP5YpRzhxwSe&tv=2021110201&event=init&sub=www&button_count=0&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=http%3A%2F%2Fbontontv.com%2F
Requested by: Host: bontontv.com
URL: http://bontontv.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 16 Nov 2023 15:32:20 GMT
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 3
x-pinterest-rid: 5058548388493115
content-length: 0
x-served-by: cache-fra-eddf8230042-FRA
pragma: no-cache
server: envoy
x-timer: S1700148741.620433,VS0,VE29
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
accept-ranges: bytes
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 61B3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1

43 B
734 B

34ms
32ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW_X2l1sY-VKpIGUrm_eE2Szn0xwJZ7DEVA6mrLbBNs8d3Ul92l-0c7xVpBGnQvhxs6KruREd40NbxVTrzoDwHlvLQxgMBIf2YjJvhS72dT5oub1sB0r6plRJleMLbdNwmXAzxeHe-tW65mLqYlwLxRpMoynIvttpxG2Ui-pqqgV5UbPUY
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tel1cTapMRgqTnamTzcLhjsvcJtmUKPHauOyzfGKe7iK1pQJsM9kTP2nTbQVGUEYjoXDr8EfJnzY%2BCpwBTXx7THTADM9QcFiqcEeUjb32t6gZnN%2FxNHQy1JZtwN%2FP%2FazIFqr1NpSGLeVw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8270c93cbfca047e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 61B3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVY2BBPfcyC4pLlIy.SqogAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2

43 B
729 B

25ms
24ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW_X2l1sY-VKpIGUrm_eE2Szn0xwJZ7DEVA6mrLbBNs8d3Ul92l-0c7xVpBGnQvhxs6KruREd40NbxVTrzoDwHlvLQxgMBIf2YjJvhS72dT5oub1sB0r6plRJleMLbdNwmXAzxeHe-tW65mLqYlwLxRpMoynIvttpxG2Ui-pqqgV5UbPUY
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bX9daIAJ9LlntSo67L5BG6KZo4chDuN9bh8QDe0T9izcuM7g9qaA39ayixj9TyVbSbgcXCf%2F3AijC4TQ37b4MNAi9uzfO%2B3K93UT35scnTXIQG81DnjTL8P8S51gmOvnol7FGR8vwI29jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8270c93cf809047e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI0qx1tJ7OS21fp10oAdLq0&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 61B3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

43 B
838 B

15ms
11ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW_X2l1sY-VKpIGUrm_eE2Szn0xwJZ7DEVA6mrLbBNs8d3Ul92l-0c7xVpBGnQvhxs6KruREd40NbxVTrzoDwHlvLQxgMBIf2YjJvhS72dT5oub1sB0r6plRJleMLbdNwmXAzxeHe-tW65mLqYlwLxRpMoynIvttpxG2Ui-pqqgV5UbPUY

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
an-x-request-uuid: 1bda6fb7-91a2-424a-ae55-490c18e3b3c5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.40; 81.95.5.40; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEL2iFw8Qe7u6HfrZMzSPI5M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 61B3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

170 B
188 B

20ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
an-x-request-uuid: bf5b3cb3-016c-4e6f-96e4-40ec24f44afe
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjExNzc3MDM4NjEyNTMwMzY0NA%3D%3D
x-proxy-origin: 81.95.5.40; 81.95.5.40; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 069A 41 KB
14 KB 14ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CtNO9i8vsyu-fLXHXdIJBCUHyq7vgwy99ENaFG-SA5C0VgSXG51r7q-kW0ZXXMhaxf22Lydnm5I-kuIDA-zIF2qX3FdCJM22P5f0sAukwphNJm0ZiIGdJCY0mNqUCyZJTe2DojT0Uy5nBv1d3VwvbCd7I8_6knVukuufHmpf8OD_dm0RI&cry=1&dbm_d=AKAmf-CsumQoweRay4YgVfbS3qnYd0Y7B_8f6LYJ0P5QD6-GXVjU86UZkAilZFxg8o5hJgSxOPQPwlS32lOST9mhKBZU0wB-Ok-bn4cs2qshBYLHsGpeKWujbFcR3KGgzAPeV-yhtGzWHXiOmO36EfaRlT4fPK33aQDTd3jChtul3GntZjbyKqNL6j8czthnptnH6P4GOObQ71XPqL7SROO99Z4kWlSa2VhRYl8qeIkCEKPyUKefif5UipxTltpnGqBmnyG7stLcn3r8g-b3RFI4vYZAMK8U1oodNxlI1G9jwm1fFUL6eucPWM4XYO5J-gWFQ9jowjGhK3TkAVc4H0fagkLwesdoqieW2IWwya0pkOJRa2egsirkJFVhvJGlfam9gnS3VKiJEeinXJ9cY9VJ5S20eC8Q7jT7e9GUN6-ofAWNEQF0faeg9wtkoJOMOlTKQDebZusX6Iq7aLciPmI5lIPb1NmM266kkVP2k3tCF8ANy_CZDat5wJhOGxviPphLVjjxVwgcZWbZvUlGqCo2BT-gyz8UZ83aMcTEfKclwNqw7r0i5Wh8hW5hgu3qCnWaon9dDWvBHjbv5iCVe0SbiakMb96Ls-b0rAqzvTdAe9oTLctSw0QejxYpTXyD5c5akqnZn6XbS7wL5KUtd--MlQgSpcUMj2xn-NkI4Q9iFVWYEkx408wDgbK2wecvLHTS8Jd4PFjvyTDrPw425aQDAaX9X83glVkx0otkOxgrfUUwBGSG8thfSpcMMCw8MSfrZLN3YLGiQh_YeKwv8KgxcePf1-w2Yv5mrBsSASd8l0_ghHC2dxRmiTksc8QALmZvD38L7A9bKcOiO7tXZvliRVrM2vfkdCV4TIJo4oGwb2IKt7_PACXSI7VbK53gIeR4m-mr8WRmld-K7__CsVJnFM8cprv6Caf6N0NQWHnM3sG1NzZ6VGlfkjiWdVhXCdMMyyyOeNvdQzkb6o5z8FyaoP3S_9cQveM3JhpIKBE8E_E8kl7mTgMcb2aKzGyESQEoey0BRIJyLDonCGvxs8X52GMGXlCb-uCotJNZnCEazXcWtbtxELNy_ag9c5DV6J67DlSNvX8Myn_URB2IN3K3x4D__Xgm17lUiSHY7B21Sv5cW1hNMjT_Xd4NxtSml115_1Apci3J8RwpY4Zm_FUw6hV-DaL_JgrFDJ7Z4JcG2DfTzY6FVhh-x5MeCmxvVspC7HwOU0QSeX5pTP3WAf08tzTdYgaL1WQkKl44pfeH4J4d-PSayZZZG9-lYLLHR4j1yBYgQU-zs--IhEFRJuY9dKoD-NT5rhAUtlM_nywUArCqiEyrqgw1aqYlyFQsXY5xuwpRpcHiTrhDOH2XDx8k_qijd_UVPdvOMJo0mMeg7yMJzzyMv7igPwMcblKGcCdS8UzFG6X1FSDls200G4Q3IHQMNLc81UwesF1ZeRYuE9wmfI_Au7nkj60rIL05rb6nN0TlS2SJnfURcSMQrUq7VLGjzb7ASfRy4ubU2bqddjuLm97UrD3GdYg1LSAok0no91fD9tMChV5z-B0L9pFXFYsrcWbkSccBhgFvaZzJko-75z_XBht69_SC6AZQkfgDfRhGubtPHbsc8rckJFrlo5A2su7O_1h41jt7VcNHrwaYSLEvUYuZdQBCKwBkwNBoEMuuV8lxtxkYfJfbr8L6XpShyoK-NZb62p84V4viGG8J2hA30uvHkpSFneodcNJiZvd_cygK1RgV_3H8lIOvbNCVHfsJvDlM_ARkK09v1WcQfVvCoTZoTPIGvVBJq7nSYNkJ3_3RoCLG2NTebwIM18YEYq-pPsJylN1qI00s6S2FhrCrjRt1pgEciTWtEhejL1ubWviKDwK4fLH4a3EtROoNETATdI7KworDcaaH8KEoLHX3UCW4GoYZbu_Gv-ydoTMzzwLHNVH5ag8nNIfttez3ZQgVlvxKQYEOcWBE1axPoSlaQABz_9ZjH9iXPenJ30-FBURPt0U1YhyjejiuTc-dOng_Nz7TLODDpJ8ILMKMf6JszGXmeRd6nDB8GtTrUwYwMFSBhjaxZjkEG7jEnk4fUCclWHGsgSliEqaptCLJDtfi2gdV5J9QBE8miYkTy1chDJt0viXfvF1MyYDtMbgD8bsuR4VGOEQxISWusjCa1O6cgj60QMDTplTBZAbR4xh9e1ryCPAgz0hgWghcbQ8jKhg4NO9lFEmHTm7Fj_HU6oH_3gQ0fNTHbu7lKSzGkKOSZnhyy080UaX8JT4s_JPrfyeKbEGyKf5VWyBrKHcBtMi_vV3NSvlLUT8HJyVUxZS9t5TRDh3O3y4Ua4kNesMiOR8p062cUobulAr2Lkfexz-RHYTmR46r5GN_EZy4liVtsxGooACAva4xX8q4VGKOZEA1tx6WJR_HXX0xFo8mSWZvUbQ5CeR6eA8wDsbGaRdATwRJcKyHBFEAPwE-JYZAvoUxVFN88LPcy98svOHLgckNmsyf0euNWGtm7oNDQYNia0OLiHPSew589NA0dx8c2JPITst2AJF62q6h1Xcr2-D_nyytezD3LpdEYDStvSS-b1313A-5OuLWhMfOev8oSzG-5n0_al7A4OdOYXx_525IbzAQoHD3CDBDFJBY_gvQlJuBxwcZRj1xog0fb95jmEnDBaEeNtOurZeDjYE3SAg4ZgjQVoP5dfbi5B7eXP5RtYEAv1QSyed963ltpcQcgznG7NRg08CfZkOxTPsjegvnwauw7OZp5ICwubCk-2McmgmgCwg9SZ3Y0ExaToQ81AXRMucWfB5-fBGaXVH3SD-f-Pby2JhlNvIIO0XSOoSN828u7KXPzcdk6-9Gv3Sv6WZkKS9aKx3QQfe_vsm6vnBvYj_44EsA48nxk3emm3yqdVZkIhjkrZwduxOPel89BFm4FniRUSe9MsPmyrMkGZ-xlyWASDhacxtn6-EnEDEkkV1CrG5_2-6OkYxM86BmiYvaWmRmwXQck8ZTRjABCTkEyMghSOpxdXasX8kZXevZ1njUp5XV74Q0_uGJ1TXMrA4KdZNxxIU3N4tUjthmL3sEdFfFp6gwJU6_lOZTXKIlKfzD-qncmO0rZhUkcG3rYqUdJNOqzZRGeZX9-gaqEaTvcCJyGkCwKPZBKMu2pNnjwod6gjHFJiScPKzM7yOcTnMUDgsJtn9RSjzU8Tn7DIxW4OVoN_hYjGzg3WK9DfZ-noes4MtR4KRA6m38YQKSlg9QGQr_oWx3QWczkMxAOpaufrp9V8ge1OBHtMD87Ih-iP4YEYkkmdd3l7vhrOUZU_icdktkz-BmqWj82He7y8J5zXx-Aqss42W8y_YWVSC7tFRtc7vhUr5XKbZzR_KpdO9n7V96VlSFcrUbHlLaMDdBqN9VamKXjJTTvapDDvTu3_YAY2qK1yllgmX374N-NgQAgHGZXNcDGzUTgAtTQw9YnXUvFsk7QwDD82NJVLIgBlfjs1r2wKw_b9-lWN3w0yJaZ3nWGUleToZdlt5qhZoU8dXH54YFk-edziQlRjOhpj3eNeYq0a7vmxm63n6adFEXdgVMs_Dw_bDGhgQcOJlIucWpl8_heSeVa11RlUl9oAgmdNm84taORVHWa0ZV3EDXq1VZoa-dAKR4q3TzQzdUwfCXHrkPcwmwCKbEHiwI2BpiBZSUQyZtRQXkPjDIOQaP8oHmfH7imBxMA2ZBoIi3CeuqEetvpa1mcxmc_UHR6aKiCH_IzyZcA30coCBWbFiROmyUa1DhSTNKuoSFZ3kk9rVQ9u2mH3Q9PW5GeuJhz_qALp_PwsMu86dugcQLoHa6CFDImofe3p4j94z7dF34geTVmSc26WbQNu9gtknMWTLk&cid=CAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fbontontv.com%2F&ds=l&xdt=1&iif=1&cor=2992948288399418000&adk=2923430907&idt=90&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 298831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE0ODc0MDUwMjY3MgogIHNlcnZlcl9pcDogMTM5Nzg4NTU1CiAgcHJvY2Vzc19pZDogMTkxMjY2OTAyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 069A 0
859 B 82ms
45ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE0ODc0MDUwMjY3MgogIHNlcnZlcl9pcDogMTM5Nzg4NTU1CiAgcHJvY2Vzc19pZDogMTkxMjY2OTAyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMDY0OTkzNTYwNjE1NTk5ODQ0MQpkZWJ1Z19rZXk6IDMyMTgxNDIwOTU0MDU5MDY3ODcKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTE2IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzQ4NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwODYzOAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xf592583487e57c4e0000000000000000","13":"0xf2270847e08a2b9e0000000000000000","14":"0x39eeffef3053d3b50000000000000000","15":"0x783d1a7b467c3f0c0000000000000000"},"debug_key":"3218142095405906787","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"10649935606155998441"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 069A 11 KB
4 KB 45ms
10ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1700148739849580&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0431a5aaaf235b45227fd39e623eaf33911271bf0973ef0b1dddbb5f95e2aced

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4184
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E759 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5710234367822&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E759 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5710234367822&version=m202309260101&ct=77&x=1&cor=10160946022463998000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E759 20 KB
14 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk1pUSCJdo2ry8xD09tjw5Nurgh7d577bbQaxdN0MSzTIy_8pdSH5C6d0M8aTg-zdCdGWOrUFpfvMv7lCD_ekwa5BtDmXkQSPSjGVsKLQtb-jqkz8Np5C8LCvxhVH9pfHWHgdUNVVkZyMtsF0wh4wa09Jf16orKyhZAU6U0xMvAFNNuTk&cry=1&dbm_d=AKAmf-B913wChcqdCrg2i9cf2B26XzpQV86pFmxDVZhyuODJUEcJMrdGx3XEV8u8874Lq3izfwXS4Km6Y8RxiLz34rPH-Er8jf-v3acolPT7uKCAKv-ZWZXJNqwdchf9pAllb8ks4GRUFAQLE-mKPdzYG748NavDJBiVTae1dxxeqg-xeeo89nJfOdd-3hhYrzra8sCIIdWvBZAfvdWV4AGjPuHeQwo-CERkZrX355jgomlAdvBMQ__EKhC4YN7OynoYsV9JR54ZDjI08foyNWMHZZq9uM_NBMiDW8VdiYQnLFGU6hOoYViH5DcvqewnC1xL3aK8-TDY6wPNfAM193eNetFOd7LxTkrCd8lcwp6N_C6frWvmufBZHftBWH8tWqOwBtpSATeFgJXuKf4ptPgmLtPArqnWTUJPIqPxNlOlrO4NmFBOqh8RiYAZFqcXeKRjno0tQVN-yoCRw9b2K4ZApD6WYJ9FfHsCAXDQegIxeGkMTQVmqjlhDKfeJDsIes5cdT1pJER4XM2jxrb1dPFyBuYgUPi2P2TbbpznDliLpXJZlrGuBTZET5ja_8Vt4Hzi78OLlrl90eh2tpQ2MPbF50e4KDt-IoMpZqtr-EEvxK32gad6ttkI17uRXpoXj7QKOR-JO2n0xFJHOS0Lxh-g5K5BMru3D8cTdzl9l68v_PhNqC7cVTUnO9uPDFr4llZcTBERwDqMoSoGcF5D6QisjXOtlHROQ_CGD3QdLhKTWzpB2VOE13U9ym7kwHAdRJT1il_i8vv3aJuVCzHmIYYOhwPuioxHagdIsO7kyA1tgbtLGS_UGlp8PdguBZp8KdysaZsbR_UXb2Qevkw4vHkynBC0Z6Qh4aIXthIpDDgTUulBD-48xO6cwXfann-JpLmeGHTFbnldD0JOWe8oll2kL2Z71tU8fzV1yGTupBN1-dVc3DKxWkUChI-4yczx0Zxdrig1H8fpdaCfGyuF8CS69u7rb0i4ehfqtFPux65TehGp1x8CJGyhjMOINhjC0mJCbswn7dO-DiBFV8P4mC-E2oCmiMMQxLwn1vzZJRdxqsiyBnCuVsnf0UckrZ49BkuiGTbSSjI_nxsCLZ8sgs4pQGfPgFApoHDEc0nVRKJE9vYQssm9GyCjs6aKbaGk3fxZUlEoFIWZLT8HwPqpejtmSdRcrkC43sW5aIKoDF820AwiL8oYgZTZqdaUaYsKyPIGCDsbLHcbWNwsAI7G92WVZgxCy7ZLdoRywPDrtFFfH8lPPH3Cy-ojBxW5XPv5odxzGc7i_MEUiUahps5hN7KNFlmk-cEWCtDh6gseCdcBTSbeVrN_PtvtjpkLfKu_QpAypXI1u2sBVAtFHy_uDkkAwMwxGI0Xrmfu7OtQxAH75AKhsgFNpqeHIa4hYtexdouFLuB1p2fbb-l9QQwGFAaxaykiVy8vs8ne1xju4K_bYhbIBeOMkU_Glx2pqoS9NTFZKrL6t5o0foO5k9OiDoYhqlAHUgf10TjeM158GCOfqfyiDb3F10axG5SecN2pewhPSoxW52WuNLHRtriWjQv3QoieQQjwLAYbuaYtC4AfXTvlfP8Iiv6pqEQsT1q_aSzGAfGzQ9cBF87ff21OIXSUKWSd2umkHH--gE6x9P0SjIcT6DT4jyAA-dechxlyc6-2IhV3kbhBe8blomOtHfiTjN6XJQmlSgJFjLE0DtXpj9ZV3hMXCglgdaojyJW9Txl1jPOCWE30QobCWu4TeOxfQawDQLtCqvPN17vS8-qcBwaPpOU-l8D9_MrFzODAr62uJHBaZvNcHFR0AQgnwepkoQ-7z8J0zRhfNqk6WdWb1SKKUBFwe3-_agoac71kDjexEbUvZhpRad7GOHOE-HL8GPvLSbWI2k-ng-96WRFCmD0qrscKlQ1ll-LTQCGi-QrBCEVHfVD5_o3VFhKQPsi7GwgGgrENfprUWgwFRV9ZVDIir2ii3bBNU-T7k5d1tFS0zD6P9Bj67CETTUjeqziO05rWyTXJ7qB4MP2JC6mZDGqbb4m8Pda9R1_ZeV6enXgsRXtamay-cndRyCs0pwF1j5lpg_fasJzOqgGBzDl5rBRobOoYj5v90UHRqLpU9p6gvZF-Mv_bFshgRclbtM3MLCURxTSvn6Q4chlROAYaPCHyfHQIFuASjjIXqClyN4QOBgitGW3hrV9Kk_eDNeaQtBhYYTX4Y6X3ZjDQf6vnk32-XE1z7e_wqT2C-a0CJ5DYYAmaSM3hHQAbQiLsU3_glwfSm5Q9ugLVO4Z452xIEgItx6DsXZ0qtsEa06SidrUwCax5p2PTe9ysqxXe8OiObLA7x7DKDszsfPZk64iQsa-R0apdYghiiXQwHImmyQqalApZgXwzietU-CKCc4UMaETFlL5oZOVYrVulh8TiQM-X7kCFHM3WZTNFrv2vyYp8bLWS8jTO5mG2jzoyRcYvTAMjalrlhAOHelEbNowWggAD6UkstLtp7Otz7I5Xsbf21WyJprPReyU4rHqhWpKbrQIfidjNULrKQ-UFSvfS-njX1yhG6h7ivMGg-hA8zCc_YCOWn6Kk3EFYEJe_ovwgTnoN1tIdgDykRjpvdpNF2LpA2yyRt0JBhQPrugzinYSLlzFJdIWNgQCV9ZqVCaP2JJE0JT6tMcyUePyfdnUeMpqIv7YUFIMsvhPQrG5OdIxgEUvtfb-umsHPeDwIySDu6HQH0lQsZJRjAH5FbFdd11SsEd1jxlbTplo9JMfS_mSYWo_uFeMSY-3ThSTr-90SHjfXYkxN6Cb3-GOzbs44Lvze4XoXTTF9-2q7QDBKWQuMIqWOJQNjpjcrboTiOnM2d0pQhWxxJawRaXF8VLeqeqZmiirMIPgtO7QduWGrscFE1XClDR6Xa0vYSOmRG3IZpWzqrTclXzi-fXlMZ4-vP6fwmFdbNbFo-vG4ERo39UP0N29iwb4Kt5pFltimogNPW_mHfMsIVK5pc1sv5tF-za4F2fzxPbgoNaGr-xGbv1AgwuX9924dzQ2XWqFNG2i6aui7E7nLaAD0JjJ4w1_rdcdBpthKwhCpDK3XoIcHn4ny0hjcpJLiyo-UezJCzx24ErZErnkjUtfYD-UAGMYUUG4vjZxfoHkSfMKCmAP33cN0nbOuMsqJz0RsM_ugQ9OLlhRCkHUYSe7CtkVF6waoxieZfC9SFIzM83AOV2udEta3pVaQdy6va4XcfMAdvVXEFGG-W8J8I1k8B0PSb1t-4FbXde4gFUTc9_yPHOkmFCaY48RFBqpupbKgrSE1BEbWCkMZnJ2OK5f9_Ym3RUg-apQ6JcnbCG8YcZHccoaDiXP30OVTqjraPNGH-CyaabQ5XlU5WNScX8xgWktnHcBl1G2KXHsdS5MycHbRYDxxFkSZxxNnPNqVSSVno7esxRp0yazKEiweghY0ykKwLoweTryZEatq6laT0AJIO3D4O5B5sNx2amYW-IU4TALCwRbddW05PagoQaUp7jnLg6LEafHdqwCc6gd1pr7LTrD_Vda3hBlaZwrEZGZeJq6o7GijUln0usQaZV38NNW6ESRUYWbaTjwc3ZrRls_XcOXRqJaue30XuaPcwj0XoMK1pl3xt2YjGzOc45_FEHn5lau5_MSPDlpFW5fKjVv1cr2ONAOSDp0xrK2V3PHv9j335XtX4zdmSaiPuq_5IfDGTHIQAU3o_WyEGS_7ZnqrVpkFza2u4jJmkw2r_oFvWABQhLgGRoF2UDXWLOEcSyEzzIkgf9jErmsrFYf3QHQKsAjeBjdWz2gd34qlBZP3MUYuQnbJPKzu89FHQ8qN9fE9wgN8QdeJ7jwuJ7ZZybdZ-SCzjISgn16B-xubo7l_ILP8v6-Snq4DF6C2Qg&cid=CAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fbontontv.com%2F&ds=l&xdt=1&iif=1&cor=10160946022463998000&adk=1964084972&idt=92&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2504f8e1b59fff75b088df558c75def5d020ee0882f54874f42ab7bf4d15c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13883
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 86DD 38 KB
13 KB 9ms
9ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 553680
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 10 Nov 2023 05:44:20 GMT
expires: Sat, 09 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame 069A
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

104ms
89ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Protocol: HTTP/1.1
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bb2d4fc4c6a501db7a99b6dd401c4df0961d2723fb02aa9f38f2d465b3880728

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 15:32:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 81638200106544204444550012510008
Connection: close
Content-Length: 1354
Expires: Thu, 16 Nov 2023 15:32:20 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 15:32:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 16 Nov 2023 15:32:20 +0100

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 86DD 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 09:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 09:57:20 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E759 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk1pUSCJdo2ry8xD09tjw5Nurgh7d577bbQaxdN0MSzTIy_8pdSH5C6d0M8aTg-zdCdGWOrUFpfvMv7lCD_ekwa5BtDmXkQSPSjGVsKLQtb-jqkz8Np5C8LCvxhVH9pfHWHgdUNVVkZyMtsF0wh4wa09Jf16orKyhZAU6U0xMvAFNNuTk&cry=1&dbm_d=AKAmf-B913wChcqdCrg2i9cf2B26XzpQV86pFmxDVZhyuODJUEcJMrdGx3XEV8u8874Lq3izfwXS4Km6Y8RxiLz34rPH-Er8jf-v3acolPT7uKCAKv-ZWZXJNqwdchf9pAllb8ks4GRUFAQLE-mKPdzYG748NavDJBiVTae1dxxeqg-xeeo89nJfOdd-3hhYrzra8sCIIdWvBZAfvdWV4AGjPuHeQwo-CERkZrX355jgomlAdvBMQ__EKhC4YN7OynoYsV9JR54ZDjI08foyNWMHZZq9uM_NBMiDW8VdiYQnLFGU6hOoYViH5DcvqewnC1xL3aK8-TDY6wPNfAM193eNetFOd7LxTkrCd8lcwp6N_C6frWvmufBZHftBWH8tWqOwBtpSATeFgJXuKf4ptPgmLtPArqnWTUJPIqPxNlOlrO4NmFBOqh8RiYAZFqcXeKRjno0tQVN-yoCRw9b2K4ZApD6WYJ9FfHsCAXDQegIxeGkMTQVmqjlhDKfeJDsIes5cdT1pJER4XM2jxrb1dPFyBuYgUPi2P2TbbpznDliLpXJZlrGuBTZET5ja_8Vt4Hzi78OLlrl90eh2tpQ2MPbF50e4KDt-IoMpZqtr-EEvxK32gad6ttkI17uRXpoXj7QKOR-JO2n0xFJHOS0Lxh-g5K5BMru3D8cTdzl9l68v_PhNqC7cVTUnO9uPDFr4llZcTBERwDqMoSoGcF5D6QisjXOtlHROQ_CGD3QdLhKTWzpB2VOE13U9ym7kwHAdRJT1il_i8vv3aJuVCzHmIYYOhwPuioxHagdIsO7kyA1tgbtLGS_UGlp8PdguBZp8KdysaZsbR_UXb2Qevkw4vHkynBC0Z6Qh4aIXthIpDDgTUulBD-48xO6cwXfann-JpLmeGHTFbnldD0JOWe8oll2kL2Z71tU8fzV1yGTupBN1-dVc3DKxWkUChI-4yczx0Zxdrig1H8fpdaCfGyuF8CS69u7rb0i4ehfqtFPux65TehGp1x8CJGyhjMOINhjC0mJCbswn7dO-DiBFV8P4mC-E2oCmiMMQxLwn1vzZJRdxqsiyBnCuVsnf0UckrZ49BkuiGTbSSjI_nxsCLZ8sgs4pQGfPgFApoHDEc0nVRKJE9vYQssm9GyCjs6aKbaGk3fxZUlEoFIWZLT8HwPqpejtmSdRcrkC43sW5aIKoDF820AwiL8oYgZTZqdaUaYsKyPIGCDsbLHcbWNwsAI7G92WVZgxCy7ZLdoRywPDrtFFfH8lPPH3Cy-ojBxW5XPv5odxzGc7i_MEUiUahps5hN7KNFlmk-cEWCtDh6gseCdcBTSbeVrN_PtvtjpkLfKu_QpAypXI1u2sBVAtFHy_uDkkAwMwxGI0Xrmfu7OtQxAH75AKhsgFNpqeHIa4hYtexdouFLuB1p2fbb-l9QQwGFAaxaykiVy8vs8ne1xju4K_bYhbIBeOMkU_Glx2pqoS9NTFZKrL6t5o0foO5k9OiDoYhqlAHUgf10TjeM158GCOfqfyiDb3F10axG5SecN2pewhPSoxW52WuNLHRtriWjQv3QoieQQjwLAYbuaYtC4AfXTvlfP8Iiv6pqEQsT1q_aSzGAfGzQ9cBF87ff21OIXSUKWSd2umkHH--gE6x9P0SjIcT6DT4jyAA-dechxlyc6-2IhV3kbhBe8blomOtHfiTjN6XJQmlSgJFjLE0DtXpj9ZV3hMXCglgdaojyJW9Txl1jPOCWE30QobCWu4TeOxfQawDQLtCqvPN17vS8-qcBwaPpOU-l8D9_MrFzODAr62uJHBaZvNcHFR0AQgnwepkoQ-7z8J0zRhfNqk6WdWb1SKKUBFwe3-_agoac71kDjexEbUvZhpRad7GOHOE-HL8GPvLSbWI2k-ng-96WRFCmD0qrscKlQ1ll-LTQCGi-QrBCEVHfVD5_o3VFhKQPsi7GwgGgrENfprUWgwFRV9ZVDIir2ii3bBNU-T7k5d1tFS0zD6P9Bj67CETTUjeqziO05rWyTXJ7qB4MP2JC6mZDGqbb4m8Pda9R1_ZeV6enXgsRXtamay-cndRyCs0pwF1j5lpg_fasJzOqgGBzDl5rBRobOoYj5v90UHRqLpU9p6gvZF-Mv_bFshgRclbtM3MLCURxTSvn6Q4chlROAYaPCHyfHQIFuASjjIXqClyN4QOBgitGW3hrV9Kk_eDNeaQtBhYYTX4Y6X3ZjDQf6vnk32-XE1z7e_wqT2C-a0CJ5DYYAmaSM3hHQAbQiLsU3_glwfSm5Q9ugLVO4Z452xIEgItx6DsXZ0qtsEa06SidrUwCax5p2PTe9ysqxXe8OiObLA7x7DKDszsfPZk64iQsa-R0apdYghiiXQwHImmyQqalApZgXwzietU-CKCc4UMaETFlL5oZOVYrVulh8TiQM-X7kCFHM3WZTNFrv2vyYp8bLWS8jTO5mG2jzoyRcYvTAMjalrlhAOHelEbNowWggAD6UkstLtp7Otz7I5Xsbf21WyJprPReyU4rHqhWpKbrQIfidjNULrKQ-UFSvfS-njX1yhG6h7ivMGg-hA8zCc_YCOWn6Kk3EFYEJe_ovwgTnoN1tIdgDykRjpvdpNF2LpA2yyRt0JBhQPrugzinYSLlzFJdIWNgQCV9ZqVCaP2JJE0JT6tMcyUePyfdnUeMpqIv7YUFIMsvhPQrG5OdIxgEUvtfb-umsHPeDwIySDu6HQH0lQsZJRjAH5FbFdd11SsEd1jxlbTplo9JMfS_mSYWo_uFeMSY-3ThSTr-90SHjfXYkxN6Cb3-GOzbs44Lvze4XoXTTF9-2q7QDBKWQuMIqWOJQNjpjcrboTiOnM2d0pQhWxxJawRaXF8VLeqeqZmiirMIPgtO7QduWGrscFE1XClDR6Xa0vYSOmRG3IZpWzqrTclXzi-fXlMZ4-vP6fwmFdbNbFo-vG4ERo39UP0N29iwb4Kt5pFltimogNPW_mHfMsIVK5pc1sv5tF-za4F2fzxPbgoNaGr-xGbv1AgwuX9924dzQ2XWqFNG2i6aui7E7nLaAD0JjJ4w1_rdcdBpthKwhCpDK3XoIcHn4ny0hjcpJLiyo-UezJCzx24ErZErnkjUtfYD-UAGMYUUG4vjZxfoHkSfMKCmAP33cN0nbOuMsqJz0RsM_ugQ9OLlhRCkHUYSe7CtkVF6waoxieZfC9SFIzM83AOV2udEta3pVaQdy6va4XcfMAdvVXEFGG-W8J8I1k8B0PSb1t-4FbXde4gFUTc9_yPHOkmFCaY48RFBqpupbKgrSE1BEbWCkMZnJ2OK5f9_Ym3RUg-apQ6JcnbCG8YcZHccoaDiXP30OVTqjraPNGH-CyaabQ5XlU5WNScX8xgWktnHcBl1G2KXHsdS5MycHbRYDxxFkSZxxNnPNqVSSVno7esxRp0yazKEiweghY0ykKwLoweTryZEatq6laT0AJIO3D4O5B5sNx2amYW-IU4TALCwRbddW05PagoQaUp7jnLg6LEafHdqwCc6gd1pr7LTrD_Vda3hBlaZwrEZGZeJq6o7GijUln0usQaZV38NNW6ESRUYWbaTjwc3ZrRls_XcOXRqJaue30XuaPcwj0XoMK1pl3xt2YjGzOc45_FEHn5lau5_MSPDlpFW5fKjVv1cr2ONAOSDp0xrK2V3PHv9j335XtX4zdmSaiPuq_5IfDGTHIQAU3o_WyEGS_7ZnqrVpkFza2u4jJmkw2r_oFvWABQhLgGRoF2UDXWLOEcSyEzzIkgf9jErmsrFYf3QHQKsAjeBjdWz2gd34qlBZP3MUYuQnbJPKzu89FHQ8qN9fE9wgN8QdeJ7jwuJ7ZZybdZ-SCzjISgn16B-xubo7l_ILP8v6-Snq4DF6C2Qg&cid=CAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fbontontv.com%2F&ds=l&xdt=1&iif=1&cor=10160946022463998000&adk=1964084972&idt=92&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 04:31:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 298831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 04:31:49 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE0ODc0MDYyNTkwMAogIHNlcnZlcl9pcDogMTI2MDYwNDM4CiAgcHJvY2Vzc19pZDogMTQwOTgwMTE3Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame E759 0
498 B 47ms
46ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE0ODc0MDYyNTkwMAogIHNlcnZlcl9pcDogMTI2MDYwNDM4CiAgcHJvY2Vzc19pZDogMTQwOTgwMTE3Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNDU2OTg3NTYwNDgzMTMyMTY0MgpkZWJ1Z19rZXk6IDIxMTMwODA0MzgyMjYxNDc5NQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMTYiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NDg0MAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA4NjM4CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xf592583487e57c4e0000000000000000","13":"0xf2270847e08a2b9e0000000000000000","14":"0x39eeffef3053d3b50000000000000000","15":"0x783d1a7b467c3f0c0000000000000000"},"debug_key":"211308043822614795","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"14569875604831321642"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame C471
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Ch1RyAzZWZYv1M4XZtweMv4vgBeXpjvdzzLqlgOIR0Z7bicEBEAEgnOmNb2CVgoCAuAegAdOBmcwDyAEJqQK_2Gm_FTSyPqgDAcgDywSqBN4BT9CDgPZaC6dw08vpuumOW4hbr6VZQTSBIro...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211791616255404307803%22,%22debug_reporting%22:true,%22destination%22:%22https://allianz.de%22,%22event_report_window%22:%2...

0
0

60ms
42ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211791616255404307803%22,%22debug_reporting%22:true,%22destination%22:%22https://allianz.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22965099731%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218322690365860284401%22}&andc=true

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11791616255404307803","debug_reporting":true,"destination":"https://allianz.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["965099731"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"18322690365860284401"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Nov 2023 15:32:20 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Nov 2023 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11791616255404307803","debug_reporting":true,"destination":"https://allianz.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["965099731"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"18322690365860284401"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C471 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9197929c949be6b623106cd58a4646c622ed9710fa7d8fe118f0b2fc3643323f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame E759 11 KB
4 KB 26ms
11ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1700148739849198&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVgx4AzZWZa7qM4ePtwe3spaIA6blvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_Q6USHDDqyHwk-0ncmejDqUqfe4o5_dQFz_cWoKt20UvjnVNRwhMn_jdeF4-3xuHQKnqfdV-r9M4CnaWvrFHsgptiCYGBmms3SjekCJHkUVQEgbzrHlLGC97lNdymu1sK7Pc6YOlWzanLr-rN5O3Q3aan4q_hRFDarR7IpHPufwb6Ob3uwC-NhtTIGHoG70vDa1-M4coIEDa7xWCRZkbTl0giSYbeslZcttUILeMKKtbCzZTs06rFPt0qgTs-2z_mAdi_r0X0pLapmbQse76aqQwJbwb1IHzPpCPlLZIMrPVCtBwtUSlvV4nCB9SHvC_896AGD4mY_Ki458e9t1sHABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB%26sig%3DAOD64_3xqmh7IqFbhf6o-A6S3KIHYsr09g%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DNGceQavvJ_Id0d3SNDb99ujsRU001JNsDax7mI1BKkxDaADp7THcnc2jYIj9WwVRDf6v5J_0vWEEjO37oCyPHDl63tAwfDF6SCmUm7yawZSvOdfb-fO6bHV4be3xg2i23LMV3PcuxLp9xMpG1srSj7JhRoHPfjMSG0gdYeOx8kxkhe7I%26cry%3D1%26dbm_d%3DAKAmf-Dbj6OEC0BJ8_yFn-HsezpzxmhG_4G-6i2d-4_UuXm3RcG9yCzAQHbk2lLBPa30IU3HrWs3-EsFawtRK9ngrwjHUbwg0pNAiKvRAe4b3AJVc5Dxp6PgrzVaTk-l2-pD-G7UIshYmz_AqvAgJSZ4DojgJEEDgMTWqnN681Y25mQxd4sc9SZIa_w04UhjiYyM7_6MAJ66Zx2iUuS8PflDe3Zxl7ZxmLEzwJClIyFdfZKolM32v0DwyPtOd6zXNuNrzfYI8Sn5SARvJlHrwvO6UacuDSzWc3mydaFIXbTqqcPlWYjzX4xDp_0dt8jCqT8SfSvmorHdbIhaBzoLDoiIjTWko8UC-8hbaP5k4upI4OB_ZK1XVGW20Q9RXxvU8EKtwTfDCBulXvj4RgQNHzyHGfOub_HiE0qduNCFu4Gxe5u4hrYiani37e8jcGaMaGLdbHo8LTTkEKOg553I9e9am8n6b9-TWVBxvKWdt4YiPtzh5xhAqhzvQYe3kHYKMQL8QQ2jKuwoSkbL2krMkJgWH-M44dvLI3A2W2og6hEriEHwLWOE670%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3850a0f435de021306395538a391e57396803ac81a09b67f291096f27ae81849

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4187
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame C471 33 KB
34 KB 38ms
9ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 66629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 21:01:51 GMT

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 3520 39 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=2426777406&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739315&bpp=1&bdt=181&idt=319&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1709&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=324

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 00:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 572171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Nov 2024 00:36:09 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0B6B 38 KB
13 KB 21ms
13ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 553680
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 10 Nov 2023 05:44:20 GMT
expires: Sat, 09 Nov 2024 05:44:20 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 87ms
41ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 15:32:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal900026.redintelligence.net/ Frame E759 2 KB
1 KB 119ms
80ms Script
application/x-javascript 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6475490f2e&subid=&uid=3375d5ce6b7311b3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVgx4AzZWZa7qM4ePtwe3spaIA6blvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_Q6USHDDqyHwk-0ncmejDqUqfe4o5_dQFz_cWoKt20UvjnVNRwhMn_jdeF4-3xuHQKnqfdV-r9M4CnaWvrFHsgptiCYGBmms3SjekCJHkUVQEgbzrHlLGC97lNdymu1sK7Pc6YOlWzanLr-rN5O3Q3aan4q_hRFDarR7IpHPufwb6Ob3uwC-NhtTIGHoG70vDa1-M4coIEDa7xWCRZkbTl0giSYbeslZcttUILeMKKtbCzZTs06rFPt0qgTs-2z_mAdi_r0X0pLapmbQse76aqQwJbwb1IHzPpCPlLZIMrPVCtBwtUSlvV4nCB9SHvC_896AGD4mY_Ki458e9t1sHABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB%26sig%3DAOD64_3xqmh7IqFbhf6o-A6S3KIHYsr09g%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DNGceQavvJ_Id0d3SNDb99ujsRU001JNsDax7mI1BKkxDaADp7THcnc2jYIj9WwVRDf6v5J_0vWEEjO37oCyPHDl63tAwfDF6SCmUm7yawZSvOdfb-fO6bHV4be3xg2i23LMV3PcuxLp9xMpG1srSj7JhRoHPfjMSG0gdYeOx8kxkhe7I%26cry%3D1%26dbm_d%3DAKAmf-Dbj6OEC0BJ8_yFn-HsezpzxmhG_4G-6i2d-4_UuXm3RcG9yCzAQHbk2lLBPa30IU3HrWs3-EsFawtRK9ngrwjHUbwg0pNAiKvRAe4b3AJVc5Dxp6PgrzVaTk-l2-pD-G7UIshYmz_AqvAgJSZ4DojgJEEDgMTWqnN681Y25mQxd4sc9SZIa_w04UhjiYyM7_6MAJ66Zx2iUuS8PflDe3Zxl7ZxmLEzwJClIyFdfZKolM32v0DwyPtOd6zXNuNrzfYI8Sn5SARvJlHrwvO6UacuDSzWc3mydaFIXbTqqcPlWYjzX4xDp_0dt8jCqT8SfSvmorHdbIhaBzoLDoiIjTWko8UC-8hbaP5k4upI4OB_ZK1XVGW20Q9RXxvU8EKtwTfDCBulXvj4RgQNHzyHGfOub_HiE0qduNCFu4Gxe5u4hrYiani37e8jcGaMaGLdbHo8LTTkEKOg553I9e9am8n6b9-TWVBxvKWdt4YiPtzh5xhAqhzvQYe3kHYKMQL8QQ2jKuwoSkbL2krMkJgWH-M44dvLI3A2W2og6hEriEHwLWOE670%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=6248977274662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1700148739849198&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVgx4AzZWZa7qM4ePtwe3spaIA6blvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_Q6USHDDqyHwk-0ncmejDqUqfe4o5_dQFz_cWoKt20UvjnVNRwhMn_jdeF4-3xuHQKnqfdV-r9M4CnaWvrFHsgptiCYGBmms3SjekCJHkUVQEgbzrHlLGC97lNdymu1sK7Pc6YOlWzanLr-rN5O3Q3aan4q_hRFDarR7IpHPufwb6Ob3uwC-NhtTIGHoG70vDa1-M4coIEDa7xWCRZkbTl0giSYbeslZcttUILeMKKtbCzZTs06rFPt0qgTs-2z_mAdi_r0X0pLapmbQse76aqQwJbwb1IHzPpCPlLZIMrPVCtBwtUSlvV4nCB9SHvC_896AGD4mY_Ki458e9t1sHABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB%26sig%3DAOD64_3xqmh7IqFbhf6o-A6S3KIHYsr09g%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DNGceQavvJ_Id0d3SNDb99ujsRU001JNsDax7mI1BKkxDaADp7THcnc2jYIj9WwVRDf6v5J_0vWEEjO37oCyPHDl63tAwfDF6SCmUm7yawZSvOdfb-fO6bHV4be3xg2i23LMV3PcuxLp9xMpG1srSj7JhRoHPfjMSG0gdYeOx8kxkhe7I%26cry%3D1%26dbm_d%3DAKAmf-Dbj6OEC0BJ8_yFn-HsezpzxmhG_4G-6i2d-4_UuXm3RcG9yCzAQHbk2lLBPa30IU3HrWs3-EsFawtRK9ngrwjHUbwg0pNAiKvRAe4b3AJVc5Dxp6PgrzVaTk-l2-pD-G7UIshYmz_AqvAgJSZ4DojgJEEDgMTWqnN681Y25mQxd4sc9SZIa_w04UhjiYyM7_6MAJ66Zx2iUuS8PflDe3Zxl7ZxmLEzwJClIyFdfZKolM32v0DwyPtOd6zXNuNrzfYI8Sn5SARvJlHrwvO6UacuDSzWc3mydaFIXbTqqcPlWYjzX4xDp_0dt8jCqT8SfSvmorHdbIhaBzoLDoiIjTWko8UC-8hbaP5k4upI4OB_ZK1XVGW20Q9RXxvU8EKtwTfDCBulXvj4RgQNHzyHGfOub_HiE0qduNCFu4Gxe5u4hrYiani37e8jcGaMaGLdbHo8LTTkEKOg553I9e9am8n6b9-TWVBxvKWdt4YiPtzh5xhAqhzvQYe3kHYKMQL8QQ2jKuwoSkbL2krMkJgWH-M44dvLI3A2W2og6hEriEHwLWOE670%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6ad1ee3c982b9ce53133b4819deccd5d9f89e8e58313b7a04eb35670e1cbc4dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 15:32:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 64284900108069304444550012510026
Connection: close
Content-Length: 858
Expires: Thu, 16 Nov 2023 15:32:20 +0100

GET
H2

200

htlp Show response
futalis.de/ Frame 1F6D
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=81638200106544204444550012510008&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243

350 B
401 B

52ms
13ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 16 Nov 2023 15:32:20 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 9DFF
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=81638200106544204444550012510008&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

0
629 B

66ms
20ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 16 Nov 2023 04:32:20 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Thu, 16 Nov 2023 15:32:21 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: 515F0528:90E6_91EFC182:01BB_65563604_5172340:1A428

GET
H2 200 / Show response
adv.office-partner.de/ Frame 0FB1 930 B
923 B 81ms
9ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a43e9e21c5&subid=&uid=ad323a7dc57730dc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPxiPAzZWZaztM8WqtweUt5PICKblvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_QnZg-EH0nWA0GNHo0k0n89V_oZrQAPU1CfvX7dpih2goalEvoBgGK-YQggxZA8rt0co6wKVuOdMD2aq9CjSNkMF3cOvJryVhwxFhaAc2WTDIORibAjYosOnj69Pp2tDd2MOR9YOH_7h_ohlUdAn9Ygej062gwsP4z_SSP1DOI9hM8Ha016LdjMyD4SxB6UlaZYA3z77PVmD6aFH_YHaOxLK23wPZQYm9DGvRUGIGRu29aFNWQt_sOUBls6_WutozRBPkdRAFWBYbABp0_Xv7hI4OgJ8ZCYRS3iZha0FoZlnkqNnvnaIx4E873CmtDSKfinBqEGCVi3xQFKSUkYoLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN-sEpi2pyHR66sMDY16tHeNpd0by-QtK2GpXArvCzw2f7224ce6qgNVeQgBFcpeHMlUBmDCof0XExFlBKfHW6jUCu8zndJDBUixgB%26sig%3DAOD64_0J9ai_gKJnoh72F0RoWb84YJWIUQ%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DP_GVsbBMDYHIhP9bvrSGwwQMDFguDJvOajMuoqxDRmIMA805LLqppoHmCyc7uqpySxb2DVmHrStyQG21NDwriGF_3va_3HpScN61H7642hEteTnXymoxDJAkN6hBLtreO_5jholDr_QM16U8XCmXxvPKZWSflfHLduyR5liPDLU78kUU%26cry%3D1%26dbm_d%3DAKAmf-AwU26-9CSbsTNitsx5zWQG7YjHb2q4ded-FK6RJnAYWXdZ7ClTGprKTWmHaxAf2qqziU4BPCB_NvmsRbVzEGrY5xlqiCoY0m-swBdHUpObIUCOjEPaSuIrey2r3LinL4dnVviam4wQvkqjcvFF8tXi-v4Z9LaZuxB_5mhWyOS670llsIRIB8jbEGrEpVBABjmPjUDJifKEXSXQ_t-sMdfYClKL4H3f-5g1ZxLAufcERPQdfGEV-Y8YsfZjR9S8W9T8QjtGnaDX7opgNwUGXVYUHD7Lg68n3J3EG6o8CKjAPzTHHjufB07ED0d-ehpfp_jLR4aBwUV8-xXzr75b-Q5ZKjlkZPhoSZAS0dw60NJok_UXkp1eGkTDN3u_yddbkioRyPwEr0Ik-FMpquxk-iXhmrjv3WQp6XOlGlp5euRjGIM69-QlXMaT6exSaZ6sGxbbjNmKxpZ8lyD1ytKZ5Yl38iA9vQh7qu7LdJx7GqKDj6GQNwF26DtyWD1XDCQOuDdSAAQxzeFaPwOTjwxmRuqQ-n6bNhQxWzSl0-BqAwRkCx9rJyA%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=1133563535114&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 16 Nov 2023 15:32:21 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 23 Nov 2023 15:32:21 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 069A
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=81638200106544204444550012510008&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

0
200 B

63ms
22ms

Script
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:20 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 16 Nov 2023 04:32:20 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Thu, 16 Nov 2023 15:32:21 GMT
strict-transport-security: max-age=15768000
x-iplb-instance: 40028
content-length: 0
proxy-host: pv.medialead.de
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: 515F0528:90E8_91EFC182:01BB_65563604_51712D2:1A429
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81638200106544204444550012510008&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 069A 43 B
666 B 158ms
118ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=81638200106544204444550012510008&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: 515F0528:90EA_91EFC182:01BB_65563604_51124BF:1E87B
x-iplb-instance: 40027
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 2235
Redirect Chain

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=64284900108069304444550012510026&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6556360597345f2ebea2f67f&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

0
200 B

76ms
51ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6556360597345f2ebea2f67f&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6475490f2e&subid=&uid=3375d5ce6b7311b3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVgx4AzZWZa7qM4ePtwe3spaIA6blvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_Q6USHDDqyHwk-0ncmejDqUqfe4o5_dQFz_cWoKt20UvjnVNRwhMn_jdeF4-3xuHQKnqfdV-r9M4CnaWvrFHsgptiCYGBmms3SjekCJHkUVQEgbzrHlLGC97lNdymu1sK7Pc6YOlWzanLr-rN5O3Q3aan4q_hRFDarR7IpHPufwb6Ob3uwC-NhtTIGHoG70vDa1-M4coIEDa7xWCRZkbTl0giSYbeslZcttUILeMKKtbCzZTs06rFPt0qgTs-2z_mAdi_r0X0pLapmbQse76aqQwJbwb1IHzPpCPlLZIMrPVCtBwtUSlvV4nCB9SHvC_896AGD4mY_Ki458e9t1sHABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB%26sig%3DAOD64_3xqmh7IqFbhf6o-A6S3KIHYsr09g%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DNGceQavvJ_Id0d3SNDb99ujsRU001JNsDax7mI1BKkxDaADp7THcnc2jYIj9WwVRDf6v5J_0vWEEjO37oCyPHDl63tAwfDF6SCmUm7yawZSvOdfb-fO6bHV4be3xg2i23LMV3PcuxLp9xMpG1srSj7JhRoHPfjMSG0gdYeOx8kxkhe7I%26cry%3D1%26dbm_d%3DAKAmf-Dbj6OEC0BJ8_yFn-HsezpzxmhG_4G-6i2d-4_UuXm3RcG9yCzAQHbk2lLBPa30IU3HrWs3-EsFawtRK9ngrwjHUbwg0pNAiKvRAe4b3AJVc5Dxp6PgrzVaTk-l2-pD-G7UIshYmz_AqvAgJSZ4DojgJEEDgMTWqnN681Y25mQxd4sc9SZIa_w04UhjiYyM7_6MAJ66Zx2iUuS8PflDe3Zxl7ZxmLEzwJClIyFdfZKolM32v0DwyPtOd6zXNuNrzfYI8Sn5SARvJlHrwvO6UacuDSzWc3mydaFIXbTqqcPlWYjzX4xDp_0dt8jCqT8SfSvmorHdbIhaBzoLDoiIjTWko8UC-8hbaP5k4upI4OB_ZK1XVGW20Q9RXxvU8EKtwTfDCBulXvj4RgQNHzyHGfOub_HiE0qduNCFu4Gxe5u4hrYiani37e8jcGaMaGLdbHo8LTTkEKOg553I9e9am8n6b9-TWVBxvKWdt4YiPtzh5xhAqhzvQYe3kHYKMQL8QQ2jKuwoSkbL2krMkJgWH-M44dvLI3A2W2og6hEriEHwLWOE670%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=6248977274662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 16 Nov 2023 04:32:20 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"25200521800103636","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Thu, 16 Nov 2023 15:32:21 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6556360597345f2ebea2f67f&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: 515F0528:90EC_91EFC182:01BB_65563604_5171C48:1A42B

GET
H/1.1

200
OK

view.aspx Show response
www.media01.eu/ Frame 7B2D
Redirect Chain

https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=64284900108069304444550012510026&pv=1
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700148741_55491330-8495-11ee-92fe-22394270969d&d...

0
904 B

51ms
17ms

Document
text/html

85.10.231.200
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700148741_55491330-8495-11ee-92fe-22394270969d&dt_mode=iframe&dt_url=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.231.200 Fellbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

85-10-231-200.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 15:32:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 16 Nov 2023 04:32:20 GMT
p3p: policyref="http://www.media01.eu/www.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Nov 2023 15:32:21 GMT
Location: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700148741_55491330-8495-11ee-92fe-22394270969d&dt_mode=iframe&dt_url=
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security: max-age=86400

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame 783B 7 KB
2 KB 25ms
9ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=6475490f2e&subid=&uid=3375d5ce6b7311b3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVgx4AzZWZa7qM4ePtwe3spaIA6blvaBphZWcp8kP8C4QASCc6Y1vYJWCgIC4B8gBCakCv9hpvxU0sj6oAwHIA5sEqgSAAk_Q6USHDDqyHwk-0ncmejDqUqfe4o5_dQFz_cWoKt20UvjnVNRwhMn_jdeF4-3xuHQKnqfdV-r9M4CnaWvrFHsgptiCYGBmms3SjekCJHkUVQEgbzrHlLGC97lNdymu1sK7Pc6YOlWzanLr-rN5O3Q3aan4q_hRFDarR7IpHPufwb6Ob3uwC-NhtTIGHoG70vDa1-M4coIEDa7xWCRZkbTl0giSYbeslZcttUILeMKKtbCzZTs06rFPt0qgTs-2z_mAdi_r0X0pLapmbQse76aqQwJbwb1IHzPpCPlLZIMrPVCtBwtUSlvV4nCB9SHvC_896AGD4mY_Ki458e9t1sHABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNmjiekxbjurvziVdumlpNpUcZB8K5zNDymjX0OzWsmMjQu4tkxqTRVAwKNBVKxe_bRBXSpiX8PYKyu0X7cepDVicViuR_NTlcyRgB%26sig%3DAOD64_3xqmh7IqFbhf6o-A6S3KIHYsr09g%26client%3Dca-pub-9153158803095042%26dbm_c%3DAKAmf-DNGceQavvJ_Id0d3SNDb99ujsRU001JNsDax7mI1BKkxDaADp7THcnc2jYIj9WwVRDf6v5J_0vWEEjO37oCyPHDl63tAwfDF6SCmUm7yawZSvOdfb-fO6bHV4be3xg2i23LMV3PcuxLp9xMpG1srSj7JhRoHPfjMSG0gdYeOx8kxkhe7I%26cry%3D1%26dbm_d%3DAKAmf-Dbj6OEC0BJ8_yFn-HsezpzxmhG_4G-6i2d-4_UuXm3RcG9yCzAQHbk2lLBPa30IU3HrWs3-EsFawtRK9ngrwjHUbwg0pNAiKvRAe4b3AJVc5Dxp6PgrzVaTk-l2-pD-G7UIshYmz_AqvAgJSZ4DojgJEEDgMTWqnN681Y25mQxd4sc9SZIa_w04UhjiYyM7_6MAJ66Zx2iUuS8PflDe3Zxl7ZxmLEzwJClIyFdfZKolM32v0DwyPtOd6zXNuNrzfYI8Sn5SARvJlHrwvO6UacuDSzWc3mydaFIXbTqqcPlWYjzX4xDp_0dt8jCqT8SfSvmorHdbIhaBzoLDoiIjTWko8UC-8hbaP5k4upI4OB_ZK1XVGW20Q9RXxvU8EKtwTfDCBulXvj4RgQNHzyHGfOub_HiE0qduNCFu4Gxe5u4hrYiani37e8jcGaMaGLdbHo8LTTkEKOg553I9e9am8n6b9-TWVBxvKWdt4YiPtzh5xhAqhzvQYe3kHYKMQL8QQ2jKuwoSkbL2krMkJgWH-M44dvLI3A2W2og6hEriEHwLWOE670%26adurl%3D&documentReferer=http%3A%2F%2Fbontontv.com%2F&ancestorOrigins=http%3A%2F%2Fbontontv.com&random=6248977274662&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6efe6b3670694863301d3708e5f9648310929fb81b8935b69bc4d27cec49daa3

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2062
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Nov 2023 15:32:21 GMT
Expires: Thu, 16 Nov 2023 15:32:21 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E759 43 B
704 B 144ms
71ms Image
image/gif 2.23.68.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=64284900108069304444550012510026&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=787517410&adf=1143955216&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739316&bpp=1&bdt=182&idt=326&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1928&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=329

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.23.68.89 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-68-89.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 15:32:21 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame E759 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b35158dc0f293fcf27e82872af75e18a1cd808bc0ffe9d1a551f0fd7e1b362d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 0B6B 39 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 09:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 09:57:20 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 783B 2 KB
531 B 20ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 14:43:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Nov 2023 15:32:21 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 783B 11 KB
11 KB 23ms
9ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d723e6659e26aeb9cde06a9a06f4f6068b16be773129bb6e23e7830bc1d99456

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10941
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 783B 13 KB
13 KB 23ms
9ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: af13579a4208e5f88f66a76074f8413f52362d4952d7d1af0ca6a0408142f54b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13284
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 783B 17 KB
17 KB 42ms
9ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/59568/creativesup/Laubblaeser_1200x627_BIS.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8bb85229e7e9d3d20c2c87e828ff502eefbf0d9fb72a410fc15686d11b6b065e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17416
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 1F6D 5 KB
5 KB 5ms
5ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3308719243
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 0FB1 174 KB
62 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a5d1b0c9d6701c47c853f68cf995258e377ac6a63aa1c4c53c5c735d6195885b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63898
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Nov 2023 15:32:21 GMT

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 783B 0
150 B 25ms
11ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=64284900108069304444550012510026&a=649eee20&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=64284900108069304444550012510026&a=081e465a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0FB1 273 KB
91 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b81b2127ba5e93c5b5dafa9d96c2d15142c7e890b6b10ab9de3c0cc66ab6b1ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92855
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 15:32:21 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 069A 2 KB
2 KB 143ms
68ms Script
text/html 13.42.237.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=81638200106544204444550012510008&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.237.35 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-42-237-35.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: d4103583b04d309a3c7da13a5eee4a57ca74d62ec3eaf308080817e0d1a09876

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
last-modified: Thu, 16 Nov 2023 15:32:21 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 16 Nov 2023 15:33:21 GMT

GET
H2

200

activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303 Show response
8019191.fls.doubleclick.net/ Frame 041B
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303?

391 B
327 B

55ms
54ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

4968b807dc807cc019e5fa4383440a19893fe853ed132ce621b50000fad38e0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:21 GMT
expires: Thu, 16 Nov 2023 15:32:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame DD41 7 KB
2 KB 22ms
9ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3e797b94dcd413fa4d04011a85c3ff7b83f9356bb2454b8dde30277037dadb34

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2099
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Nov 2023 15:32:21 GMT
Expires: Thu, 16 Nov 2023 15:32:21 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 069A 222 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 386014b9e58070aada68890dda472688cbc07778af20fdabd19fe27f53fc5a8b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame DD41 2 KB
434 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 14:40:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Nov 2023 15:32:21 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD41 13 KB
13 KB 25ms
10ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 07867c131a13d11f7a7a6f73f8b7bebf2521089da141c35aa74b6311914611c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12998
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD41 17 KB
17 KB 25ms
10ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e12b469133888e74815ec5ddcb26ca794cb4f502ceee6be3c3b4bf1cae4f483f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16983
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD41 16 KB
16 KB 24ms
7ms Image
image/png 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0e72eb8a832ffd29bc7ead59c2e795a3223608790dff743a6e70ea700732582d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86DD 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BKT5wBDZWZZDXHouC1PIP3YaEkAcAAAAAOAHgBAI&bg=!MDOlM3zNAAZxrfrxUa07ADQBe5WfOBjYbBa85lIZV1hdbimScIbAtYKe3SC3sWiuRtjtOPMKHhhaFeFNNfZTOXycmbghAgAAAhVSAAAAA2gBB5kC5WzhRSxqGRqmvDcS8ITiIZVUlmruS4vWapX0pCOulu9QnAaulAjdpfyyGJFqsCn7clAcfVcK7NdBMBDxLFuqlu1G4sJN7zHl12mVKmZokACLHqv5keiroTcXGxGrAfsk5zbM1cZzdOTW1D1QnrJLzGZFDI8o2pZkg63bnyyX2hjl4hMGPxhQA02X6vbtZ3T4tZ84-Xfc5XdzrHEakCu6BwgwETXJYQjYEO3VcSWXT0Swx5QCinoHAvfdEZqtMTab4j8KFrmf7x1fjv2jgONPmoR4WED78kXHRUtJ6EsvkGVQDAJsff4c1ZYqHnJvWkIMB9Pqz2fcSUGq-bZlpgtXtx7IU050_xjpewL0Jxja3iFnqkA5S268ABsEcCuCXYxTmcB490P94z-sZIDhVJKVYiV8yUUeAs3PjGVES5HI7wTIbfkHYT-1ZEq1P0IQviiet-KL77YVKaleCfnnejbidGkX0js2TJ27U0dCgkeEcGqVsjrbRiJn1cpoG8tZq9UVtS-GNp5nskupKQpPKpKwHbf3e4mOVJgC6htxoL2oTFuhgWlazjhVoqjz3Kj5x3wfah5XboPq5quHnJopgGV2s7Wnjmx4mIDgTylXbQrVpAu8TbPgQ77QZM8DfJH7R0kLkiHLMlSHelZc-Bs7e5ANUPCmU36m0HCvbiHuQxwibckPdAGsAxu7uBCE8X1e4V-KLp0bOoCeba6dRDhI4ND3N8o9YhnNmxp6eNX4TV2vemW1sg1KQgt8l_-Cc7u-lGOvmft7M2k26liHlA6QlAaR4J4FA4vaunZPLbXn9EAFTPFv0WFfq2QYhVKwkX-CiB8XlSSNTugF9nMP4Bx4Y_JXDA6WQSdvfI-UleTXNvBAWQpawqtrLdEJ3z-Gk27gvhHxKh-Bg3fhbqaJ7ABN18kkCcpwTOPaSwOX_bxE2YNpOeh9nLyHcXs8vVw3D2k7RSjrxRX_QUHMAh_vPDaxMDyNwcw2qXxbfA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame DD41 0
150 B 22ms
8ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=81638200106544204444550012510008&a=6e3469d4&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=81638200106544204444550012510008&a=bcac50de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 15:32:21 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303
adservice.google.com/ddm/fls/z/ Frame 041B 42 B
401 B 255ms
45ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJHSqc7ryIIDFcEZewod_RgNpA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7238721553047.303?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 069A 53 KB
19 KB 218ms
8ms Script
application/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=81638200106544204444550012510008&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 05:55:55 GMT
content-encoding: gzip
via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
last-modified: Wed, 01 Nov 2023 16:51:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 34587
x-amz-server-side-encryption: AES256
etag: W/"5d5bc5942e2e0a61b44429bb852bdc91"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: mEHwNGlhv3CpIHF4hl0HTT8OzPQqppwG2beZ97DpKsflDbp5lh0-eA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 069A 85 B
437 B 216ms
7ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1700149041&Signature=VE3e4Jy~bHH~EaEXM24YWs3IuTy5xozxgIhaP4hEqmXkD7dNJTw~Pz6THyokEYgwosywOT5gPR1JcoOPmMK9-gdeLdrxz00eXNnMd27uit4zfrB-V2P2QWdC5puTZLYFYqvilU9tfoptwC-92vl0T4qVBsDXaZLoeEtqdzQFkSGNMr5gaSx9ob2jxOqNxKgFD5UDTMGEYW-snYn8QH2VbSmDxptXoF1r8uqOZ2EiBBBRe~PdjGuwh4VzM63AQSdRHuTBvOSYQx3Oqu2dBZpeRKpL2mlg1i5cry2Kmc5OhVMXCZUmQuGn5Nluunomwf~31cb~VLFsvDK80ikL2H2ykA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9153158803095042&output=html&h=90&slotname=7894683571&adk=2604832432&adf=1607325374&pi=t.ma~as.7894683571&w=728&lmt=1555257909&format=728x90&url=http%3A%2F%2Fbontontv.com%2F&ea=0&wgl=1&dt=1700148739313&bpp=2&bdt=179&idt=311&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=881158549952&frm=20&pv=1&ga_vid=1186743976.1700148739&ga_sid=1700148740&ga_hid=1543513663&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42532263%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056&oid=2&pvsid=3928740559880374&tmod=144213827&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=do%7C%7CaeEbr%7Cn&abl=XS&pfx=0&fu=0&bc=23&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=318
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 16 Nov 2023 04:09:20 GMT
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 40982
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: k5HYqb_CE_itfrB4NX3Fjfi69psQkB6NWz5kuRDzLVKyV71gbvRpSg==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B6B 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8gYQBDZWZeyZJpaPjuwP1befoAUAAAAAOAHgBAI&bg=!5uWl5arNAAZxrfrxUa07ADQBe5WfOCVN8x8mpZgXiDYalgSGRih5JP7_X0KrPDaisLdhKcBMWDcszPUfRxHM3nEkxji8AgAAAVpSAAAABGgBBwoACAHhMKzT4UD5mQLqbOFH1Pp04qAO9l_4aLysdW-hGH4di_7amctFJWG4y8lTLnAHLYeBdtpAUvAZdWqFxwcq_NxQJsfd2CP9cjT9YJv4uwI1hoQGiOqOwnjCfalmarC5t2n74mka6wsiL7AZ8ecR-fuPImzO-cmiBJuJTPAhYCoq7T9i0vm7hVT533Qb9DoSVdp2zHPKUD0rcSHWvgVGWxuK_KbhLhqL9NVR-f5Hl8sXi2NRxJ9p-gdgdm172OOYGxz2kIy28f-fIMCG8CobZKaLDZJJEnWMo9Fgbt8lespQsuM0iNwkmA3HxnnfvuM8tfuwrvi_Y8KrpDle0OIdxCN6HWw4lmpvhLm9YFjM7aAzQBd_pz6XCXBG3Amh5Go4y2JDD3MyFfu9Eeu6CcCWT5Il4ocF32SdFsIYICD6OuI0k_39HNpSgXXUijpLjrsGBpnrztTmtYv5TxpoEkxkJuvMOMg4Ngp02ETEu-FeBa88VYisl2r24HI8kTuDNdcX0DHU84ArMx1hi5ORMrVs9JA9GQB-JyMMQa2YzSJs7Lx21sx95yb8g8WZfFmtadXa56R3YucltP9lvcC4s7Tw1bChm8JNTlRKE1BCGacy0s3uq8D0s3axccob-HoVTZKLp7X8bYGT0bdfK2pi82tr3lsmttDqjhDs67pD32EAQhqExhJhpugN2n069ol505zJoDB1k95pUlgVFZB_DqPm201Dc9Slc4H1j-e-IjF2-L1JVMgQswbcYCeb3809CfrX1Ph2u5oQ7S8KPxDwA3GaG1VUIjeg98Qo8N_rLhyaXaj-Q1ZjbMsVxcJssucJIEH6bDc4h_1d44o5UT0vdHRwJqPbT1zeHID7lPNkwdzPSi0VmqsMQAkrzdebGUXeeby04pPJPhO6Yp8NebCHWmPwrO1qNETCdcLM1cySIBqnofaN5zYm-9l96BAri3egQsNroRZEI-JmZVg5haA3ORIBVZpVNyP6mvK4kpCJERzNxxPRfVoGpOU

Requested by

Host: bontontv.com
URL: http://bontontv.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 72ms
56ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da1ae693743eb2d8b7caac66f5fa0eb6c4d06e53e6ebbc6a9865bd9ce8aa82b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12115
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Nov 2023 15:32:21 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5B23 13 KB
5 KB 10ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 13:42:54 GMT
expires: Fri, 15 Nov 2024 13:42:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8051 829 B
1 KB 41ms
17ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

298473caf9911d067a04fd68334c836c0995b56c03773bf7d157c6b4d5ac731b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fWArRfwPLZzEjMIqLAj7uA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://bontontv.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-fWArRfwPLZzEjMIqLAj7uA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 15:32:22 GMT
expires: Thu, 16 Nov 2023 15:32:22 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B23 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 09:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20102
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 09:57:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8051 0
0 44ms
43ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=3928740559880374&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5B23 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?OEhF3Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:32:22 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E759 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5710234367822&version=m202309260101&ct=77&x=1&cor=10160946022463998000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 102ms
21ms Preflight 18.132.19.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-19-32.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 16 Nov 2023 15:32:22 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 069A 16 B
209 B 78ms
78ms Fetch
application/json 18.132.19.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-132-19-32.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Nov 2023 15:32:22 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=3928740559880374&bg=!19Sl1JvNAAZxrfrxUa07ADQBe5WfOAkVFo9WTigk7uWY5v-KTEntCaMESnZU5AxbfUkVw2yQxQFTleIW-R6eq29POjM_AgAAAFdSAAAAA2gBBwoAQNN2wkehjJiQef6C-Y3ka48RrxAjNDCTI3cIChkeb3zSyVTqtpOIAZyN5N6ce01tK7KmeSRGGOq9XmSwcpL9it2ZAr38fcs0RUv0WQKlFp-DgHrLUDzfx4o-4j3lGySTzQVjvdJf7x8wmpEZ4bJXsLXyZtb8B6pf59NVABZ8PxKKIjtFO8aDtVs5WhWCvFTiWx_jkW1EIgp_SbtUrIQ9XcMpnf3G_cA0GNM52YbfPvBV6z-BF1Ws_wG54W1YEilJBtVWCALHcKETa0RR8r_15njw2hk3KuXUlrAfBGmOqGZq9cWCj4DYfH2E9P4W7TPLn_IFX0r2EuHC41bZ0zN9IcHMG_RxTL9oFrakz4lPEoIouvPGpwSLNGC3i0Tg4MLL35Xtjs4jckzVF1_F671VHBxS2hdEN2gdlf0e-2vJPC3ilciQii6LM2SdfUtUD23ZTnhsJLz6PYHefnaRB6m1ssYUQ81HHbVx7484oQFw9FwoNhWa0VnkBBdzDIVKIIEJsvqu-ASP1l-MPvXJ6qUyX6ehsrp5DC4UHOqjP6sZU3ks6mpXKdpmcLl1PhPR2Pu85JVq-3V7I8d5bcKtYOOMI7nbnmgM3h-FaAMKEQl4PM1kj52E32iKryFd-O7Ia8AgfEJEEJT5CWXd8MUOH8PaG-ugO3GdaqZoF0OMYWkt8h-cHZaD7CVRl1wlZB3ElIFXx8wCK0lMFT6jS7iG3rFSnKuHZUKPq5z1eZTtrcKRkjlcx1FcDGEscqrA9cIt0UCaoqM-Z3GSPdqkZ4W_hSbj8X3ic90wdgYvcLUbLzEHrEHi0kfjaZNxjd8iZq3rfRPIi4FRVTneaUFVtgdtm9rKB-ujPjd_-nLMCz8YZZSvaqb4EDL5vaW-mHDej3zthsgYy6K5C6dmLop1vPjFlPc7Up75zFDsE21P6hT8uYYU9DSG5yxs_egb437UGroZkEOpAMrARTGkVBwORuTmS0GgeMHc3Yf15_dyAIuq8nuES7EYL3-3LSPrwTM4LRZsXX6eVw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://bontontv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 069A 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9240824358894&version=m202309260101&ct=77&x=1&cor=2992948288399418000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 15:32:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bontontv.com/	1970-01-21 01:51:48	Name: _ga_ZN2NEHGLHZ Value: GS1.1.1700148739.1.0.1700148739.0.0.0
.bontontv.com/	1970-01-21 01:51:48	Name: _ga Value: GA1.2.1186743976.1700148739
.bontontv.com/	1970-01-20 16:17:15	Name: _gid Value: GA1.2.1577925064.1700148740
.bontontv.com/	1970-01-20 16:15:48	Name: _gat_gtag_UA_132394199_1 Value: 1
.doubleclick.net/	1970-01-21 01:37:24	Name: IDE Value: AHWqTUnp_L3BTAfVtnqCNX_xg1TkhsVpJkZkzXYe0k0OU_ZMrMy-KMKH2ez86Eq9
.casalemedia.com/	1970-01-21 01:01:24	Name: CMID Value: ZVY2BBPfcyC4pLlIy.SqogAA
.casalemedia.com/	1970-01-20 18:25:24	Name: CMPS Value: 5188
.casalemedia.com/	1970-01-20 18:25:24	Name: CMPRO Value: 5188
.adnxs.com/	1970-01-20 18:25:24	Name: uuid2 Value: 6117770386125303644
.adnxs.com/	1970-01-20 18:25:24	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HaME+lU4!@wnfH8K6pQK`!5=E<L5?%M#1.B@V.z'U`jFF2B1-F#O68J#rA1s`#RI)i0%nugO%v4VB%nn+t(s:9
.doubleclick.net/	1970-01-20 20:35:00	Name: APC Value: AfxxVi4PPvk0wgykdzeWrURJXu_hCMTbkOEnwrRGlLJsVoNAiG5gqA
.bontontv.com/	1970-01-21 01:37:24	Name: __gads Value: ID=005cad832dc25fc9:T=1700148739:RT=1700148739:S=ALNI_MZdPWZdQ0q2ablKOFubVxmELEhGxQ
.bontontv.com/	1970-01-21 01:37:24	Name: __gpi Value: UID=00000cc9f88d3c5e:T=1700148739:RT=1700148739:S=ALNI_Mac3Ekyvy6RSi2d0sm9hbJh1hdtEA
.doubleclick.net/	1970-01-20 16:59:00	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:25:24	Name: 8lcfmzhxc8d6_uid Value: 997641787a7c604f
.googleadservices.com/	1970-01-20 18:25:24	Name: ar_debug Value: 1
.retailads.net/	1970-01-20 16:59:00	Name: ppb2172 Value: 3308719243
.futalis.de/	1970-01-20 17:42:12	Name: raSIDb Value: 3308719243
.awin1.com/	1970-01-20 16:25:53	Name: awpv11601 Value: 113440\|1700148741\|554a72c0-8495-11ee-819e-22341370d01f
.awin1.com/	1970-01-20 16:20:07	Name: awpv20646 Value: 296283\|1700148741\|55491330-8495-11ee-92fe-22394270969d
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 409071:2840007
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: plnhdwkhsiulthpwrlia2m4r
pb.media01.eu/	1970-01-21 01:51:48	Name: DTU Value: A6F929711CD804CAC8FD76E8094A69C6
.office-partner.de/	1970-01-21 01:51:48	Name: source Value: {"webgains_webgains":{"timestamp":1700148741211,"clickCookie":false}}
www.media01.eu/	1970-01-21 01:51:48	Name: DTU Value: A84733E99DFACC1C0E8F0B8DE9308DB0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8019191.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
assets.pinterest.com
bontontv.com
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
doc-08-58-docs.googleusercontent.com
doc-0c-58-docs.googleusercontent.com
doc-0g-58-docs.googleusercontent.com
doc-14-58-docs.googleusercontent.com
docs.google.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900026.redintelligence.net
hal90008.redintelligence.net
i.imgur.com
ib.adnxs.com
log.pinterest.com
pagead2.googlesyndication.com
pb.media01.eu
pv.medialead.de
region1.google-analytics.com
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.media01.eu
13.42.237.35
138.201.63.145
138.201.63.150
138.201.84.244
142.250.185.70
142.250.186.130
142.250.186.38
145.239.193.130
146.75.116.193
151.101.192.84
172.217.16.130
172.64.151.101
18.132.19.32
18.66.147.120
185.62.73.31
2.23.68.89
2001:4860:4802:32::36
2001:4860:4802:34::178
2a00:1450:4001:803::2004
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2002
2a00:1450:4001:813::200e
2a00:1450:4001:828::2001
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2008
2a01:4f8:d0a:2321::2
2a04:4e42:8d::84
2a0b:4d07:101::1
37.252.171.85
49.12.16.151
85.10.231.200
88.198.250.30
99.86.4.36
0431a5aaaf235b45227fd39e623eaf33911271bf0973ef0b1dddbb5f95e2aced
06ebf5846bd14583ce04d367cf8ba63993d93abe76a75f6a52261f8257ad492d
07867c131a13d11f7a7a6f73f8b7bebf2521089da141c35aa74b6311914611c4
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0e72eb8a832ffd29bc7ead59c2e795a3223608790dff743a6e70ea700732582d
0efad7edfad60d20d4c1d77bc016e5c797f07a6f64e478c2687cffa1f4d7c895
15b7c5beeae46c7d307820d5d37aad15b7b749331ed18a5a42ba60115d3a0f22
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
298473caf9911d067a04fd68334c836c0995b56c03773bf7d157c6b4d5ac731b
2d63ac0146bc9cfd42428d32c69ea0261412714925ef2980681987e2459226fc
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
348225694015af4715c43ebf537cfa5ee00a8d4a0ffa602f6c9a1139e20d6b20
37f6775b5cfc6e3ae5fff4b3a8fca3a053d57d5d5e3ce9dd99ef6a4d625270b5
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3850a0f435de021306395538a391e57396803ac81a09b67f291096f27ae81849
386014b9e58070aada68890dda472688cbc07778af20fdabd19fe27f53fc5a8b
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d096830deebf86eb527df38656bb137fc7db9d76ca69fdd2dde6f305e85cf51
3db138cc64764589260280ad919dd06ab383c5e3682e06e6ea7110c30bf90111
3e797b94dcd413fa4d04011a85c3ff7b83f9356bb2454b8dde30277037dadb34
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
433727d87227e6221e94db660dfdb7ccb2f76a5f4ff52d4ad8d3c7db8915e814
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4522b39be924676f48907e66a03fcd4f366cc1482b0c4434029343d395e91ca4
4968b807dc807cc019e5fa4383440a19893fe853ed132ce621b50000fad38e0c
4ac3172741ae459e06f1110441dceb6a3dad997c93e7c2d08b92681f0bd9b10b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
510297e873943f25fa83801c02ab5017525ed283e5a85f966c438a1d55e28978
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
58cd2758d5a9623c01c15595c05327cf29e28cb7e0b1e7508b9868b8f1b402c9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
63093ef963cdf2e6c2521fa1ef7f8be0d54d4ac06537047a54234be89c4b89c4
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
69ec94813aea720ddd4a935f1ee84e8f3179aa08bb08c02c22bd12c811b84162
6ad1ee3c982b9ce53133b4819deccd5d9f89e8e58313b7a04eb35670e1cbc4dc
6b65ccbdefd1bde633631a7273ac0b5db9b95602a1715d007c55b6f006521151
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6efe6b3670694863301d3708e5f9648310929fb81b8935b69bc4d27cec49daa3
6f44673fac0fa486e34eb2e822bc8793e21bdfa8a385c920e2680453c12db71b
714a8e2d385de706a2cbdbf79419f545811db0fac050e81d683165eb5f694e47
74996428763a36e80a29b58c37f59186186c9ac73afca42cf0f49d14d16ab7f6
74cc4ad4dbe146ced0bf4d006cd5abf55b1d5da636e55711d0661037ef53fe59
75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b
7609e19e770677480424dfc15a57979d394463711ff49deb4ac22d7e7a3e55b9
7cf41251861276133cfbf4b85fd2d83f798f1d9f1d8aaa0dbe6d5b5848e2ff0a
8bb85229e7e9d3d20c2c87e828ff502eefbf0d9fb72a410fc15686d11b6b065e
8ce2cc7427a1235b70c288a1c372db25ee302b46158e239717f4e154664f9330
8f353773218cc38d002b371b9e173e42af4cae9af221066d6b98f03f5557ca1a
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
9197929c949be6b623106cd58a4646c622ed9710fa7d8fe118f0b2fc3643323f
9458ed1b8799a60ef01e7601c95d71b3000ca6e9d9384752549f4e814f45f9b2
9b295558af4bb2e37850a544223a1a2f8d204385d5114e3487a08991d3a84d8f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1797edd8b18f8c82ff3b2a5e1cb74d06c0868587fef14d01e958104d2df929f
a50a900c0f7ce1489e1e8338af84ef5347b1577cf1f2867a19968c19126ea383
a5d1b0c9d6701c47c853f68cf995258e377ac6a63aa1c4c53c5c735d6195885b
a627cd9fcb7123f46d00a224b69f941daae4eb6ae5f2f6eb20fb3879894a8238
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
af13579a4208e5f88f66a76074f8413f52362d4952d7d1af0ca6a0408142f54b
b0896ec63fbb1545db5bdb91fb5f22d185f7738a5b851b38e1e11616bd338e27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35158dc0f293fcf27e82872af75e18a1cd808bc0ffe9d1a551f0fd7e1b362d7
b448544bee173b37645ff146318279d8bc96485f59cee92f6d02e26b5aff20cb
b6bacf1897d34028408104e462bcc153ae1818c00ff2483023cb90575539323d
b81b2127ba5e93c5b5dafa9d96c2d15142c7e890b6b10ab9de3c0cc66ab6b1ee
bb2d4fc4c6a501db7a99b6dd401c4df0961d2723fb02aa9f38f2d465b3880728
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c848f640268d1696c9a6e66de35b9d1659bcb876f1d3fcc4d4e3ae574d2d3ada
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d1fa3dd13812a2915735dcc431b499f5c2d5057a0dfa753aefd7a1df7f1593b4
d4103583b04d309a3c7da13a5eee4a57ca74d62ec3eaf308080817e0d1a09876
d4e432ee3d45fe5a6fe807137717bd8f2c898064736603a980b1dff3fa1628e8
d5f286292dac1231115c4a8d888ea987fd763c2da47bdf542895fa19e689d178
d723e6659e26aeb9cde06a9a06f4f6068b16be773129bb6e23e7830bc1d99456
da1ae693743eb2d8b7caac66f5fa0eb6c4d06e53e6ebbc6a9865bd9ce8aa82b4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e12b469133888e74815ec5ddcb26ca794cb4f502ceee6be3c3b4bf1cae4f483f
e1c2d8d7d896e8a59c4c43da5d33706b8dd975ab8c47a57dbdf135ab00a3a85a
e25f53fc4bae5d337cab5e3122515ed7d040bfbda3d68b1169d71ad1d5b5c230
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58ec394c0c2322a9833859b836faf7190619def0d9b240a6464fca782be423e
e608c4a41bbb53d1d43a81df6e71481c5eda3d716f764200ad2de0edc8088e5e
e72f87b7a5b95823f2804cfa7da26bb35224d1f7356c29722edf6b82dc0ad3dd
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebb668f2594702d530814bf791c1d3fe2993d5331d86adad7f0c875ff12fe38b
ec715264ef4ca17579815928c68d5e0b7716e1c445321095bf95e82b857b5c6d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2504f8e1b59fff75b088df558c75def5d020ee0882f54874f42ab7bf4d15c37
f558a2153ca91fa4eee98b8531d36d1e230fb4e983f88930c559c0a4a1219daa
f55c31468e0cae14e7f7856e99220f93b06c255fc0518d57e4a38aaf1f61c8da
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
ff98e1f95730f9d8824b3a24d80ab3802906bb2101164edf2815cd200ac7d893

bontontv.com Open in urlscan Pro 185.62.73.31 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

146 Requests

73 %HTTPS

46 %IPv6

25 Domains

41 Subdomains

39 IPs

6 Countries

4031 kBTransfer

6076 kBSize

25 Cookies

3 Outgoing links

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bontontv.com Open in urlscan Pro
185.62.73.31 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

73 %
HTTPS

46 %
IPv6

25
Domains

41
Subdomains

39
IPs

6
Countries

4031 kB
Transfer

6076 kB
Size

25
Cookies

146 HTTP transactions
4 data transactions