stfly.me Open in urlscan Pro
2606:4700:e6::ac40:c20d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/WwzpXfDu
Submission: On December 13 via manual (December 13th 2021, 6:25:43 pm UTC) from MY — Scanned from DE

Summary HTTP 91 Redirects Behaviour Indicators

Summary

This website contacted 27 IPs in 5 countries across 25 domains to perform 91 HTTP transactions. The main IP is 2606:4700:e6::ac40:c20d, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700:e6:... 2606:4700:e6::ac40:c20d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3037::6815:309a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	23.109.82.195 23.109.82.195	7979 (SERVERS-COM) (SERVERS-COM)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
1	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
4	2606:4700:303... 2606:4700:3034::6815:5a0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:5c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
16	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3 8	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	18.194.61.148 18.194.61.148	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.166 213.155.156.166	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
91	27

9 2606:4700:e6::ac40:c20d (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::6815:309a (United States)

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.82.195 (Netherlands)

ASN7979 (SERVERS-COM, US)

sanggilregard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:5a0 (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:fcb8:22d2:d390:5f1b (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.74.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.45 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.61.148 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-61-148.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-166.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com 66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com	134 KB
20	doubleclick.net 3 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	343 KB
9	stfly.me stfly.me	75 KB
6	adstripe.net account.adstripe.net	90 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
4	google.com adservice.google.com www.google.com	2 KB
4	itsguider.com itsguider.com	38 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com	876 B
2	de17a.com 2 redirects d5p.de17a.com	718 B
2	bidswitch.net 2 redirects x.bidswitch.net	2 KB
2	2mdn.net s0.2mdn.net	76 KB
2	googletagservices.com www.googletagservices.com	74 KB
2	google.de adservice.google.de	914 B
2	quantserve.com secure.quantserve.com pixel.quantserve.com	10 KB
2	omchanseyr.com omchanseyr.com	23 KB
1	sitescout.com pixel-sync.sitescout.com	191 B
1	quantcount.com rules.quantcount.com	429 B
1	rtmark.net my.rtmark.net	539 B
1	toglooman.com toglooman.com
1	dozubatan.com dozubatan.com
1	gstatic.com fonts.gstatic.com	44 KB
1	sanggilregard.com sanggilregard.com	1 KB
1	googleapis.com fonts.googleapis.com	1 KB
0	netmng.com Failed google2waycm.netmng.com Failed
91	25

	Domain	Requested by
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com stfly.me googleads.g.doubleclick.net 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com www.googletagservices.com
9	stfly.me	stfly.me
8	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
8	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com stfly.me googleads.g.doubleclick.net
8	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net stfly.me www.googletagservices.com
6	account.adstripe.net	stfly.me account.adstripe.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	itsguider.com	account.adstripe.net itsguider.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	ups.analytics.yahoo.com	2 redirects
2	d5p.de17a.com	2 redirects
2	x.bidswitch.net	2 redirects
2	s0.2mdn.net	0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	googleads.g.doubleclick.net	stfly.me
2	0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googletagservices.com	securepubads.g.doubleclick.net stfly.me
2	www.google.com	tpc.googlesyndication.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	omchanseyr.com	stfly.me omchanseyr.com
1	pixel-sync.sitescout.com	0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
1	pixel.quantserve.com	itsguider.com
1	rules.quantcount.com	secure.quantserve.com
1	66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	secure.quantserve.com	itsguider.com
1	my.rtmark.net	omchanseyr.com
1	toglooman.com	omchanseyr.com
1	dozubatan.com	omchanseyr.com
1	fonts.gstatic.com	fonts.googleapis.com
1	sanggilregard.com	stfly.me
1	fonts.googleapis.com	stfly.me
0	google2waycm.netmng.com Failed	0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
91	33

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
omchanseyr.com R3	`2021-11-04` - `2022-02-02`	3 months	crt.sh
sanggilregard.com R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
dozubatan.com R3	`2021-12-07` - `2022-03-07`	3 months	crt.sh
toglooman.com R3	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
*.itsguider.com R3	`2021-12-12` - `2022-03-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh

This page contains 15 frames:

Primary Page: https://stfly.me/WwzpXfDu
Frame ID: 90988D6DCF20D59A8405746202EDA57A
Requests: 18 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Frame ID: 715CDFF453AD1496E8A0CFE87256E3DF
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336_2.php
Frame ID: A9456515BC2D75F631366BB5A23119BD
Requests: 15 HTTP requests in this frame

Frame: https://66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 119492991BF272A868B68FE5C3AB5435
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 153363D2639B998972FF632C51C285D6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D2024E88D3A2A788086B3AA7340ABC4C
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBWBjwFMeL4RK7KsxFa3h5TTg7H7PfEQRIDisGpvSPBiHJsV-kUyxXVpeAI74Q2lqZC3jjaUGqq_Qrp2UL_1BZZ8X8z8BLKHr8RbnjrxjBmXWVcaZzqjtUjh_qe5AG5uikfqTVYjz5BEG5X0zWYBdrolQurkBv19PHHnJ4J_U1JLFIzi1Ur6yQ-w8FmSJommhNodpiYzck0DJWlUPGF15DkY5WY54lhCVk6vQY337yEdA_69ZXfiXe14EU-m3i7SQcJlSwKqoGuSKOpNS2GOFPeBTIdrk3uZONSaZnnv3nRk5bNA4OSoyUvaLwpNwhyUBAIQ2sy2g&sig=Cg0ArKJSzP3CZ-FW-O9HEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: B7FAB6918D380AD50FF543DC6F60D96E
Requests: 13 HTTP requests in this frame

Frame: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3
Frame ID: 612F580DEE0483FBD619003DBA158F06
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 371FD0455A78FAF97BCB001FF3F8DB49
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 76F1CAF010040FACFC9C7CB05605291D
Requests: 2 HTTP requests in this frame

Frame: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3
Frame ID: CDB04BDB4F83A4FA2513EA8EDFA1191E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiWlJW6ATAB&v=APEucNXFFLFi4hodBNTL7rvjSkjdKHxdPGCp0eVUw2_qBISmlwOGUSaLJI-DnzWMXk7hgSCeUI1wbTgC_OS3erFrBYKB7S6V4qq3WOc1EHriu8knXVZKbSdoAb4dBjHKlI5Md90uK89Pd5qOiFejX9bJWHp4dxaWBTReVsSN4noigEhAg_Z-Xpo
Frame ID: 1E8CFF048DE24C3EDCC6DFD5FF371E7B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9n6PdNuxS3Hn8QeKIGWoAr1sX4XxrdbboYEEaPfKnYHLzgbWU5sFmjdlvbGuz9_sTdt21MjM6uHXBd6Z0Ruilf0Mbc3HMP6yZ0YOUPLCwAUA4VBBSgb2ce5fjJdvJ4vTpOpHszBIdESHx41io7AAMikTMnQ&dbm_d=AKAmf-AAzncMt9urckaffef_YsJ1sIuKXpz9F0YdY8IOVY-qBZ9VUGlKvawJOOfM715TtKbEhKtvbdmfTMgkx-oLzLFJEKti1KaAcgOBvFKD40us_gskFGog5xv1at9LBhwzJyZKqVXU3akgRm0apJKMtY_4QZqFadmja9s0G6WynovhgN1mnT4JGHJXmwVwYvMMIglAIakXHtCc-SEkdlTv7dHPnJl9KCjuFTKIDxl0teUuhmY4LUjW4lr5ATfjCmR6dg8oBuc2y4KUQzTJVV_bJkX6F1W-iheR1lYPlrX62jjbRz2DKkcontWfXk7AnD2aCfVyOk3xciBZbEa_e8FufQ6StUH5GZSOSt-_CuT5H_VTau-0jqbzjdiqp_bulmKxDUWfb2ZvGrJ5yKhySGThubXNOE8XIX9xujDxnDBcBA2JNv9H3n8eoBtRpsJrlMErpeLcai-N3XPROqOsKXbUi7LkhxOldNXrVQdBDohokljxSzZ7EYVxJkD65a4rlFxCnfCjP_FRPpnKG0ZFXoSaKdQNPN3SKes3oQ3yDJ5W7LXARn-4WenVn4qUmSasft3FfdJRefIPdl5GwJKLHBKpF7ztcn7l08ne2gu1FiSd1NsUgIuCLgxDasDINifcJKPTww_9f6pVVU9-tVyn2o3Nk98jYoqX_ojI0eGuF0Tht-NEytWdGJeDn3fWEaEWYb21_Iw6q8SK_nGNZiqY6UnZZ297hlx6vUBKOXiVI_2zjDM8lLCD6fUzeZW57mVPQSzF8JL1WkEAqTnDGEnrbS4p_l2IRbepfcMom8LxrTZFcS6USLP6Q7GOzQtSsd-t0C4G7vmIoDfZqCtT8A6Qsi4fzIbn1y8uWv2QWck6a_mlo5ht2hpzAD68M4J_WHDujnMXGNLZWxGuB0n9m2hWZpmGTY_ZoATy3NakXZwX18lgsT7Ihc85iKB-xS9QebpNKpp8Spr8ATVd2Ilxv69NeRcpmEHz3ka7-v-RQwMvfNzY74an3kMzO-26hjkMsi09qfpgwR8TdysMuhlirkMAgiO4pMUhMSzqlpSDZLmsWdKL-9Kb8XNvzEERvynI9Y7wFBZ5iy9lDICu4ScGY-0Ud6Pws7edC3YHLvhLs4kekpzQrEgyh_RR56qAWeQyqADMVfz8wVJeWwKFo1-TBu1JVHZnYSaV09GqzCE3VpZu5ocmXhkBgl5LQVG2F9aB-QbJrEDa2CVTKwFeDQWxDAwtohge7bI_qNPAUzF5OUp44ysArGOO4ArHcICip7Q4F2lx6ahcpQXT5WwMmVaWTUMU6up5F4k0z8cOxxvZTing8Xj5xKDxHrAkVdbaqIpPMxmPpBdRhby3O8fFQVNMz93Myv5NfFoQ2f-P31zsBgQyVocmWuuhJJjug6IMQ-vIsZ4O4wNRI9SvhW9RrhewzVqthMdAfHQJ5D7Ecp9tuwzQ_qE18Dm49XkeEzbmB1I0VWMseDqsN8mfLR6gq3kOgBGyC30uBxvN2BMykknI5QmeQeeNEMmWy6vHzkhyKS-P3LRvO9nxiYrpt56vSUNzPs1nZGI0rDYcJR3ZJjO4_ltQLIFC-c7eLu612gt_mX9nQwpx_Syz_y3jSZ0OxLjyT1nKoWXRPG6Mo5sQx6x4vuPoveEGGs0penmswlq62Oi_F9KnFI0eSoOLBw1z3O8Uay-3OU-YliHAkep5XgzY7qtOme6Rh5MhnwSZAShJIMLN0usDeC4Ycemo5OdHN7l43yHSDbz1NEyvK9_eC0dIrOdh8xkeAcBAExD6cCN1Fs8CyeX6HHEHpcqGgsAk9EuRQ39sG5rZn58BlpQW0nYMMpThgxTfR21bwqDD1Y_wQZ7utWkIjYSKySAtAOOS2B7JvkqllnXQU0cE7wupXhf_L-dkeU3qAlPTDVfGl1723wKMYfelL58CSirjE-2eO5LAMYdc3GcMK_qv3PVg7bpuGhGOJCUct7aB7LLwBdBGKrNsWi-b5I-17aKqhxbzdifNI4ie7kjipvtSGPHlBP9RqeqZGjVUGaauKB19eUyuXC_WBsy1NuiVxZWVWUmUlcrtrNUCyowc4X4rnuLiX-nT4Ty-zhxz5H4vCrmmB1u4_DRNzLHKF4NEsgPCXKxs98-9C5ttV80H1FFFiaIe0iH-TN8oPDy8mWIMRvS2trsoh63VbCYzch2sXXwiZdaiaPhyXP1BeEW7vLb73zKXlJArT-fIF7Br0bIPRg7NWRqWDeQzQYv9wmdm1HI5TKEngXPkdk2g5T6gIzQrF9muIkRmHSPOAOgGgKlEBapphYcUSc1qgktbZ0uV8pw3cpT08mtdgAT4jnxyS-U3NOSnd3jIQv09No-iTgov_egzVUKA3rYGQbZGnHWPdqY-oTJ7KIrDfb6jfdGQgKI0AM1meEieUr_malWhRa3tKrffA7yWzZltlR8-kEW8jV9LTXfLYegvH7Fl8lO9lUXiaNt69P1uCxrJPrPuuB1GcB1W7xGz18sr2H1KDFuLcNB6fYFccFdS0dvDaZD2SWHzF-HTWS_kH6draSeo14cASGWCC3oxEQm1A0A5sHGFyDMDmCb7U3HRWZy9jkeyZsfyG5mVndKO-HhLWtBy9km1UVn1k_k6FoKpZ_HPDfqYjj7fkyyoUi4UQZlsEe9e6KvzSaI2_qnqB_SP_tEW-wAiS72lx-uCMvgyWTblNwKQ39y7Pvbr2l6tUpbuXoJiX_ftbh8v-3PzjCE_DWQRp5iS8scGAkXMgZESEuk7ShWDkbpTFQ2nOLJgQgJPJY0-BODEKJtaRNolpc8eJeAXjJuLQT61wOhnDIzuYpUhd9MvaAUvd08dFs9aSB4775Q-65dstq-sqyZ3EYFaf2WoFrvTQRk4O7SerZSTfYjuQjaY2dgl1WLjQkJ3pisHTyAKPECGHjc7YY3ms24oNPcCkWo0gT0QO9EelYdLkeh-m6BT-4bvsLceqS0wWJVPsTY6ExV8lOC3W93ruhKnVr4U2fmr4IW2Qd2R3UKOz8WH3pv6PCYhZH27Cb1qoTLWvjBm7FX1sJHCSYorTyEGlLGqJd7nKY8nxd4jqLkIJ0dC9ZUNXd2RMm5O1LNQEXrY_o9IIKobjptY0nZpEJoPU1TYDEAoaqhlns3rs83Oug8YIw_L0BeMDn-YFFHhm7WnrCAJ2clQ76mvxaPlxGAKMgOebDBVuFWf6qMPXC55xEYHPavZSim5a3xL&cid=CAASEuRoCk4OhKrvd3022iaXskLC_w&rfl=5%2Chttps%253A%252F%252Fstfly.me%242%2C%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240
Frame ID: CB281D819D858114DD3617C8D2A9654D
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 16F3E76F7D897876A64D2DFDE0F6AD8B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 74C18708E89644BBFB53E270C29688E1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

301 Moved Permanently

Page Statistics

91
Requests

89 %
HTTPS

52 %
IPv6

25
Domains

33
Subdomains

27
IPs

5
Countries

916 kB
Transfer

2462 kB
Size

27
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&C=1

Request Chain 67

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbeQJoosL.xABclCe6It1gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&google_hm=2

Request Chain 68

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELyYAD6jzlBQvnzY4vV1lp0&google_cver=1

Request Chain 69

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MTU4NjU1NjI1MTYzMjAzMA%3D%3D

Request Chain 80

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJjmvBc7KuRQK_6zWq34Jcc&google_cver=1&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJjmvBc7KuRQK_6zWq34Jcc&google_cver=1&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo&google_hm=T5mH9IYwSWuh9-RwBa7JUw==

Request Chain 81

https://d5p.de17a.com/cookies/google?google_gid=CAESEHaGcIZLe3pVex274TXXiCs&google_cver=1&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEHaGcIZLe3pVex274TXXiCs&google_cver=1&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I

Request Chain 82

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs

Request Chain 83

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGLY-IN6HVvNYffA95vMn-s&google_cver=1&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7uLvnoP3RuHDb81rr4OzgSzluiU HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGLY-IN6HVvNYffA95vMn-s&google_cver=1&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7uLvnoP3RuHDb81rr4OzgSzluiU&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GdF81a3c1RTJ1RjJ5T0ZnM01GNG5tOFFYVGFPTGZSTn5B&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7uLvnoP3RuHDb81rr4OzgSzluiU

91 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request WwzpXfDu Show response
stfly.me/ 2 KB
2 KB 293ms
236ms Document
text/html 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f8d89e70c17cb50d0e49eb0a9d8101f24b9b4416c65ad6b507267586f7d11f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lZA6QdSJe0Zm8cEcD6%2BqpORO0L5ayC8UYYdnhEGBmS9ojTq3KdyWDahS5PO%2FojNGDaDsXtnav8rddRzBP64pJYYRebBlkRYweJTh%2BiTVbRuASaSSDGLlGCKtfr9lScc4zB5vHKoCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6bd13c7cdbad83a3-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 42ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 17:55:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 13 Dec 2021 18:25:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 13 Dec 2021 18:25:39 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 47ms
45ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 982596
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RPKKciXQ%2BYykXp0OPi4RaDllhF1GuQy7vvGeyWM5VS7VzgKs%2B1CnU3X5hwgsd7oql%2BSvF07oVuWNv7rsF7vgM%2FGpYODZ2hzIOU1w7hmU9xt8hngBLYXs%2BR453Zp%2FWt76JOoQtPgqtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6bd13c7efa5283a3-MXP
expires: Sat, 01 Jan 2022 09:29:02 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
5 KB 36ms
34ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 982596
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHNScFdwn5oznTQ3J7%2FgsZRbZE0wGAs8wmLtbJs24Z07iABFHo63l5n9WuAiNRFnF1qvwfkwvZvTr4LnmiQhdNOeXtjVokF4LAR5Moj18drcgol5REHf9IMlUZGVv8d2ZUMy%2FXIY2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6bd13c7efa5883a3-MXP
expires: Sat, 01 Jan 2022 09:29:02 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 36ms
35ms Stylesheet
text/css 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 982596
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHrqZM1Y5vi5x%2FhGNjgjbUCenbq7admkw6nTnj%2F3Q26LNCCsRz11Mr%2FTSshsLCu0Xllo5Cr2obMlXtNBtu3LxbNoQjOacbwo1IFPWZg9lWDr1i3hI63kFQtRVX6rb1hUrWQ5RDnHEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6bd13c7efa5a83a3-MXP
expires: Sat, 01 Jan 2022 09:29:02 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 43 KB
16 KB 102ms
101ms Script
text/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/WwzpXfDu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dbb8fcad0e5f333957248fd5abd1ec545b0e86abd9de412e4c63a13e6183eed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfpDMnht1YsIlIA26pcLH395ygQ26pNdts7TdtrAGeX87ZBwSuNIiqmEQCBWCMdQIqafST7QDR22Geq%2BsxT6ANJRFqqX%2BgtVSlWoxOwQAKxhiIRX10Lsu0r9pQHa6D34kHypUw44NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6bd13c7efa5e83a3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 292ms
235ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/WwzpXfDu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fdbbb9e8f9d77d0e6285e992e67c4313fd1013c7f11940577a6ff9725e9f953

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Mon, 13 Dec 2021 18:25:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oi7gFQ7TnpoAoaU4cO0%2FCqaClMecoNm8jcS6OY8ORvdx%2Fy2vpkC3hT6uXk%2B5OIgAag8M1DwmxAxpu7fA0KgqnfTc38SmO3hVoMc883nHq6XQlSeZgj2OuKbxxHiFJr5MXPxnTwCEwTBwHLDEWQ%2B5ZA4KFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6bd13c7f5aa33758-MXP
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 59 KB
23 KB 68ms
30ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

62bd9748ef1e452a1994462c334416d785b8752da1ea076267f345508653f2cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: d9eeb4a5732e677730c3a0c55553263d
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
sanggilregard.com/1clkn/ 0
1 KB 161ms
16ms Script
application/javascript 23.109.82.195
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://sanggilregard.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

23.109.82.195 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 13 Dec 2021 18:25:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 26ms
25ms Script
application/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Dec 2021 16:45:16 GMT
server: cloudflare
etag: W/"61b0e11c-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMElfPePKmxBcyzINUpqqe6F0ynDTwyUwI8AD7X%2Fa8a4fBc6rAh0uGXWFBfkg6iv8e2tnalm5F58yZT39Pdr2%2Buy6LWfN3h9HNkkfCskVjW5xO647klZS9EI9fe5qJ0BWIFVpFbNzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bd13c7efa5f83a3-MXP
vary: Accept-Encoding
expires: Wed, 15 Dec 2021 18:25:39 GMT

GET
H2 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 50ms
50ms Script
application/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 982595
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUMgLjHeScPNP9PKvyRC3iBvwfC8mvfQHESqG1MGzsYGX0QJtfbaVrSFnfFoGGtAk2jsCY45v1GF2PjakCJbiAdU08uP20qIc763BJSj%2FdJkTKPNCLJgAN%2FW5qBDEeWQjk7vteaSug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6bd13c7f5b7483a3-MXP
expires: Sat, 01 Jan 2022 09:29:04 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 60ms
31ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 00:14:34 GMT
x-content-type-options: nosniff
age: 497465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 00:14:34 GMT

GET
H2 403 4495548
dozubatan.com/400/ 0
0 91ms
12ms Script
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dozubatan.com/400/4495548
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-trace-id: becfaca00eaf54a1fb28ab3d023b418a
pragma: no-cache
date: Mon, 13 Dec 2021 18:25:39 GMT
server: nginx
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 22
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 404 1
toglooman.com/ 0
0 77ms
12ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
x-sc: 4KdnrdofxFOHMlcU
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin
access-control-expose-headers: X-Sc
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 75ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=89fef84ecaf54beabfc7e899c410b202

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

78340091e6ec3cc6eec94d144657d3270a2bebce9f92cac0dfe76d458b52c54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 pica.js
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 27 KB
9 KB 53ms
53ms Other
text/javascript 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: stfly.me
URL: https://stfly.me/WwzpXfDu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e5d86cc8063a401cef88aeb07b77574e39a2867d9a0dfb2b25398b565702c02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/WwzpXfDu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:39 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85EWL3PuOqVD7L9FnVaXwv1MeeC6gG3IPG9IZhBrH8uxaqfBTeKxpQHBGbRrxH%2FcnTGqIPdX5DBpX%2B1E0rxIpJ2o6Qr1RNdDmlPzLt32WROgjBFna8WpHbceZfUNjpGR62kQIzKtjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6bd13c7fbc6583a3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 204 /
omchanseyr.com/ 0
0 16ms
16ms Fetch 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/?rb=uT3gVkz5oPP07uO6w1gFTdY-MtmDcqUJ6WeBo1fYIlYhCQnING6xIy-21iF354cSkcXgJS62yobCHEz6lAh0-V_d2OMCOu3al45xlOQr4pneu6rlZgROZAR3Hd9_UzJP4_TMcstQ75pJWSiGPrQ0iamsDi11796K8lIx8c8l8Q5tfBlP0BF7eKcsS9ci3yd5APLD5Ma3nQ-fdCG1Zo7y26sHqtKDYFAGMkAweI7XzzFhldPe_3xJs1bfPpvy9esc72mCfqEHpGnMWQPF&request_ab2=0&zoneid=3381289&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fstfly.me%2FWwzpXfDu&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=2&bs=8f0fe745-3f6a-4daa-91eb-214cf848af4a&userId=89fef84ecaf54beabfc7e899c410b202&m=link

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-trace-id: 73bf37840816a177534780f0368007d7
pragma: no-cache
date: Mon, 13 Dec 2021 18:25:39 GMT
x-content-type-options: nosniff
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://stfly.me
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 index.php Show response
account.adstripe.net/display/ Frame 715C 7 KB
2 KB 256ms
256ms Document
text/html 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9144da7a2fef6019aeb1eb110f20e942f0a70db2c9d5618c05a706b21a11110b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5R%2B5GlqtIj2w%2BQd5rFXCzZPt%2BRe%2Bkh4Edy46KxTpsJuZQEgBusmlQtgTTnexoiD6WjuhSYhF4pxXoBXcG7hzybdKv0pZR4DHwfhjQoZZdUK1xRT%2BEA2Dy8wfxU4qqdFi7ofE6AUKyFnMnOXKUVwo07DpKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6bd13c80ddeb3758-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame 715C 243 KB
74 KB 41ms
41ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 6873
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FcHKu8pmZjlfDdXO7gud%2BfiHD6V9HNye7w1xBdwgFMAs5hxqNxSjqBLV8qL2SCroYTXB0HluIJDhxmMpWfpcTYII8PsKqd1ITX%2FEYirhhYuqOzsebmY43rsEPplB84winR1ana4Ap7VXkBD5FUCXW3gsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bd13c829a223758-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 data.png
account.adstripe.net/images/ Frame 715C 931 B
1 KB 34ms
34ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6831
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BChx%2F%2B105K3X%2Bu7PI7BQQaDeRGTTKA02mVv19l4Dy7qaWJzi31XlnQYLE1H1dnRjipwqteNIFfhnN8RGR2w%2BvXWnSTVQBRRPILWtTGq5thhX9dgssd2vXWUWchiAPoUhtLxD%2BiR2%2FvJZbRs79S81KHSNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6bd13c829a283758-MXP

GET
H2 200 1-icon-1635666360.png
account.adstripe.net/upload/credit/ Frame 715C 546 B
883 B 27ms
27ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1635666360.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6831
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 546
last-modified: Sun, 31 Oct 2021 07:46:00 GMT
server: cloudflare
etag: "222-5cfa1406a0ef7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaOPnYz%2Bdf1VN3ThSDB7pfF4mhpq20xXNKe7oH9nMAavBBVRiBmw3XCOSsz2TlkLhSo2oCDzp5OXQH9VYY%2FtOJkrqq7ZZhfpZiEWBNxfAtCCYa4p%2BazrU%2BxAkDQL3JCsRVBLc8mm5MkkRVQXPsouo5RTHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6bd13c82cae63758-MXP

GET
H2 200 336_2.php Show response
itsguider.com/ Frame A945 14 KB
6 KB 417ms
359ms Document
text/html 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336_2.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca35130be6b21f23c24f8a12dd3c19fd60ae2606d094768ae395d58bef8aefa0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
display: orig_site_sol
expires: Sun, 12 Dec 2021 18:25:40 GMT
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-origin-cache-control: max-age=0
x-sol: orig
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTOGtVsUfc7e1bOp6tOhUkOOi%2FnpurZLKnjoPu3aGv03%2FONKtFAFAutD6UeYQMJKPRdB6TqGcbgxgO5yTs5R7ICR7H%2FLBcwdezBJa1mIVl35s%2FzCQIFR3zUqV2Ycaic56lxo0PcShhtVzNKO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6bd13c836cec5a25-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 index.php Show response
account.adstripe.net/track/ Frame 715C 131 B
694 B 246ms
246ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|2|2|1|21|1|2|2|0|2|0.00055|0.00055|0|0/c603e19f175001c080becc84bf5f8a38/1639419950/DE/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=5fc5414df8c6e86b58de925a3f037041&time=1639419939&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9Xd3pwWGZEdQ==&page_title=301%20Moved%20Permanently&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YD73zGuT8UE4OwHaiJO8O3PZp4U%2BC%2BcqRPIxjbmz1ZekB7KQ630Pwn0%2B3OdQ2FmQDS2u7Ic9udCGjNV03HxPG4kYvsRO3%2B3QyOq1Q9KVQnK9DshDlfmf8qxqgJOLFi9%2FXtTRQqZ%2FV4rgBgJ%2FgCuzQpyFPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6bd13c831fdad600-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A945 78 KB
27 KB 60ms
38ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1069 / 72 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26912
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 18:25:40 GMT

GET
H3 200 cmbv2.js Show response
itsguider.com/detroitchicago/ Frame A945 67 KB
20 KB 75ms
29ms Script
application/javascript 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 073210ddb02d4b62a72fe51d0a0612d57090d03f5435a7537ba8209eaa30c585

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 917490
cf-polished: origSize=68978
cf-ray: 6bd13c85ff393751-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 03 Dec 2021 03:34:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s1K5SirEx%2BZ0RR%2BNZqqk9gnTwt%2BGp6MsgRYpMwAnemf7riFkn0gDaemAFaGkwpYnUuO1277wC%2B8wRORunbzuF5W8Cy5JTBmiHZulx5Nm27qKrijtukZP%2Bk93%2F64pFyNLrhc%2FOi6TUMejYuyc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A945 348 KB
117 KB 31ms
16ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 18:25:40 GMT

GET
H3 200 imp.gif Show response
itsguider.com/detroitchicago/ Frame A945 43 B
696 B 74ms
73ms XHR
image/gif 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A297268%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A0%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%225c880e13-84b2-4c36-565d-5111ac5824dd%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A670%2C%22response_time_orig%22%3A267%2C%22serverid%22%3A%2218.192.26.133%3A24048%22%2C%22state%22%3A%22HE%22%2C%22t_epoch%22%3A1639419940%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fitsguider.com%2F336_2.php%22%2C%22user_id%22%3A0%2C%22word_count%22%3A0%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6OeZpYM3Cog%2F9d6IiEwrtCq4B4kpXEUk9W6Qkq2DsprLP%2FZacVGvZGaZasT5wuG3KdBzVoQ6YDXm8tP6w0S1pHWjsfmD8ZYI%2FKfLRd9pW23PRQ4qZILK9bWEBjA%2BMm2EmWgkMBYSXVC4gU80"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 6bd13c865ffc3751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Sun, 12 Dec 2021 18:25:44 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame A945 24 KB
10 KB 46ms
8ms Script
application/javascript 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: itsguider.com
URL: https://itsguider.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y51-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx51
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 20 Dec 2021 18:25:40 GMT

GET
H3 200 cmbdv2.js Show response
itsguider.com/detroitchicago/ Frame A945 44 KB
11 KB 30ms
29ms Script
application/javascript 2606:4700:3034::6815:5a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93759c0e3df161e7dabddd06d38850e0f985343029a003542bc94311979a4b41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336_2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5185888
cf-polished: origSize=44604
cf-ray: 6bd13c8658043751-MXP
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 17:54:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNYg78xW%2B96g22DsR2AAARVIUfKYE1jZ8MprK9MFfGJgOnFbO6AsJAeGddhwH9CRkkHY5N6wBzxLhYtLdcM8AaYn3EFkVhfcglCKxoJ1wjDkWliKD94ZIAaF7NDOuZJJNL1eeJBR3fgeAM8Y"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-bgj: minify

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame A945 107 B
792 B 41ms
17ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A945 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A945 57 KB
17 KB 423ms
423ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1043015162418589&correlator=771854464552273&output=ldjh&impl=fifs&eid=31061814%2C31063378%2C31063821&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&lmt=1639419940&dt=1639419940897&dlt=1639419940736&idt=143&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=1993164460&ucis=uyvhx4scwnvi&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336_2.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=259399468.1639419941&ga_sid=1639419941&ga_hid=226557508&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

35d8220d75d82feac6da71c52b14e65965c124303717b17c5c8a5b48cd9093cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17572
x-xss-protection: 0
google-lineitem-id: 5532346210
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138346035701
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1194 6 KB
4 KB 53ms
16ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 13 Dec 2021 18:25:40 GMT
expires: Tue, 13 Dec 2022 18:25:40 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ Frame A945 3 B
429 B 36ms
7ms Script
application/javascript 2600:9000:2156:5c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 04:43:25 GMT
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0997.cloudfront.net (CloudFront)
age: 49336
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: xFMDSt3BeDMsxti0T55bXVFm5lj0HAMkTss9TBoX_4JshUtzT5MmWA==

GET
H2 200 pixel;r=1998421763;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-110...
pixel.quantserve.com/ Frame A945 35 B
371 B 34ms
16ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1998421763;labels=Domain.itsguider_com%2CDomainId.297268;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fitsguider.com%2F336_2.php;ref=https%3A%2F%2Faccount.adstripe.net%2F;uht=2;fpan=1;fpa=P0-1109790620-1639419940949;pbc=;ns=1;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;d=itsguider.com;je=0;sr=1600x1200x24;dst=0;et=1639419940949;tzo=0;ogl=

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:40 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A945 11 KB
9 KB 42ms
19ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47462f59749f040cbbd8e571029653f922c119dc38eedc1f4ea54ac28909be7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8549
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A945 17 KB
7 KB 117ms
88ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 18:25:41 GMT

POST
H2 200 result Show response
stfly.me/cdn-cgi/challenge-platform/h/b/cv/ 2 B
549 B 477ms
177ms XHR
text/plain 2606:4700:e6::ac40:c20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/cv/result?req_id=6bd13c7cdbad83a3
Requested by: Host: stfly.me
URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://stfly.me/WwzpXfDu
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iy5oqUuSnhCj%2BeQOxXNnq4CJLyfpG4vHtZtRExgMBLpZcMciuCR2hECwxlsA321kjGqcQaEQ5Z4Vr87MyuthFsmIRmKAhoZeswh70xEg%2BKDrbq8gaiczQINzwwF2tw%2BJ1yIaP6VNXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 6bd13c8aea0683a3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1533 13 KB
5 KB 23ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 10:36:17 GMT
expires: Tue, 13 Dec 2022 10:36:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 28164
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D202 783 B
1 KB 38ms
17ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

882e04b655fc054718643c61330f4cf298ea1ad646cdc184d330c9c4897fe9e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hkXsPMWLvcCOSGbzW5VMMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 18:25:41 GMT
date: Mon, 13 Dec 2021 18:25:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hkXsPMWLvcCOSGbzW5VMMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1533 35 KB
13 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 17:23:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3704
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 17:23:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B7FA 0
0 41ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBWBjwFMeL4RK7KsxFa3h5TTg7H7PfEQRIDisGpvSPBiHJsV-kUyxXVpeAI74Q2lqZC3jjaUGqq_Qrp2UL_1BZZ8X8z8BLKHr8RbnjrxjBmXWVcaZzqjtUjh_qe5AG5uikfqTVYjz5BEG5X0zWYBdrolQurkBv19PHHnJ4J_U1JLFIzi1Ur6yQ-w8FmSJommhNodpiYzck0DJWlUPGF15DkY5WY54lhCVk6vQY337yEdA_69ZXfiXe14EU-m3i7SQcJlSwKqoGuSKOpNS2GOFPeBTIdrk3uZONSaZnnv3nRk5bNA4OSoyUvaLwpNwhyUBAIQ2sy2g&sig=Cg0ArKJSzP3CZ-FW-O9HEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B7FA 78 KB
26 KB 19ms
19ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1069 / 788 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26912
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B7FA 119 KB
37 KB 126ms
98ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D202 0
0 55ms
54ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=1043015162418589&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B7FA 348 KB
117 KB 17ms
17ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame B7FA 107 B
122 B 33ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame B7FA 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B7FA 20 KB
9 KB 500ms
500ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4168552795099647&correlator=2329286695058541&output=ldjh&impl=fifs&eid=31061167&vrg=2021120601&ptt=17&tfcd=0&sc=1&sfv=1-0-38&ecs=20211213&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&prev_scp=in2w_key%3D353%26in2w_key2%3Dnope%2Coptimization%26in2w_key3%3Dadx313%26in2w_key4%3D-5d---%2C-5d---%26in2w_key5%3Doptimization%26in2w_key6%3D-5dh--qgz%26in2w_key7%3D313%26in2w_key8%3D353%252C354%26in2w_key9%3Doptimization_request%26in2w_key12%3Doptimization%26in2w_key15%3Do0%26in2w_key16%3D10&eri=4&cdm=itsguider.com&bc=31&abxe=1&dt=1639419941463&dlt=1639419941347&idt=97&ea=0&frm=8&biw=336&bih=560&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=292152128&ucis=hgdm0jpfstf4&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=3&url=https%3A%2F%2Fitsguider.com&loc=https%3A%2F%2Fitsguider.com%2F336_2.php&top=account.adstripe.net&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=336x0&ga_vid=1863973545.1639419941&ga_sid=1639419941&ga_hid=1112922982&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c76af376ae991bb35f12d7c5c353f15787d00eb2611ec83fff537874da6100c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9631
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 612F 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 13 Dec 2021 18:25:41 GMT
expires: Tue, 13 Dec 2022 18:25:41 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B7FA 0
0 57ms
43ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDOhkz_0M1OJYDChFg2iRuv31033phDT9h-UgcTv6egslAe08h4uC0sYCdl3224c274nI3HS4xFNmfcI-yUOQHg3vIojeZascRmxfrtLT22zZnXIkDXRKoUEGIWYe-aDlK3cTEBpFD-ZR0ZPbrUDCW8i4MOV8SRxZt3cZshKtNFx-snJLbXFQfHSXF1fQsPddME0M580neetbHwJ76L3bETBPIVjMPP8NpoYERVShyYZ33dcrODcfgSp34rWWSVv61-rbloGOguapVKbr6jJFYeFFpqbUsAeeWqJMhVJ9Htbrlodez6yOZo6fgqVxrNxC-G-GSPiH1iQ&sig=Cg0ArKJSzMGXkS7Do4GmEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
DATA 200
OK truncated
/ Frame B7FA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 14aadd91cbc24945e41b113bdc1428a3e037d6c79189e8360ab199dcfe24e4af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B7FA 11 KB
8 KB 36ms
21ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ecb7dc9e5a48445faedf81cee05cffc6910c78910f0625dfafc08ae5b00a059

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8538
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A945 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=1043015162418589&bg=!CgmlCU3NAAZKWFskSlg7ACkAdvg8WvfTCQZv1CGnNQf64LwcFB8hqhVOHwQXezUc4GT3L8cdvxvQzAIAAABzUgAAADBoAQeZAvlllm9XzfMqX_x_8e39hkWE8j7ENmgvTWhHNzT_S95M7IsP_wOmOdGLXXo8-ANjghkf6j_9h3-wrAn12EIOrNFcob_2cqaL4B72UYIb-yX1o-7Mu2ukvZXMuE9Vm2GTRUaKZF2nBjITopJGVhpeI-oFxL5oFiw5Y5woKz0OMrXpciC5SZAOfyurJwNCAyWZ3IEJ4HPmmbdwNFu21uLBr_nnzX83JjzOCCEFM8y3VZRP7Op5ZzGCLRWbLHKho8vp8KC795rx8h1yje-qKAlHKPfUPNPxyZUz9iv17zenRFbTuVq9XwbOmuh5uvqz193APLWPU2xa_q-F27vD6Cma7PhvrABGnC2cpQn4vOgMUv0S8OJAKwL-leUuyUmmtjuaBAtOqeUGJDp_8-v8N2uo4hLTj91cU3uexl6ogeOHjeIy2BRrVRLmypteqinIEF1izfKWjFTUD6MqDPT54D-POjs229zDHC8Ry9PJvayJP0gOJ2UotiYtA0GFJIWVC-t83tqAfFupY4t-MUq0xWOgLgnO0VYz_8WC2iYa2G5iykfcX5gXjA8uxZHqTS7_Z6kvo1k4zDgIcxLW8dmL6YS-GbXy7MlI0OK9tGx0b1TovvYXvkpDF8EEst5g414vFnBnpV9FL2rNcl82SSd4aOM0Wn4ANzZLAVt31sCKZOHIiJtbvdjszBCoCkWeQNeikPy4zOLPQldXRs1v-TpkAtS-G6DVTF484O7Xx-4kpcdfBX0B-QqvaGVjT_CAVVu3dG3_54bFBZQqmEv6jZmO9UKMnl8vD2tZf4MrHtNORkpQ3e0SM8qYt7lXqjmnTjSh82hn1klek1jngQpAkRGSbovpzHHy4xoVoo_VuTA4ZRyQIXnxQQdbp0Ih5yLdebzb6eUdSJZ-b1Ua1hryCLTjN2vbrheK2XQstdptEPgWYocWG_uu1leNdHAzinFUHyzMV3BmPz7SLG0N0vFLiNZZeBFxVMvrxPubc7b-ZxvfEYlTv9LkZpeSN6mBwy9YDg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B7FA 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Mon, 13 Dec 2021 18:25:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 371F 13 KB
5 KB 17ms
17ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 13 Dec 2021 10:36:17 GMT
expires: Tue, 13 Dec 2022 10:36:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 28164
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 76F1 783 B
534 B 62ms
37ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0b1257651fea59eb677095f3e76e5ead58175e31530e389eb4bb0a544dcfde06

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nsuXmYLoxfvQNdyBY9Wajw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 13 Dec 2021 18:25:41 GMT
date: Mon, 13 Dec 2021 18:25:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-nsuXmYLoxfvQNdyBY9Wajw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 371F 35 KB
13 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 17:23:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3704
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 17:23:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 76F1 0
0 61ms
61ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=4168552795099647&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7FA 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=4168552795099647&bg=!ZmWlZSHNAAZKWFskSlg7ACkAdvg8Wjuz3zFbYaGY27ozH_xGFnvz30f9NT_fc0WhlaSrzvJFiZUNBwIAAABPUgAAAAhoAQeZAu-SRoUUY7IOYtlrF3qgI5Dk1_AcK_hfnNodfSrHuXjyYmtHC4ZCqVDAdXbrk0XE62oQiGHNpKfhBCwuoQ5HeWHvYokUlSHw9wEft3-EVlIv4UZ3Ua0XGwKZ1x-Y2Z8rbcfU3wk4LK0j8uUhn_IWhc0tLKjZnMIcnlinB277_HrPP_dUVBMYFwhJaqBca3qqFd8ZxVraQXNEZuWnAQshpeJQWladvKTFgpVdm-CBMNxl7ZoUN4vgEjU6yJ7gVijHvFl5JfAH8e0Si11SHDIOLzDGUsVQIXuNgKdCEVvV-2_SLN7W38lZ-6yo5DGAd8tppn1eQkSp60sLvHhhdoq3KefL0oqszr9BJ2HWoLggxM_9x5CroE07N2k6eYRlNAJphB6iiQarbAsGYufiPrqfgFLZml8L_DwE4gkJ1UXtZ28pVdXBy0Phryrj2qe3zs39353mXnNS3tMcQfl9H15k-_hKwPjVfliqjryMsgB1luUh-UVqvMAcXsngw5GNjee9Jm-qzi2JLL5F2uH9rJkugrO5aY225yyvnaG5N7RwyZbdMBTCYbcyJzN2mg9HyR-Bfp7lkPQv8FPODvXqmjM4hhIwBtFP_fNZFfCkZTZH_vgDCWKCuCIhHGbKlZWS_FHPyvl69WRWHb-Gk6_S1FGKcd2gBNNaQWAo1yx5gmul39nmgiapIQ22ANR85z9q1touodKwDFCU8qY9BgSTos-n9Qdd_Jy5torZ9J9IjsFN36GeF_OauoWUaXp6subcmeV7yoZynuJ6aGAldKKM-1QGWoOtHH_JSmZIrY4JquM9x1mktobeEHWRhH_Y_sUkJS3mynfei1e6RZu24XlFcJ5rLacX8MSnGD3juFa6_oBIje2wUXXLSvyhlekzhotfzZlgUqmL_1V6TjtATpr5B5_r7wDVbV-lAjLuf93noKQEp8sGzqqgWBv9rljFQMfc_9iDeNOoUfEMskVecqJ2Bx2SDKy10MPpGjxPYYiHtkSZGZl0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CDB0 6 KB
3 KB 24ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 13 Dec 2021 18:25:41 GMT
expires: Tue, 13 Dec 2022 18:25:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1E8C 624 B
733 B 41ms
19ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiWlJW6ATAB&v=APEucNXFFLFi4hodBNTL7rvjSkjdKHxdPGCp0eVUw2_qBISmlwOGUSaLJI-DnzWMXk7hgSCeUI1wbTgC_OS3erFrBYKB7S6V4qq3WOc1EHriu8knXVZKbSdoAb4dBjHKlI5Md90uK89Pd5qOiFejX9bJWHp4dxaWBTReVsSN4noigEhAg_Z-Xpo

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 13 Dec 2021 18:25:42 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CB28 54 KB
27 KB 73ms
52ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9n6PdNuxS3Hn8QeKIGWoAr1sX4XxrdbboYEEaPfKnYHLzgbWU5sFmjdlvbGuz9_sTdt21MjM6uHXBd6Z0Ruilf0Mbc3HMP6yZ0YOUPLCwAUA4VBBSgb2ce5fjJdvJ4vTpOpHszBIdESHx41io7AAMikTMnQ&dbm_d=AKAmf-AAzncMt9urckaffef_YsJ1sIuKXpz9F0YdY8IOVY-qBZ9VUGlKvawJOOfM715TtKbEhKtvbdmfTMgkx-oLzLFJEKti1KaAcgOBvFKD40us_gskFGog5xv1at9LBhwzJyZKqVXU3akgRm0apJKMtY_4QZqFadmja9s0G6WynovhgN1mnT4JGHJXmwVwYvMMIglAIakXHtCc-SEkdlTv7dHPnJl9KCjuFTKIDxl0teUuhmY4LUjW4lr5ATfjCmR6dg8oBuc2y4KUQzTJVV_bJkX6F1W-iheR1lYPlrX62jjbRz2DKkcontWfXk7AnD2aCfVyOk3xciBZbEa_e8FufQ6StUH5GZSOSt-_CuT5H_VTau-0jqbzjdiqp_bulmKxDUWfb2ZvGrJ5yKhySGThubXNOE8XIX9xujDxnDBcBA2JNv9H3n8eoBtRpsJrlMErpeLcai-N3XPROqOsKXbUi7LkhxOldNXrVQdBDohokljxSzZ7EYVxJkD65a4rlFxCnfCjP_FRPpnKG0ZFXoSaKdQNPN3SKes3oQ3yDJ5W7LXARn-4WenVn4qUmSasft3FfdJRefIPdl5GwJKLHBKpF7ztcn7l08ne2gu1FiSd1NsUgIuCLgxDasDINifcJKPTww_9f6pVVU9-tVyn2o3Nk98jYoqX_ojI0eGuF0Tht-NEytWdGJeDn3fWEaEWYb21_Iw6q8SK_nGNZiqY6UnZZ297hlx6vUBKOXiVI_2zjDM8lLCD6fUzeZW57mVPQSzF8JL1WkEAqTnDGEnrbS4p_l2IRbepfcMom8LxrTZFcS6USLP6Q7GOzQtSsd-t0C4G7vmIoDfZqCtT8A6Qsi4fzIbn1y8uWv2QWck6a_mlo5ht2hpzAD68M4J_WHDujnMXGNLZWxGuB0n9m2hWZpmGTY_ZoATy3NakXZwX18lgsT7Ihc85iKB-xS9QebpNKpp8Spr8ATVd2Ilxv69NeRcpmEHz3ka7-v-RQwMvfNzY74an3kMzO-26hjkMsi09qfpgwR8TdysMuhlirkMAgiO4pMUhMSzqlpSDZLmsWdKL-9Kb8XNvzEERvynI9Y7wFBZ5iy9lDICu4ScGY-0Ud6Pws7edC3YHLvhLs4kekpzQrEgyh_RR56qAWeQyqADMVfz8wVJeWwKFo1-TBu1JVHZnYSaV09GqzCE3VpZu5ocmXhkBgl5LQVG2F9aB-QbJrEDa2CVTKwFeDQWxDAwtohge7bI_qNPAUzF5OUp44ysArGOO4ArHcICip7Q4F2lx6ahcpQXT5WwMmVaWTUMU6up5F4k0z8cOxxvZTing8Xj5xKDxHrAkVdbaqIpPMxmPpBdRhby3O8fFQVNMz93Myv5NfFoQ2f-P31zsBgQyVocmWuuhJJjug6IMQ-vIsZ4O4wNRI9SvhW9RrhewzVqthMdAfHQJ5D7Ecp9tuwzQ_qE18Dm49XkeEzbmB1I0VWMseDqsN8mfLR6gq3kOgBGyC30uBxvN2BMykknI5QmeQeeNEMmWy6vHzkhyKS-P3LRvO9nxiYrpt56vSUNzPs1nZGI0rDYcJR3ZJjO4_ltQLIFC-c7eLu612gt_mX9nQwpx_Syz_y3jSZ0OxLjyT1nKoWXRPG6Mo5sQx6x4vuPoveEGGs0penmswlq62Oi_F9KnFI0eSoOLBw1z3O8Uay-3OU-YliHAkep5XgzY7qtOme6Rh5MhnwSZAShJIMLN0usDeC4Ycemo5OdHN7l43yHSDbz1NEyvK9_eC0dIrOdh8xkeAcBAExD6cCN1Fs8CyeX6HHEHpcqGgsAk9EuRQ39sG5rZn58BlpQW0nYMMpThgxTfR21bwqDD1Y_wQZ7utWkIjYSKySAtAOOS2B7JvkqllnXQU0cE7wupXhf_L-dkeU3qAlPTDVfGl1723wKMYfelL58CSirjE-2eO5LAMYdc3GcMK_qv3PVg7bpuGhGOJCUct7aB7LLwBdBGKrNsWi-b5I-17aKqhxbzdifNI4ie7kjipvtSGPHlBP9RqeqZGjVUGaauKB19eUyuXC_WBsy1NuiVxZWVWUmUlcrtrNUCyowc4X4rnuLiX-nT4Ty-zhxz5H4vCrmmB1u4_DRNzLHKF4NEsgPCXKxs98-9C5ttV80H1FFFiaIe0iH-TN8oPDy8mWIMRvS2trsoh63VbCYzch2sXXwiZdaiaPhyXP1BeEW7vLb73zKXlJArT-fIF7Br0bIPRg7NWRqWDeQzQYv9wmdm1HI5TKEngXPkdk2g5T6gIzQrF9muIkRmHSPOAOgGgKlEBapphYcUSc1qgktbZ0uV8pw3cpT08mtdgAT4jnxyS-U3NOSnd3jIQv09No-iTgov_egzVUKA3rYGQbZGnHWPdqY-oTJ7KIrDfb6jfdGQgKI0AM1meEieUr_malWhRa3tKrffA7yWzZltlR8-kEW8jV9LTXfLYegvH7Fl8lO9lUXiaNt69P1uCxrJPrPuuB1GcB1W7xGz18sr2H1KDFuLcNB6fYFccFdS0dvDaZD2SWHzF-HTWS_kH6draSeo14cASGWCC3oxEQm1A0A5sHGFyDMDmCb7U3HRWZy9jkeyZsfyG5mVndKO-HhLWtBy9km1UVn1k_k6FoKpZ_HPDfqYjj7fkyyoUi4UQZlsEe9e6KvzSaI2_qnqB_SP_tEW-wAiS72lx-uCMvgyWTblNwKQ39y7Pvbr2l6tUpbuXoJiX_ftbh8v-3PzjCE_DWQRp5iS8scGAkXMgZESEuk7ShWDkbpTFQ2nOLJgQgJPJY0-BODEKJtaRNolpc8eJeAXjJuLQT61wOhnDIzuYpUhd9MvaAUvd08dFs9aSB4775Q-65dstq-sqyZ3EYFaf2WoFrvTQRk4O7SerZSTfYjuQjaY2dgl1WLjQkJ3pisHTyAKPECGHjc7YY3ms24oNPcCkWo0gT0QO9EelYdLkeh-m6BT-4bvsLceqS0wWJVPsTY6ExV8lOC3W93ruhKnVr4U2fmr4IW2Qd2R3UKOz8WH3pv6PCYhZH27Cb1qoTLWvjBm7FX1sJHCSYorTyEGlLGqJd7nKY8nxd4jqLkIJ0dC9ZUNXd2RMm5O1LNQEXrY_o9IIKobjptY0nZpEJoPU1TYDEAoaqhlns3rs83Oug8YIw_L0BeMDn-YFFHhm7WnrCAJ2clQ76mvxaPlxGAKMgOebDBVuFWf6qMPXC55xEYHPavZSim5a3xL&cid=CAASEuRoCk4OhKrvd3022iaXskLC_w&rfl=5%2Chttps%253A%252F%252Fstfly.me%242%2C%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36fbd6e13661f287f0240674d7815ad2dbf7c3f3a7650a471e4d4ce1b9fe6bf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27529
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CB28 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 18:23:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB28 119 KB
36 KB 59ms
43ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 13 Dec 2021 18:25:42 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CB28 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:24:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 18:24:48 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB28 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B2TqbdsZKXK3rxWnajA0EF0uyQcI1qxh7GQnnknvTE6W8gLMVx7VXQN-WBWJivPaI5wzCxnKsKEi2iOOm8PgbT4NFlKCKk9vSa6mcKzgn6wrI5Ohk

Requested by

Host: stfly.me
URL: https://stfly.me/WwzpXfDu

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1E8C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&C=1

43 B
894 B

30ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiWlJW6ATAB&v=APEucNXFFLFi4hodBNTL7rvjSkjdKHxdPGCp0eVUw2_qBISmlwOGUSaLJI-DnzWMXk7hgSCeUI1wbTgC_OS3erFrBYKB7S6V4qq3WOc1EHriu8knXVZKbSdoAb4dBjHKlI5Md90uK89Pd5qOiFejX9bJWHp4dxaWBTReVsSN4noigEhAg_Z-Xpo
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 18:25:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 18:25:42 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 18:25:42 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 13 Dec 2021 18:25:42 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1E8C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbeQJoosL.xABclCe6It1gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&google_hm=2

43 B
894 B

28ms
28ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiWlJW6ATAB&v=APEucNXFFLFi4hodBNTL7rvjSkjdKHxdPGCp0eVUw2_qBISmlwOGUSaLJI-DnzWMXk7hgSCeUI1wbTgC_OS3erFrBYKB7S6V4qq3WOc1EHriu8knXVZKbSdoAb4dBjHKlI5Md90uK89Pd5qOiFejX9bJWHp4dxaWBTReVsSN4noigEhAg_Z-Xpo
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 18:25:42 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Dec 2021 18:25:42 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGx21k45hXm-C3SrkVZ_Gfo&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1E8C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELyYAD6jzlBQvnzY4vV1lp0&google_cver=1

43 B
1002 B

8ms
7ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELyYAD6jzlBQvnzY4vV1lp0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiWlJW6ATAB&v=APEucNXFFLFi4hodBNTL7rvjSkjdKHxdPGCp0eVUw2_qBISmlwOGUSaLJI-DnzWMXk7hgSCeUI1wbTgC_OS3erFrBYKB7S6V4qq3WOc1EHriu8knXVZKbSdoAb4dBjHKlI5Md90uK89Pd5qOiFejX9bJWHp4dxaWBTReVsSN4noigEhAg_Z-Xpo

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 18:25:42 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1bd3d11d-412c-43d0-bcca-b001c3a581f2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELyYAD6jzlBQvnzY4vV1lp0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1E8C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MTU4NjU1NjI1MTYzMjAzMA%3D%3D

170 B
188 B

38ms
23ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MTU4NjU1NjI1MTYzMjAzMA%3D%3D

Requested by

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Dec 2021 18:25:42 GMT
X-Proxy-Origin: 193.27.14.24; 193.27.14.24; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 2157fa8d-59a1-49d2-8a29-e8bb4c2d01b3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODI0MTU4NjU1NjI1MTYzMjAzMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame CB28 24 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9n6PdNuxS3Hn8QeKIGWoAr1sX4XxrdbboYEEaPfKnYHLzgbWU5sFmjdlvbGuz9_sTdt21MjM6uHXBd6Z0Ruilf0Mbc3HMP6yZ0YOUPLCwAUA4VBBSgb2ce5fjJdvJ4vTpOpHszBIdESHx41io7AAMikTMnQ&dbm_d=AKAmf-AAzncMt9urckaffef_YsJ1sIuKXpz9F0YdY8IOVY-qBZ9VUGlKvawJOOfM715TtKbEhKtvbdmfTMgkx-oLzLFJEKti1KaAcgOBvFKD40us_gskFGog5xv1at9LBhwzJyZKqVXU3akgRm0apJKMtY_4QZqFadmja9s0G6WynovhgN1mnT4JGHJXmwVwYvMMIglAIakXHtCc-SEkdlTv7dHPnJl9KCjuFTKIDxl0teUuhmY4LUjW4lr5ATfjCmR6dg8oBuc2y4KUQzTJVV_bJkX6F1W-iheR1lYPlrX62jjbRz2DKkcontWfXk7AnD2aCfVyOk3xciBZbEa_e8FufQ6StUH5GZSOSt-_CuT5H_VTau-0jqbzjdiqp_bulmKxDUWfb2ZvGrJ5yKhySGThubXNOE8XIX9xujDxnDBcBA2JNv9H3n8eoBtRpsJrlMErpeLcai-N3XPROqOsKXbUi7LkhxOldNXrVQdBDohokljxSzZ7EYVxJkD65a4rlFxCnfCjP_FRPpnKG0ZFXoSaKdQNPN3SKes3oQ3yDJ5W7LXARn-4WenVn4qUmSasft3FfdJRefIPdl5GwJKLHBKpF7ztcn7l08ne2gu1FiSd1NsUgIuCLgxDasDINifcJKPTww_9f6pVVU9-tVyn2o3Nk98jYoqX_ojI0eGuF0Tht-NEytWdGJeDn3fWEaEWYb21_Iw6q8SK_nGNZiqY6UnZZ297hlx6vUBKOXiVI_2zjDM8lLCD6fUzeZW57mVPQSzF8JL1WkEAqTnDGEnrbS4p_l2IRbepfcMom8LxrTZFcS6USLP6Q7GOzQtSsd-t0C4G7vmIoDfZqCtT8A6Qsi4fzIbn1y8uWv2QWck6a_mlo5ht2hpzAD68M4J_WHDujnMXGNLZWxGuB0n9m2hWZpmGTY_ZoATy3NakXZwX18lgsT7Ihc85iKB-xS9QebpNKpp8Spr8ATVd2Ilxv69NeRcpmEHz3ka7-v-RQwMvfNzY74an3kMzO-26hjkMsi09qfpgwR8TdysMuhlirkMAgiO4pMUhMSzqlpSDZLmsWdKL-9Kb8XNvzEERvynI9Y7wFBZ5iy9lDICu4ScGY-0Ud6Pws7edC3YHLvhLs4kekpzQrEgyh_RR56qAWeQyqADMVfz8wVJeWwKFo1-TBu1JVHZnYSaV09GqzCE3VpZu5ocmXhkBgl5LQVG2F9aB-QbJrEDa2CVTKwFeDQWxDAwtohge7bI_qNPAUzF5OUp44ysArGOO4ArHcICip7Q4F2lx6ahcpQXT5WwMmVaWTUMU6up5F4k0z8cOxxvZTing8Xj5xKDxHrAkVdbaqIpPMxmPpBdRhby3O8fFQVNMz93Myv5NfFoQ2f-P31zsBgQyVocmWuuhJJjug6IMQ-vIsZ4O4wNRI9SvhW9RrhewzVqthMdAfHQJ5D7Ecp9tuwzQ_qE18Dm49XkeEzbmB1I0VWMseDqsN8mfLR6gq3kOgBGyC30uBxvN2BMykknI5QmeQeeNEMmWy6vHzkhyKS-P3LRvO9nxiYrpt56vSUNzPs1nZGI0rDYcJR3ZJjO4_ltQLIFC-c7eLu612gt_mX9nQwpx_Syz_y3jSZ0OxLjyT1nKoWXRPG6Mo5sQx6x4vuPoveEGGs0penmswlq62Oi_F9KnFI0eSoOLBw1z3O8Uay-3OU-YliHAkep5XgzY7qtOme6Rh5MhnwSZAShJIMLN0usDeC4Ycemo5OdHN7l43yHSDbz1NEyvK9_eC0dIrOdh8xkeAcBAExD6cCN1Fs8CyeX6HHEHpcqGgsAk9EuRQ39sG5rZn58BlpQW0nYMMpThgxTfR21bwqDD1Y_wQZ7utWkIjYSKySAtAOOS2B7JvkqllnXQU0cE7wupXhf_L-dkeU3qAlPTDVfGl1723wKMYfelL58CSirjE-2eO5LAMYdc3GcMK_qv3PVg7bpuGhGOJCUct7aB7LLwBdBGKrNsWi-b5I-17aKqhxbzdifNI4ie7kjipvtSGPHlBP9RqeqZGjVUGaauKB19eUyuXC_WBsy1NuiVxZWVWUmUlcrtrNUCyowc4X4rnuLiX-nT4Ty-zhxz5H4vCrmmB1u4_DRNzLHKF4NEsgPCXKxs98-9C5ttV80H1FFFiaIe0iH-TN8oPDy8mWIMRvS2trsoh63VbCYzch2sXXwiZdaiaPhyXP1BeEW7vLb73zKXlJArT-fIF7Br0bIPRg7NWRqWDeQzQYv9wmdm1HI5TKEngXPkdk2g5T6gIzQrF9muIkRmHSPOAOgGgKlEBapphYcUSc1qgktbZ0uV8pw3cpT08mtdgAT4jnxyS-U3NOSnd3jIQv09No-iTgov_egzVUKA3rYGQbZGnHWPdqY-oTJ7KIrDfb6jfdGQgKI0AM1meEieUr_malWhRa3tKrffA7yWzZltlR8-kEW8jV9LTXfLYegvH7Fl8lO9lUXiaNt69P1uCxrJPrPuuB1GcB1W7xGz18sr2H1KDFuLcNB6fYFccFdS0dvDaZD2SWHzF-HTWS_kH6draSeo14cASGWCC3oxEQm1A0A5sHGFyDMDmCb7U3HRWZy9jkeyZsfyG5mVndKO-HhLWtBy9km1UVn1k_k6FoKpZ_HPDfqYjj7fkyyoUi4UQZlsEe9e6KvzSaI2_qnqB_SP_tEW-wAiS72lx-uCMvgyWTblNwKQ39y7Pvbr2l6tUpbuXoJiX_ftbh8v-3PzjCE_DWQRp5iS8scGAkXMgZESEuk7ShWDkbpTFQ2nOLJgQgJPJY0-BODEKJtaRNolpc8eJeAXjJuLQT61wOhnDIzuYpUhd9MvaAUvd08dFs9aSB4775Q-65dstq-sqyZ3EYFaf2WoFrvTQRk4O7SerZSTfYjuQjaY2dgl1WLjQkJ3pisHTyAKPECGHjc7YY3ms24oNPcCkWo0gT0QO9EelYdLkeh-m6BT-4bvsLceqS0wWJVPsTY6ExV8lOC3W93ruhKnVr4U2fmr4IW2Qd2R3UKOz8WH3pv6PCYhZH27Cb1qoTLWvjBm7FX1sJHCSYorTyEGlLGqJd7nKY8nxd4jqLkIJ0dC9ZUNXd2RMm5O1LNQEXrY_o9IIKobjptY0nZpEJoPU1TYDEAoaqhlns3rs83Oug8YIw_L0BeMDn-YFFHhm7WnrCAJ2clQ76mvxaPlxGAKMgOebDBVuFWf6qMPXC55xEYHPavZSim5a3xL&cid=CAASEuRoCk4OhKrvd3022iaXskLC_w&rfl=5%2Chttps%253A%252F%252Fstfly.me%242%2C%2C%2Chttps%253A%252F%252Fitsguider.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 18:25:05 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame CB28 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:24:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Dec 2021 18:24:06 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CB28 0
571 B 89ms
52ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_e1uwnU8_nT2FHi9cKpItFvwV3Ob9-acddcbsoHVQvn1gKFVLMDaJvRLlc_XiCk0P8pAqPGaYoBe42tgaMa7EQtuaM1K6BbvrGO3QFVWFvucKhmzgvpPzzwF57HrwQDVx2UIpU9dGuYzWDOZm44M6y9SxIERC4Zuf-bqYmAb6kKqzVdQ9d2PuCh8fT0Q3PI3fAgv9m_ooHQT0HvGeXVkJi8n2Lft7Ql2dGJak0Cz13EJmlRIMrBTsL6Kv-YBY0h640x-pPfkiFY1FBMDAe_M6qqxeO20ly445scAl3vtSIGiivuECJlGwvL3nVtCKpR3-grim_qPCs7Yd-tx6MzzHtfQLNhVSnA42j_P--37OgIQx51UTUcOtVs1KsDi3OCARJonJdiIQEUFTJrpmDd7pz-spusezMh7bmXEmCm5jHmMpSM5fYGBNT5DutxET2sTOW3ta4R-XypkSWmUWBjzwoCSETpwQpDa_wq0ZURTaDGr9qs4Jrgka08cgIZd8b_5Xd78Sqd6IEn3L09_uYmqIZyaU8ahKOBhUNOBSgv3nln1EY2hRNFJsrwmQCszMPgKOFBFRgDxoYgUXsg1_l8_yIhJPmZZPmn3TJQoA2JcKOEemfi7BF8HxwmL-JC3vSXoUDKrHB7lVF_a-ijTq3xAV785D0I4ohFjgcGXPViX50RvCpSjIU8Qf1HfSJgiN6wC9yUznvDa-Sk-ehld4hA-qYgAWpwyats2UW8KTH5p6aHhvvEB2yBwL6-F1hJX9av_QCSdlOtyM-AZgwqOxS3Xci3egHgcsOI30toNBMTuRRhPLS0RHSPD8uRp7b7XCpstER6OTFSYe-BAigtdx7t7rZTHVmgT1o_IcmowLEmfCc-hJ2lwVL_DrQ-qONbrhLmS-hT3X7jPiER82EYd7eJenQxtf1H-hjoiCXC6IeFX2NHeK0w-3fbMNCuhbTfvSsTM-JhYA1zKD5UFKAQpTriIMm4LiwK87peWyC-5wLvt2PLcJDH5d5MGh8KpyMGv9zr96y4zvkJqlrk1rKq6F1cLAAhNr-MRnTdLftA_7EDIw7S8s3o4MFhuk-lKXZrDu0kjCleynObrEMZQb8sNV-ED68p3f1CVUgSmH4UnR_HCeIJr4mJqkqo_-igGRwBxD5Vwt8V2hNxuVCPuAUrOdXfYDRJZ9ort6Hnc1CKc8_MTSPEa-aA54DtQlVmEcTn-pcbX6uybfuzVPa-i-mQC0KuhLFybzuH8SKD3mPTqDgah1EcHozhSMS319n9Btlb3l&sai=AMfl-YSYzXERaxxvjv6sOMOR7rLmOp_CTFIZgksyMIlcGKHVCggih9euwPocyossdf3YlYb1LNN1KTrTZmgHycVlii7WVEXDmVWCS8f1R-wUCtarth_7qwlk2ScqxfUUT9sD4p7gSJawzRp4Je9Y8t-W-8ZJozHYfQ&sig=Cg0ArKJSzFD4iSlb2FxQEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20211207.47892&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 13 Dec 2021 18:25:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CB28 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 11 Dec 2021 22:03:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 159731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Dec 2022 22:03:31 GMT

GET
H2 200 4431902876421974796
s0.2mdn.net/simgad/ Frame CB28 75 KB
76 KB 63ms
13ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4431902876421974796

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7adfb3bf9f8daa4adee7cf8ef871c7631ed310f243e6383fc1de48dd12ba3fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 04:38:47 GMT
x-content-type-options: nosniff
age: 481615
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77251
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 13:52:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 08 Dec 2022 04:38:47 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 16F3 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 13 Dec 2021 13:26:12 GMT
expires: Tue, 14 Dec 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 17970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CB28 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b2bbc49460756bbe1fac7abcf267397bd48e979a4a0ba85fdcc74cea32cbdf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 74C1 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 346797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame 16F3 0
0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 16F3 0
191 B 94ms
26ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEKGz-oY7tSQNwqInrYwGF60&google_cver=1&google_push=AYg5qPK_ZBluxk8QZ5BQcAwfyoyAcN9iC7U35w8mhA2Q1vCrJ0pRutrkbP__g2jOc-UNyet7CqOvUFwLAOsbzf6hAza0nZAIruI
Requested by: Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:41 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 16F3
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJjmvBc7KuRQK_6zWq34Jcc&google_cver=1&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tc...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJjmvBc7KuRQK_6zWq34Jcc&google_cver=1&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLM...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo&google_hm=T5mH9IYwSWuh9-RwBa7JUw==

170 B
188 B

17ms
16ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo&google_hm=T5mH9IYwSWuh9-RwBa7JUw==

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo&google_hm=T5mH9IYwSWuh9-RwBa7JUw==
Date: Mon, 13 Dec 2021 18:25:42 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 16F3
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEHaGcIZLe3pVex274TXXiCs&google_cver=1&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEHaGcIZLe3pVex274TXXiCs&google_cver=1&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I

170 B
188 B

18ms
18ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPL7uVJXYaFfhb-GnmuOcYFB9u-g9a-KsWCkvkn9-pTv2phbp4Qd4vzy8wFT1Zxhd-vgtw4pvLnpmZ0Fbbgyh9tuU28ow-I
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET

pixel
cm.g.doubleclick.net/ Frame 16F3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 16F3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGLY-IN6HVvNYffA95vMn-s&google_cver=1&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7u...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGLY-IN6HVvNYffA95vMn-s&google_cver=1&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7u...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GdF81a3c1RTJ1RjJ5T0ZnM01GNG5tOFFYVGFPTGZSTn5B&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPH...

170 B
188 B

17ms
17ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GdF81a3c1RTJ1RjJ5T0ZnM01GNG5tOFFYVGFPTGZSTn5B&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7uLvnoP3RuHDb81rr4OzgSzluiU

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1GdF81a3c1RTJ1RjJ5T0ZnM01GNG5tOFFYVGFPTGZSTn5B&google_push=AYg5qPK_gKmMDE0Jzcjj2STAo9um1HQUfSqOvzxMpBZduSK-qvwaSrDPHC37fbPgkfY1GPKZ7uLvnoP3RuHDb81rr4OzgSzluiU
date: Mon, 13 Dec 2021 18:25:42 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 16F3 43 B
175 B 27ms
23ms Image
image/gif 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEKGiYPdHPbsu7p8uowxbuvw&google_cver=1&google_push=AYg5qPJt7bQBqG166Tx7JH_BuhTdSPnqTXWs2Gj1WQrC6dn7NsiJCWzzv_gr0fAMJZHqwJpNpmYI7gZefx73zRSqIFGeU5v2IBXB

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Dec 2021 18:25:42 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 16F3 0
12 B 19ms
19ms Image
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JEzgNmaLbwNX8hJEgzaXuykUymqQOB1qjs3x9i0pstjgpnkDlYtoakgso-MkqiLWKcJF83tIg

Requested by

Host: 0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
URL: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 18:25:42 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CB28 0
60 B 43ms
43ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 13 Dec 2021 18:25:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 74C1 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 17:23:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3705
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Dec 2022 17:23:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 74C1 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bie2kJpC3Yb78A8yl9u8PuuiEsAUAAAAAOAHgBAI&bg=!g4ClgMTNAAZKWFskSlg7ACkAdvg8WvF1cN5XHwCkXAPO3taYNuo8Tphe4NAhTjheAP-mP5m8D6ymYwIAAABIUgAAAAhoAQeZA4nmPCltOOolLgVrFqITN0n5qBcxoOOU8lx9GPN5a_MpVRjWEqz9PFwrC8rqvXwzTk75v1yUxejIJB29KqsZzCJNDLIOoXSIFSy2AzxCSGFLYY2e8O0UgSi4AaXHiwV0orEnhp7e95C7_cqPuJdj9QYWckqoxEHfgLIqqjgcpGomAe7sV3RjnXRNxWwG0jE9C4ptSfYWUXHk86JrU4HxTh6exKfQLmede_So3SYeLdTdKeqnx2aNWLWCQeyOTnJfeaWoDdosQQKW1QMWav51BBJ-S-Ab1CKBSGn74z6SRlBORnxshAdx4QhzXuggUxOxUXJVTU7Lp8aaH9xMOfkw_bQQU9T3_LoW-PF5TCDNUxJKVpj29_gguoq_o2y-KdCjjysAoM8OjyXpzsCNZWzLSRZxIRaDpLjDzFsnLQj7k7RA7KWbeYG8K2gP8i1gpP0foKsP59zbi1swWL3FYNK3KDiEXZYGHSoFTSFgLGOY6hhY5PcuZ3Pym1SrQphM0y2wu5RJqMKBlwuPEpx_gDhYl0BQgHJb9pMENLZBs4sVfOK7II6_fZUwBIcxU4Xp9x6gF3i001ZAPaAS6_wR7vkk9Tk3CaJjdzpWGI5ZKVUxkjuXxACL78nfTiG65qzhg0GGjWgo1KfPw53uoiCmI2oEmRhdPFbdFm_KD4ls9xCQc8_eAf5yINVsecdN5sKzzy1EWkz2nEoAVDjFGc-JmbrvKVF6pqTBXr9lW-eMC-6hebEmks5nb2I_F1C16ofq46OPhzcTnCMMFl5uYtPJCGPKlLNtVZEPCnZULXnXr3gDpd-pDkJINdC1BK96CrxFQcrx2Mih5n1n7rurR_4yzJx3bPrkD-r5ks70UudV81K_9kg_FYgQpp427iScQJerpSzHiQHx44qxs9oGlZK2jfSYoeYU5ge8LkTRfjQMweBx3-XLaoyYRAi810oST27_BX-fEm8CAOSY92B16mYFmWqaCJEXWaI-dycbOpsKpskjJJAY7ubRLiJva3n9NINmU6AKsNjwwUKkQgQUNBLk41sMM9jPSJ32sPzFcmMTRu74fefk5GZxH3v4rBMQjhCdmorjPTm9yR5eLbYi0_dthRZS45qpSrywAPyP6zq7o5U80-EdBlBzOwDSb2RWj9bQ1UqD3U6nKBXiRAyjvLjMOZlNCrfQWMkElgcaE9ecVRSTLrYE_xE5LQDnEQBvwA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B7FA 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIQpzvzGAnR4AczLb0pWFWSndc6MQep7ccRHSygC0CVl0ZnBgFavOoiGK4iOdC02J76_UKTwxPxIIlTxmecYCjDrZ1GdlkDcCyBnjApNoteRhIVpRc&sig=Cg0ArKJSzCmWtzABYN6REAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1993164460&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639419941347&rpt=173&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CB28 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstr0-6txS3ZS4UGiVn91-vBPKXfRdGpznxCF2Vifc20wejkFl7EHjmIhtccCVukOlyeN_7zYO83dO7O-yt4fcAYXf-oeg-lzhx5hFb8nUS9OT2aZiMpJQ&sai=AMfl-YRZJMFdnDOoDIXkXDUSiXPV4NZbGJ30AGnhIHlJr8DyX0YfdDB-QQamCJFSMe0tANnCjEFG57qUi46bXSLhg0FIoueoqyAHUBc&sig=Cg0ArKJSzGagMCWKpDf4EAE&cid=CAASEuRoCk4OhKrvd3022iaXskLC_w&id=lidar2&mcvt=1000&p=0,0,254,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=292152128&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639419942018&rpt=170&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Dec 2021 18:25:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEO0Ed-of3Ec-l8SErbxSEyE&google_cver=1&google_push=AYg5qPJjhp6xtb40kGF97myGAubI8NHv3QjLoDJLWjoEekfc3jM59IrbussX5qxUR6mDuAe-Wm08oL6XTvaMxpW1-LpOCWyTFaA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
omchanseyr.com/	1970-01-20 08:09:15	Name: OAID Value: 89fef84ecaf54beabfc7e899c410b202
omchanseyr.com/	1970-01-20 08:09:15	Name: oaidts Value: 1639419939
toglooman.com/	1970-01-20 08:09:15	Name: scm Value: 1
my.rtmark.net/	1970-01-20 08:09:15	Name: ID Value: 89fef84ecaf54beabfc7e899c410b202
stfly.me/	1970-01-19 23:23:40	Name: prefetchAd_3381289 Value: true
sanggilregard.com/	1970-01-19 23:25:06	Name: GL_UI4 Value: eJw9jVtugzAURHnTKAV1JBbQJQAJKXxWXUQ%2F0YXrECdgR8YN6u5rVWq%2F5mgeGs%2FzgiKH%2F0hChF%2FU4JXqMxPXDXdVRS0dh0PX1u1b03Hd1odThZ1ce0vDLGyE50koYeTYj5pFhhcX%2FTk3pTcVIR4MKc4QL64xZ0gHo7dVmCJEpGgRSD4uRjuNF7pqg6A7OZTKoV8i0GsR5jukn1Kx2%2BV7BFWZZ4mH%2FX0me9Zm6SUnPuLJEAv473gayYpJm2%2BkLNab1XdAz9z%2F939vw60qkbB4yNF9a3sR5gcbJkpB
sanggilregard.com/	1970-01-19 23:25:06	Name: GL_GI10 Value: eJxljNGKwjAURGuqVVFcBvyA%2FoAFa0F81u76oN8QQr2VIM0NSRTr11sVloV9G87MmSiKxHwGoS2my80qy9fZssjyAvGZGGJXYlrx1QTXSqMawvCHXKNMi8TRWbOB2JeYfLKs%2BEQY7MrFH%2Fa2BnvyntCvdGiBb6fMpb66kKomPSptMH4VH33e6f8HsfYWo2NerNNDOGFsKEhvibq4ZWfZqUCY%2FdL3VRJjpL20ju9t0sNX0A092JDkuvYUOtS7JeIJhP5MTw%3D%3D
omchanseyr.com/	1970-01-19 23:33:44	Name: syncedCookie Value: true
stfly.me/	1970-01-19 23:23:43	Name: _data_html Value: 2-1
.itsguider.com/	1970-01-20 08:09:15	Name: ezosuibasgeneris-0 Value: 3e4fa3d340943bb280bfaf7cb2df8b1b
.quantserve.com/	1970-01-20 08:53:54	Name: mc Value: 61b79024-eef0e-8eddb-0243e
.doubleclick.net/	1970-01-20 08:45:15	Name: IDE Value: AHWqTUnHPMUXemt2kApS86IPFEknc1if7uyxijeNtt8AioA_L1ohQr1fyBB1cYQUTbI
.stfly.me/	1970-01-19 23:23:41	Name: __cf_bm Value: dVWzSCo6bsmcgK9ptmxz2252Z9MntsRSCcUon5Lbyg0-1639419941-0-ARcG8IitYQctS6ElsKwx8X6gFoRlGso3fHUvdddaFyoQrSzGM2MZnHovyvjAXYCB/o/XAaIrKaOuV3WuMz2qPB5zL7QR3uUlCcXOyaoaAObLCFrV4fKaBMBVXkVl9/lEPw==
.adnxs.com/	1970-01-20 01:33:15	Name: uuid2 Value: 8241586556251632030
.adnxs.com/	1970-01-20 01:33:15	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?ccs37E!]tbPl1M>e)ZlrFUfJ+tGXxo<E^h+_AbWSd?ief:@Q[5mUxnfDNaaTuuRpP@bpRzqF1`b_k^1E6)
.casalemedia.com/	1970-01-20 01:33:15	Name: CMPS Value: 3228
.yahoo.com/	1970-01-20 08:09:37	Name: A3 Value: d=AQABBCaQt2ECEHRs1bEXKKcOV-vo5BoqcX8FEgEBAQHhuGHBYQAAAAAA_eMAAA&S=AQAAAjfFuyv8zKkQ-j2QxXW4w48
.bidswitch.net/	1970-01-20 08:09:15	Name: tuuid Value: 4f9987f4-8630-496b-a1f7-e47005aec953
.bidswitch.net/	1970-01-20 08:09:15	Name: c Value: 1639419942
.bidswitch.net/	1970-01-20 08:09:15	Name: tuuid_lu Value: 1639419942
.casalemedia.com/	1970-01-20 01:33:15	Name: CMPRO Value: 1107
.casalemedia.com/	1970-01-19 23:25:06	Name: CMST Value: YbeQJmG3kCYA
.analytics.yahoo.com/	1970-01-20 08:10:42	Name: IDSYNC Value: 18yx~222i
.bidswitch.net/	1970-01-19 23:23:40	Name: google_push Value: AYg5qPJmQIhPCGBPtv2uVaYK7bIhprQatpx6Jji5cj8Exe-0iLtf50c-s3JHjh2Fir6Wtd63Lm8NhURWhwabLMlz68Tcn8oJdWo
.casalemedia.com/	1970-01-20 08:09:15	Name: CMRUM3 Value: 2d61b790262760CAESEGx21k45hXm-C3SrkVZ_Gfo
.de17a.com/	1970-01-20 08:02:03	Name: guid2 Value: 1.422346961325328843
.casalemedia.com/	1970-01-20 08:09:15	Name: CMID Value: YbeQJoosL.xABclCe6It1gAA

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://toglooman.com/1?z=3968308 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dozubatan.com/400/4495548 Message: Failed to load resource: the server responded with a status of 403 ()
deprecation	warning	URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js Message: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YbeQJoosL-xABclCe6It1gAABFMAAAIB&google_cver=1&google_push=AYg5qPLxjOE0Qc7E9gmYChgBddtmnAc-Kk9QAozrok9kduNFPCaiUo-AWqD0Hc8izogVWM9_ySr1-je1LHf_61czoxTpeOcVWoU&google_gid=CAESEMt6HucIwwG08KFCuNZ8fYs Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0be3016462a1ddde0bc238b5bd6719cf.safeframe.googlesyndication.com
66bb2907e0561406ce5a6b2c5bab6822.safeframe.googlesyndication.com
account.adstripe.net
adservice.google.com
adservice.google.de
cm.g.doubleclick.net
d5p.de17a.com
dozubatan.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
itsguider.com
my.rtmark.net
omchanseyr.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.quantserve.com
rules.quantcount.com
s0.2mdn.net
sanggilregard.com
secure.quantserve.com
securepubads.g.doubleclick.net
stfly.me
toglooman.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
www.google.com
www.googletagservices.com
x.bidswitch.net
cm.g.doubleclick.net
google2waycm.netmng.com
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.239
142.250.185.226
142.250.186.98
142.250.74.194
18.194.61.148
2.18.234.21
213.155.156.166
23.109.82.195
2600:9000:2156:5c00:6:44e3:f8c0:93a1
2606:4700:3034::6815:5a0
2606:4700:3037::6815:309a
2606:4700:e6::ac40:c20d
2620:116:800d:21:fcb8:22d2:d390:5f1b
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:808::2006
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::200a
3.126.56.137
37.252.172.45
66.155.71.149
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
073210ddb02d4b62a72fe51d0a0612d57090d03f5435a7537ba8209eaa30c585
0b1257651fea59eb677095f3e76e5ead58175e31530e389eb4bb0a544dcfde06
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
14aadd91cbc24945e41b113bdc1428a3e037d6c79189e8360ab199dcfe24e4af
1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2dbb8fcad0e5f333957248fd5abd1ec545b0e86abd9de412e4c63a13e6183eed
2f8d89e70c17cb50d0e49eb0a9d8101f24b9b4416c65ad6b507267586f7d11f0
35d8220d75d82feac6da71c52b14e65965c124303717b17c5c8a5b48cd9093cc
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36fbd6e13661f287f0240674d7815ad2dbf7c3f3a7650a471e4d4ce1b9fe6bf4
3e5d86cc8063a401cef88aeb07b77574e39a2867d9a0dfb2b25398b565702c02
47462f59749f040cbbd8e571029653f922c119dc38eedc1f4ea54ac28909be7b
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ecb7dc9e5a48445faedf81cee05cffc6910c78910f0625dfafc08ae5b00a059
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62bd9748ef1e452a1994462c334416d785b8752da1ea076267f345508653f2cd
66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf
6fdbbb9e8f9d77d0e6285e992e67c4313fd1013c7f11940577a6ff9725e9f953
78340091e6ec3cc6eec94d144657d3270a2bebce9f92cac0dfe76d458b52c54a
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
882e04b655fc054718643c61330f4cf298ea1ad646cdc184d330c9c4897fe9e3
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
9144da7a2fef6019aeb1eb110f20e942f0a70db2c9d5618c05a706b21a11110b
93759c0e3df161e7dabddd06d38850e0f985343029a003542bc94311979a4b41
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b2bbc49460756bbe1fac7abcf267397bd48e979a4a0ba85fdcc74cea32cbdf6
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
b7adfb3bf9f8daa4adee7cf8ef871c7631ed310f243e6383fc1de48dd12ba3fd
c76af376ae991bb35f12d7c5c353f15787d00eb2611ec83fff537874da6100c9
ca35130be6b21f23c24f8a12dd3c19fd60ae2606d094768ae395d58bef8aefa0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

stfly.me Open in urlscan Pro 2606:4700:e6::ac40:c20d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

91 Requests

89 %HTTPS

52 %IPv6

25 Domains

33 Subdomains

27 IPs

5 Countries

916 kBTransfer

2462 kBSize

27 Cookies

0 Outgoing links

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

stfly.me Open in urlscan Pro
2606:4700:e6::ac40:c20d Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

89 %
HTTPS

52 %
IPv6

25
Domains

33
Subdomains

27
IPs

5
Countries

916 kB
Transfer

2462 kB
Size

27
Cookies

91 HTTP transactions
1 data transactions