holdtoreset.com Open in urlscan Pro
104.21.61.110 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Submission: On September 15 via manual (September 15th 2021, 8:53:39 pm UTC) from DK — Scanned from DE

Summary HTTP 253 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 35 IPs in 6 countries across 32 domains to perform 253 HTTP transactions. The main IP is 104.21.61.110, located in and belongs to CLOUDFLARENET, US. The main domain is holdtoreset.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.

This is the only time holdtoreset.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	104.21.61.110 104.21.61.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
36 90	142.250.102.157 142.250.102.157	15169 (GOOGLE) (GOOGLE)
2	104.17.120.107 104.17.120.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.36.8 142.251.36.8	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	142.251.36.46 142.251.36.46	15169 (GOOGLE) (GOOGLE)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
5 9	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1	147.75.38.124 147.75.38.124	54825 (PACKET) (PACKET)
1	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
5	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
37	142.250.27.154 142.250.27.154	15169 (GOOGLE) (GOOGLE)
5	142.250.102.104 142.250.102.104	15169 (GOOGLE) (GOOGLE)
1	142.250.27.94 142.250.27.94	15169 (GOOGLE) (GOOGLE)
1	52.87.113.235 52.87.113.235	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.102.155 142.250.102.155	15169 (GOOGLE) (GOOGLE)
1	142.250.27.155 142.250.27.155	15169 (GOOGLE) (GOOGLE)
29	142.250.102.132 142.250.102.132	15169 (GOOGLE) (GOOGLE)
6	74.125.193.94 74.125.193.94	15169 (GOOGLE) (GOOGLE)
31	142.250.27.148 142.250.27.148	15169 (GOOGLE) (GOOGLE)
9 24	95.101.185.51 95.101.185.51	16625 (AKAMAI-AS) (AKAMAI-AS)
1	142.250.27.149 142.250.27.149	15169 (GOOGLE) (GOOGLE)
1	95.101.184.231 95.101.184.231	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	91.228.74.134 91.228.74.134	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
3	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.178.82 209.54.178.82	16509 (AMAZON-02) (AMAZON-02)
1	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.21.192.41 104.21.192.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.197.43.243 34.197.43.243	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.90.144.255 54.90.144.255	14618 (AMAZON-AES) (AMAZON-AES)
2 3	88.221.62.154 88.221.62.154	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	188.125.89.204 188.125.89.204	10310 (YAHOO-1) (YAHOO-1)
253	35

33 104.21.61.110 (None, )

ASN13335 (CLOUDFLARENET, US)

holdtoreset.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.holdtoreset.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

90 142.250.102.157 (United States) 36 redirects

ASN15169 (GOOGLE, US)
PTR: rb-in-f157.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.36.8 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s44-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.36.46 (United States)

ASN15169 (GOOGLE, US)
PTR: ams17s12-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

okodigital-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.173.38 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.38.124 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 142.250.27.154 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.102.104 (United States)

ASN15169 (GOOGLE, US)
PTR: rb-in-f104.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.27.94 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f94.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.87.113.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-113-235.compute-1.amazonaws.com

emxhb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.102.155 (United States)

ASN15169 (GOOGLE, US)
PTR: rb-in-f155.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.27.155 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f155.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.102.132 (United States)

ASN15169 (GOOGLE, US)
PTR: rb-in-f132.1e100.net

541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.125.193.94 (United States)

ASN15169 (GOOGLE, US)
PTR: di-in-f94.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 142.250.27.148 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f148.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 95.101.185.51 (Frankfurt am Main, Germany) 9 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-185-51.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.27.149 (United States)

ASN15169 (GOOGLE, US)
PTR: ra-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.184.231 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-184-231.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.244 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.134 (United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.111.131 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.178.82 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.192.41 (None, )

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.197.43.243 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-43-243.compute-1.amazonaws.com

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.144.255 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-144-255.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.221.62.154 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-62-154.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.125.89.204 (United Kingdom)

ASN10310 (YAHOO-1, US)
PTR: e1-ha.ycpi.via.yahoo.com

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	doubleclick.net 36 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net	441 KB
66	googlesyndication.com pagead2.googlesyndication.com 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com tpc.googlesyndication.com	350 KB
33	holdtoreset.com holdtoreset.com cdn.holdtoreset.com	629 KB
31	2mdn.net s0.2mdn.net	714 KB
23	casalemedia.com 9 redirects htlb.casalemedia.com dsum-sec.casalemedia.com ssum-sec.casalemedia.com	17 KB
12	rubiconproject.com 3 redirects fastlane.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	19 KB
11	adnxs.com 5 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	38 KB
8	googletagservices.com www.googletagservices.com	236 KB
6	gstatic.com csi.gstatic.com	433 B
6	google.com www.google.com adservice.google.com	2 KB
5	openx.net okodigital-d.openx.net eu-u.openx.net us-u.openx.net	2 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	adsrvr.org match.adsrvr.org	793 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	631 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	adform.net 2 redirects c1.adform.net	925 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	indexww.com js-sec.indexww.com	2 KB
2	google.de www.google.de adservice.google.de	1 KB
2	emxdgt.com e1.emxdgt.com emxhb.emxdgt.com	210 B
2	google-analytics.com www.google-analytics.com	20 KB
2	brealtime.com biddr.brealtime.com	88 KB
1	yahoo.com ads.yahoo.com	447 B
1	rlcdn.com id.rlcdn.com
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com	378 B
1	advangelists.com 1 redirects nep.advangelists.com	232 B
1	ad4m.at ad4m.at
1	quantserve.com 1 redirects pixel.quantserve.com	497 B
1	lijit.com ap.lijit.com	632 B
1	a-mo.net prebid.a-mo.net	169 B
1	gravatar.com secure.gravatar.com	10 KB
1	googletagmanager.com www.googletagmanager.com	41 KB
253	32

	Domain	Requested by
52	cm.g.doubleclick.net	36 redirects googleads.g.doubleclick.net eu-u.openx.net ssum-sec.casalemedia.com
37	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com holdtoreset.com googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net www.googletagservices.com
31	s0.2mdn.net	holdtoreset.com 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
27	holdtoreset.com	holdtoreset.com
23	tpc.googlesyndication.com	securepubads.g.doubleclick.net 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
21	dsum-sec.casalemedia.com	9 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
10	googleads4.g.doubleclick.net	googleads.g.doubleclick.net holdtoreset.com
10	securepubads.g.doubleclick.net	holdtoreset.com securepubads.g.doubleclick.net 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
9	googleads.g.doubleclick.net	541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com holdtoreset.com
9	ib.adnxs.com	5 redirects biddr.brealtime.com acdn.adnxs.com
8	www.googletagservices.com	securepubads.g.doubleclick.net 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com www.googletagservices.com
6	csi.gstatic.com	securepubads.g.doubleclick.net
6	541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	cdn.holdtoreset.com	holdtoreset.com
5	www.google.com	541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com tpc.googlesyndication.com
5	fastlane.rubiconproject.com	biddr.brealtime.com
3	token.rubiconproject.com	3 redirects
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	match.adsrvr.org	eu-u.openx.net ssum-sec.casalemedia.com
3	eu-u.openx.net	biddr.brealtime.com eu-u.openx.net
2	pixel.rubiconproject.com
2	sync-tm.everesttech.net	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	c1.adform.net	2 redirects
2	sync.mathtag.com	2 redirects
2	js-sec.indexww.com	biddr.brealtime.com ssum-sec.casalemedia.com
2	eus.rubiconproject.com	biddr.brealtime.com eus.rubiconproject.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	biddr.brealtime.com	holdtoreset.com biddr.brealtime.com
1	ads.yahoo.com
1	id.rlcdn.com
1	beacon.lynx.cognitivlabs.com	1 redirects
1	nep.advangelists.com	1 redirects
1	ad4m.at	ssum-sec.casalemedia.com
1	secure.adnxs.com	ssum-sec.casalemedia.com
1	us-u.openx.net	eu-u.openx.net
1	pixel.quantserve.com	1 redirects
1	ssum-sec.casalemedia.com	js-sec.indexww.com
1	acdn.adnxs.com	biddr.brealtime.com
1	ad.doubleclick.net	www.googletagservices.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	emxhb.emxdgt.com	biddr.brealtime.com
1	www.google.de
1	stats.g.doubleclick.net	www.google-analytics.com
1	htlb.casalemedia.com	biddr.brealtime.com
1	ap.lijit.com	biddr.brealtime.com
1	prebid.a-mo.net	biddr.brealtime.com
1	okodigital-d.openx.net	biddr.brealtime.com
1	e1.emxdgt.com	biddr.brealtime.com
1	secure.gravatar.com	holdtoreset.com
1	www.googletagmanager.com	holdtoreset.com
253	52

This site contains links to these domains. Also see Links.

Domain
cdn.holdtoreset.com
news.google.com
www.facebook.com
twitter.com
www.youtube.com
steamcommunity.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2020-01-22` - `2022-03-22`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.a-mo.net R3	`2021-07-16` - `2021-10-14`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-10-06`	2 months	crt.sh

This page contains 28 frames:

Primary Page: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Frame ID: 29E56D014221A9B9D6CD491AB68E4AF9
Requests: 66 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.js?nnn=1631739208672
Frame ID: 2B1860D4F7F95B9A1A3B08497B42622C
Requests: 2 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6C45863B0AE726A7379595615DC6B4CF
Requests: 1 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 41B69B4EB8F1671440CA948AA415E5C6
Requests: 16 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 123891ED0F9C3437F605D0079CC30916
Requests: 21 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D6DE19A832C1C80A4839D5D507057333
Requests: 16 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CC018867D63BCAD89DE0A1289265021E
Requests: 15 HTTP requests in this frame

Frame: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C3B3245E8D80946AF3C9CAA6BAEFB5EE
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI
Frame ID: 5C520490763355D6495A8B5CFDAA18C0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II
Frame ID: 5730E5F1D9FA7DE42A17B4AAF0BB8B30
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI
Frame ID: A2A9BB2B8B01A6194AC754301BAD09ED
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM
Frame ID: 545A2E88ADDCC77710C4969EBC5198BD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U
Frame ID: 9E1B25994971A38467E4107C789E58CA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 81418460A9C0C7BCE7DEDF1E97C43807
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0DDC5ED081634A60AF22ACFE2636DBC5
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
Frame ID: E4CC46F37F15C6C735C63B1849D3576F
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ABBA35CEA31B174808A408111CAC1835
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F96BA12F4AC4E2E74F0ED78DD821B7D0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 07DD2630B07EC5704C64A34CB47C966C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DEE4EA482F209F2293F46750A0D69221
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 272070DBF9D547803DB6DFA42001CFE4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0DCE848DD4693F96870949866B57CC66
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html
Frame ID: 51D2D05740C5F65D9F44DE26D0EF399B
Requests: 13 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 00C493137C6047C170E9687A1D80F42A
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C7CEA4905B8E8AA3AB44E6F8BD1A80BA
Requests: 10 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Frame ID: 07519DD11B6F9A8F9418AD193308FB03
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 27E5A9733DB2AA91A52FEDC1FBA30EBE
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: CD2446B5F0F7A269B8D9C1039655A57F
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ori and the Will of the Wisps: The Lost Compass Guide

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Gravatar (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<[^>]+gravatar\.com/avatar/

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

253
Requests

100 %
HTTPS

0 %
IPv6

32
Domains

52
Subdomains

35
IPs

6
Countries

2598 kB
Transfer

5395 kB
Size

38
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/11182050/Where-to-Find-The-Lost-Compass.jpg

Search URL Search Domain Scan URL

URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/11182135/Where-to-Find-The-Lost-Compass-2.jpg

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBwgKML-PnQsw0Jm1Aw?oc=3&ceid=CA:en
Title: HTR on Google News

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Hold-to-Reset-524483957725545/

Search URL Search Domain Scan URL

URL: https://twitter.com/HoldToReset

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSAFh4TURJxXmX-eK0zVq_Q

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/groups/HoldtoReset

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 128

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Request Chain 130

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 134

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Request Chain 136

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 138

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Request Chain 140

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 142

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Request Chain 144

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 148

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Request Chain 150

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Request Chain 223

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1e3c6142-5d4c-4000-b808-dd9c1154b286

Request Chain 224

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=ixiGQohNhhOQSopC3xmfFttK0EmQSIQTjhmo_Xn2

Request Chain 225

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5462359321968612908

Request Chain 227

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1&google_tc=

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=

Request Chain 233

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=

Request Chain 235

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&dcc=t

Request Chain 238

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5e497b71-ac8e-45d3-a0f8-ecffcc729d6c

Request Chain 239

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=1459bd2b-28f8-42a2-833e-6e6e3e3e8d14&expiration=1663275213

Request Chain 240

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6850256131040810176&uid=Q6850256131040810176&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 243

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ&google_tc=

Request Chain 244

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YUJdTQABy-weXwA6 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUJdTQABy-weXwA6&_test=YUJdTQABy-weXwA6

Request Chain 245

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q=&google_tc=

Request Chain 247

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=1e3c6142-5d4c-4000-b808-dd9c1154b286&expires=28

Request Chain 248

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTLZE7P4-Y-SWT&sigv=1&esig=2~728c4f9d067818f3279d58244d5c8b2d5c0d5d5a

Request Chain 249

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=

253 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/ 69 KB
18 KB 1140ms
984ms Document
text/html 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.13
Resource Hash: c2d72a577cee8bf989e7c2f4dcc0450d14e349889855b9973839052358cd8758

Request headers

:method: GET
:authority: holdtoreset.com
:scheme: https
:path: /ori-and-the-will-of-the-wisps-the-lost-compass-guide/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.13
link: <https://holdtoreset.com/wp-json/>; rel="https://api.w.org/" <https://holdtoreset.com/wp-json/wp/v2/posts/36818>; rel="alternate"; type="application/json" <https://holdtoreset.com/?p=36818>; rel=shortlink
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FxqUEaUWJ1YMebVEKEyni8EC%2B3nZ0VVsOI2aeqnJ9KNYP5i1Qcbxv%2B4c1icFMpoOf855lb%2F%2BQLMponpy26OeJMfUufQvFZ7fQar4jLFrczpfLDRjBcbgcSUSv5RGuc5MwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68f4be9eaac80834-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 fa-brands-400.woff2
holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/ 77 KB
77 KB 48ms
47ms Font
application/octet-stream 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Request headers

:path: /wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2
pragma: no-cache
origin: https://holdtoreset.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Origin: https://holdtoreset.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 78472
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: "60402c14-13288"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bk0wf1YQ1nAzdiJlcXH67hzSQyIIwWVuv5%2FS3KqyPGFXduLmu0yAyZ9UsUkpewmQ8APuUxTZFFYWlJFLCK0EWh9SD26v1%2Fy%2BGpbO%2Bp8l9QidCr4tdxxvUSu9m20bynulrIo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68f4bea50d0b0834-CDG

GET
H2 200 fa-regular-400.woff2
holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/ 13 KB
14 KB 25ms
25ms Font
application/octet-stream 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Request headers

:path: /wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2
pragma: no-cache
origin: https://holdtoreset.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Origin: https://holdtoreset.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13588
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: "60402c14-3514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z35vvzYujEFAI2bDsk6rSdFIzyAZ6h6kp4t3defn%2FteDIefptZuc1S%2BsZgZlNnRaoRe4j4QwfAdOvIFmnF2vlk6eG9M7iA3h2K8fbiDAbRX1hue2MkcxGy3eMK40i1wmFG4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68f4bea51d0e0834-CDG

GET
H2 200 fa-solid-900.woff2
holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/ 78 KB
79 KB 28ms
27ms Font
application/octet-stream 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Request headers

:path: /wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2
pragma: no-cache
origin: https://holdtoreset.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Origin: https://holdtoreset.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 80252
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: "60402c14-1397c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hoVVyKBbZZQOTJQBuhiAmhQB22xV67plQt58D6cx9JvOb6JdHRhu0vzbCMfJcGNm80FINat%2FbfIaRNhf3jUlp3mBsmxWsVWS4RUN26jv4Vo0ztFHlOHE6DmGo4itD%2Fb4xA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68f4bea51d0f0834-CDG

GET
H2 200 style.min.css
holdtoreset.com/wp-includes/css/dist/block-library/ 57 KB
9 KB 42ms
41ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 09:18:22 GMT
server: cloudflare
etag: W/"607804de-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1tf6tcDT5uEKhMu4zXAKjvj3o99a5A2GrJlwxFO3tgthqu4G%2BEeAgE5LtbaMwujBuNFRjW8CNQvuGVwxR3F1FxD%2F2c1%2FvXQ6nEcR%2F3f89XKkbCjwQzEIlqNI9Ah6m9YsBs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea51d190834-CDG

GET
H2 200 admin-bar.css
holdtoreset.com/wp-content/plugins/anti-spam/assets/css/ 1 KB
745 B 25ms
22ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/anti-spam/assets/css/admin-bar.css
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd9e1f6390136b9c83e656c6434f5007b910f584a7df35527fcdb1e883991282

Request headers

:path: /wp-content/plugins/anti-spam/assets/css/admin-bar.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 26 Mar 2021 21:06:41 GMT
server: cloudflare
etag: W/"605e4ce1-563"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBN7gKVaUJZas4hzIl9zuPDbi0C26pAprZV82NuhPAH%2BN76rRFGmP7Ld7YksOXnLtXGh31R%2FC5m8cAei%2BWxUVKEY8MA6m%2F3lmuH5Jihb54F5YAY6gei%2FwV4UlYrv4J4BYdg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea51d1a0834-CDG

GET
H2 200 swipebox.min.css
holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/swipebox/ 4 KB
1 KB 40ms
36ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8348fe66b515449f719cb7b8278e1c84009bdaa96e18981641bc1e77d9e4cf1a

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Mar 2021 15:19:33 GMT
server: cloudflare
etag: W/"603d0605-1080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmjEn2ptQsyzQwvfcijQiOgslHJdlKutMty1pjdCKgKIBaTDY%2F7jMhbIR4jtOI%2BMxSOv1kis%2FF%2BX4%2BWIP4nAS1o3vCEGhIsaBuDWbLq1b2ApA6pwQMIPlXZ8KsFk5qbPYvU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea51d2b0834-CDG

GET
H2 200 style.css
holdtoreset.com/wp-content/themes/childthemehuemen/ 3 KB
1 KB 41ms
37ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/childthemehuemen/style.css
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1f5b98b33b416eff8b46de22aa601f5cea827305010b7a977ade6aa53804676

Request headers

:path: /wp-content/themes/childthemehuemen/style.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 20:17:55 GMT
server: cloudflare
etag: W/"60414073-a0f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38U3dtMvl8ErEYaG%2BDf9HeWWJRl9xqGriy4JuQ%2B%2F9bZd87f7tjhdyEDRBFldiPfHXN86nZVlde%2FmhRg0LacR%2BOEEtzH0WtyHrCDkV9vkVJ1grHwjgzNvrqqHlw1CAZM8yqE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea51d340834-CDG

GET
H2 200 main.min.css
holdtoreset.com/wp-content/themes/hueman/assets/front/css/ 92 KB
19 KB 44ms
42ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/css/main.min.css
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7829ed90578e36b00d0963d4fb11cf6907508e68453f5460c2e0af0386bdf353

Request headers

:path: /wp-content/themes/hueman/assets/front/css/main.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 04:07:25 GMT
server: cloudflare
etag: W/"60405cfd-17017"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ythjWGwT2sTx8PEYR16BBJTT7IjiBid0bql10KWwzDCFd03j8pxAY6vLNd3l5T1JMFNrvghgrxq4Zs9wAAkxRAZOSdXJI%2F7ezv3JM8L7lb%2BKV0sL2gSuL3C8qIEKAUtHMr0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea51d370834-CDG

GET
H2 200 jquery.min.js Show response
holdtoreset.com/wp-includes/js/jquery/ 87 KB
32 KB 40ms
39ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/jquery/jquery.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path: /wp-includes/js/jquery/jquery.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Mar 2021 15:42:37 GMT
server: cloudflare
etag: W/"603d0b6d-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16nivC%2BrrT10xU%2BTM8%2F0sdWfkLTDl%2BKiKhf7LWuT8IgAScGY9CLg%2BO2kfMXSK3bnBBNCYWuAi7qbhfOnxdq6vYYAG4bPG%2FthMlB4woofC%2BtqQJElhPN0iX13jAEwkUPOx%2BI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea51d390834-CDG

GET
H2 200 jquery-migrate.min.js Show response
holdtoreset.com/wp-includes/js/jquery/ 11 KB
5 KB 39ms
37ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/jquery/jquery-migrate.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 26 Mar 2021 21:04:43 GMT
server: cloudflare
etag: W/"605e4c6b-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lrZYfNYwmxItWvwW7u5fJ5E%2BpKbA9Aw3O3MLbjLBw4x5a8YxJ6a5tdCrOR9y6MSD5wgZCVdwU%2BCF65JBIezX8Vo4RAgFuLiFoHloIOAbI6ScVqNqqfZ4gsmqF3g8dvoUhAM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea51d3b0834-CDG

GET
H2 200 ai-jquery.js Show response
holdtoreset.com/wp-content/plugins/ad-inserter-pro/includes/js/ 18 B
331 B 44ms
43ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/ad-inserter-pro/includes/js/ai-jquery.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5257f9ca13e924a41ca83bdec64768c6b1eaaa16fbb0e9a0fe22873f0c6efa7c

Request headers

:path: /wp-content/plugins/ad-inserter-pro/includes/js/ai-jquery.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5385
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 18
last-modified: Sun, 14 Jul 2019 03:26:13 GMT
server: cloudflare
etag: "5d2aa0d5-12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtU6Dhvno4YpKoHkiVtUP9u5YZ6pO4aHCtkUZugT%2FfmqT7Arelt5Pyzf0pwVetfm5I1G%2FpnAPJtoRHW2sPhH3uwoay6n3LMTxLj8jMnxv%2FqGVgix6wPjSMgo7jXvMxwPC3U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68f4bea52d640834-CDG

GET
H2 200 jquery.swipebox.min.js Show response
holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/swipebox/ 13 KB
4 KB 43ms
42ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 926d1ab3abf48cf01377caf6adbed8c8a5e9dd1726e174c945af41137661404d

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Mar 2021 15:19:33 GMT
server: cloudflare
etag: W/"603d0605-3275"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwOSpyyNk1Brfggasd7LsMAqBTUwodIt5CIwWvtqs%2Fvp%2B6R13%2FdcyrBZ0S7P4lGIFaZTIhvKtbY3yL0q7MJTkEM5yxKe6tCJQ%2FJ6YI8GP6X7VzdOaIih5wITh63XAreoliI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea52d660834-CDG

GET
H2 200 underscore.min.js Show response
holdtoreset.com/wp-includes/js/ 16 KB
6 KB 50ms
49ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/underscore.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Request headers

:path: /wp-includes/js/underscore.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 09:18:22 GMT
server: cloudflare
etag: W/"607804de-3ead"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYrJ9Q4DPuXb5Ki2%2BBUCZEu92tTaLwlCyuU1cWpUBzrhsmtOfeMaFlSb%2FtY4GphnGVKi7NRs0wfmHSwcvxjs919cbZZ76pyHokQinIskTypnzKiv%2F3XZY3Mbt8VAyvSkX8A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea52d680834-CDG

GET
H2 200 infinite-scroll.pkgd.min.js Show response
holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 42ms
41ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f

Request headers

:path: /wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Mar 2021 15:19:33 GMT
server: cloudflare
etag: W/"603d0605-64e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=743P2dpxIRI00KdyEq6bCQ8qRERC9dDhkRI9FPnjKlhC%2BVR9t4dzBo%2FZ%2BNXJc8aKi0PIvZfCeG6wgHi%2Fnt%2FzaoXw79LPgNZWBoY%2BJJPKdIAt10njVqu8Q3fllx9zynY4nOw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea52d690834-CDG

GET
H2 200 front.js Show response
holdtoreset.com/wp-content/plugins/responsive-lightbox/js/ 26 KB
6 KB 43ms
42ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/responsive-lightbox/js/front.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a

Request headers

:path: /wp-content/plugins/responsive-lightbox/js/front.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 01 Mar 2021 15:19:33 GMT
server: cloudflare
etag: W/"603d0605-68e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VEL2FDFp%2FfZ4ipaEeJc7xFeTrdvLUHjYo93M8iRCFMfjbVrAydWV9uKeKCpXJKJY%2BjC1Aq%2Fbuu2oU7pEP87jf23XNc8LJaj9e6lX%2F6ByxgESFPcBu5Gg0%2FUG%2FIlxEZwODqo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea52d6b0834-CDG

GET
H3 200 mobile-detect.min.js Show response
holdtoreset.com/wp-content/themes/hueman/assets/front/js/libs/ 38 KB
17 KB 22ms
22ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/js/libs/mobile-detect.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6df968e65ed4801aeaf8c0633eeeea07d7639f9048302b29d87359730e76c869

Request headers

:path: /wp-content/themes/hueman/assets/front/js/libs/mobile-detect.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: W/"60402c14-9820"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pW4fwJIBBtcCn9Z%2BXoy1o0lDyz1xuYBtqeX7AnuzJpv0u9XJDBnzvJQXCape6ZL4GpuAoz96iea%2FX%2BfO8SbHBjHJgKgnP831dKjRy01cdxp8W9Q5lF%2Fzu4zKfk0NVXwmWic%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea5bcb03a05-CDG

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 78ms
28ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

74a25ed30a2bde7ab590636a95daad501c8cd4f3984446270bd1925188785475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "988 / 166 of 1000 / last-modified: 1631731767"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24992
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Sep 2021 20:53:28 GMT

GET
H/1.1 200
OK 76130950-1579.js Show response
biddr.brealtime.com/ 278 KB
87 KB 71ms
22ms Script
text/javascript 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/76130950-1579.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7bee1a8c8ded1d0e61fb3f21eed3c367a6bc94d2295a562bd5067c3f1243348

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 20:53:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 217
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: 9HRFJ8EMTCQJ92Q8
x-amz-id-2: 3ZhrJTm8fM6j5V8Foj+lf1d6JIGzqcBEO/cOxvO72l54MLlb+z4rr6aextYo7GzpshdXy53gY6U=
Last-Modified: Mon, 07 Jun 2021 08:28:16 GMT
Server: cloudflare
ETag: W/"171443a46aed2f249c413d9feac56ddf"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=60
CF-RAY: 68f4bea56ac2874d-DUS
Expires: Wed, 15 Sep 2021 20:54:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
41 KB 108ms
39ms Script
application/javascript 142.251.36.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72398024-1

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.36.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s44-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c2d8d4301e5ed9786fd7a2ece804cd3375f0cc75a65adce60bb17abac7e98f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41187
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 19:42:44 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Sep 2021 20:53:28 GMT

GET
H2 200 email-decode.min.js Show response
holdtoreset.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 40ms
39ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://holdtoreset.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 12:26:08 GMT
server: cloudflare
etag: W/"61375a60-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1PQw26zoQEItkUX4hdraeNA1vuHySusZ%2Fb2jViGhbMrdjYpTasMNJnNkGsjJSsxTOJyh85n5M0baxgsrlKO%2FTsePxtJlwrezIGNDVXEmUwxEfCncDUq5yIfUQ44VI1SJYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68f4bea52d6e0834-CDG
vary: Accept-Encoding
expires: Fri, 17 Sep 2021 20:53:28 GMT

GET
H3 200 wp-emoji-release.min.js Show response
holdtoreset.com/wp-includes/js/ 14 KB
5 KB 24ms
23ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/wp-emoji-release.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 26 Mar 2021 21:04:43 GMT
server: cloudflare
etag: W/"605e4c6b-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCPbzVoWFhPM1C2kVdh6qHIld9aLInteeDa8KtoQTXa06y74HDtaWziGVA6R5pLzT7aqMZOsYc9jVIER%2FTb3mvIRgscwWrCQVFGnC8Migbp6dKvf%2BQOvB8quqwgXKZQnAMU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea64d983a05-CDG

GET
H3 200 anti-spam.js Show response
holdtoreset.com/wp-content/plugins/anti-spam/assets/js/ 1 KB
1 KB 25ms
24ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/plugins/anti-spam/assets/js/anti-spam.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d34ea16129e77c49c444f4b002a797e3105c4791199d085a02d7df1ef9358aa7

Request headers

:path: /wp-content/plugins/anti-spam/assets/js/anti-spam.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 26 Mar 2021 21:06:41 GMT
server: cloudflare
etag: W/"605e4ce1-480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=REClY6bmrQbmbvfvqhg2jbN4GjsU0U%2Fvi6t1%2BlOkvqM0%2F6cqhjL14GKD2oxpTS6bKZmb02lt3R6hUOu1cwLQsaqH%2BW98AWUdKJDOBgzBUbnC8IBeJ%2FCXCJdo6WNtspO3TIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea55be83a05-CDG

GET
H3 200 hu-init.min.js Show response
holdtoreset.com/wp-content/themes/hueman/assets/front/js/ 641 B
961 B 34ms
25ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/js/hu-init.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d1714057127e8cd32d3d493eae000981b88d6b1906b4592b96f3776b4f077ba

Request headers

:path: /wp-content/themes/hueman/assets/front/js/hu-init.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: W/"60402c14-281"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOwmPZrAHPIm842uuU8EfmkfX7eR5pBeY1okdiw1DSenVAe21foisu6sGoOMpdMzeXls1kQLF8DLbdWO9NNxeHLkd%2BsIUUmFP6MG9yOMA8y3QK4uDjbWEelFQR6kuDUhrj4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea56bf73a05-CDG

GET
H3 200 comment-reply.min.js Show response
holdtoreset.com/wp-includes/js/ 3 KB
2 KB 35ms
28ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/comment-reply.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

:path: /wp-includes/js/comment-reply.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 09:18:22 GMT
server: cloudflare
etag: W/"607804de-ba8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQyiWcC1l685stBOEzClkO67YT4OFsFz9n8R23VpT8aq49dBchhKAHmb85Dbfgc4G3S5dNq8fnv89nkYfIugqdVRVV2aRM%2FlWd2IeHAzShpaPIFmVAZhHIkgCJC0Ukx7TyY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea56bfb3a05-CDG

GET
H3 200 wp-embed.min.js Show response
holdtoreset.com/wp-includes/js/ 1 KB
1 KB 27ms
24ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-includes/js/wp-embed.min.js
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Fri, 26 Mar 2021 21:04:43 GMT
server: cloudflare
etag: W/"605e4c6b-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bmjGUNIRHJry8lG2kxPV4%2BZTyywr%2Bcde36ETvBQqzip%2B%2B8PQaxYghPBLuq%2FopgkY5QL37iEkdPEx7wNETQU%2FcUWLhgmOlLK5LDNWbqC6TruCANDEIKBoAMt1iIrp6YUMpd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea56c073a05-CDG

GET
H/1.1 200
OK check.js Show response
biddr.brealtime.com/ Frame 2B18 641 B
1 KB 244ms
244ms Script
application/javascript 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.js?nnn=1631739208672
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cacbe8d075be5b96af1d81fa4753efcb5fdf25ae5acfbf8b6fe16fba1197eace

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 20:53:28 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
x-amz-request-id: 3588QDW2T2H30EN9
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: WsmUw8JTKksAmMqMi3z4TaDjsj8qf7UO3evKGr9NtCUz2CVJMNZqCgDeCsEyiwm+f5u8usyQgLQ=
Last-Modified: Tue, 11 Feb 2020 20:09:04 GMT
Server: cloudflare
ETag: W/"81b479edefd671af66d52c0ad9347d68"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=60
CF-RAY: 68f4bea64c34874d-DUS
Expires: Wed, 15 Sep 2021 20:54:28 GMT

GET
H2 200 HTR-Logo.png
cdn.holdtoreset.com/wp-content/uploads/2020/05/01122105/ 2 KB
3 KB 37ms
25ms Image
image/png 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/05/01122105/HTR-Logo.png
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2324ee0b166029690fa1fec5dca5a3afa08baffd9c68e6aa58a0ec55351bd326

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12585447
cf-ray: 68f4bea688210834-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2292
x-amz-id-2: UcWzohbxYsTBBJ6nErH09zgxYLec+zEhoNzxvClRhfpIwOp6oAGEHiNL8VFJHRaA1ulavEuHQwk=
last-modified: Fri, 01 May 2020 18:21:06 GMT
server: cloudflare
etag: "7d2ec8dce0ce6ec1399b60b8c8b792e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwvcygxp03H2hjWJCiicQrOMWzer5zOCV53MSqbYEz%2FA2IX8LrOKlTYGUhSiOYnule1Z%2BDnVSYxLy6NDXMG%2BxkVC32OPxbEzjZ9wYyCrlpg87pVRh7XX9ERDw4rNUTaBhx4gElcV"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: ZYCFMRRW29VT6GRG
cache-control: max-age=31536000
accept-ranges: bytes
content-type: image/png
expires: Sat, 01 May 2021 18:21:05 GMT

GET
H3 200 Where-to-Find-The-Lost-Compass.jpg
cdn.holdtoreset.com/wp-content/uploads/2020/03/11182050/ 96 KB
96 KB 653ms
652ms Image
image/jpeg 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/11182050/Where-to-Find-The-Lost-Compass.jpg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef84c2db59f8487061b457275c4e0956cae815397a1e6d73c2f0c2d71dbf1022

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: AE1REY5PT2MV9VR8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 98017
x-amz-id-2: 7cTWsj2WAteGIHeBh4Be/tTXJkZEEdkSxTlTPfxmVDT+wqKhZ7nePzokxLujse1LrQ3djEmVF6s=
last-modified: Thu, 12 Mar 2020 00:20:52 GMT
server: cloudflare
etag: "6ab33f180b38687f9906a5a03e3d6b2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0m9Q0nVLmvABCz9NZlbomfSCRD3vyp2ICVlk6TUVGWszn39rwFUkbLMOawMaRuLSCXp0DHM84B%2BnKDZ8UpP4VJ2oGHDP%2B4T3wHvtByzrahAcXoJXeyNlC2QkeVtp7sWEWwo3iKbT"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 68f4bea6ce703a05-CDG
expires: Fri, 12 Mar 2021 00:20:50 GMT

GET
H3 200 Where-to-Find-The-Lost-Compass-2.jpg
cdn.holdtoreset.com/wp-content/uploads/2020/03/11182135/ 128 KB
129 KB 631ms
631ms Image
image/jpeg 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/11182135/Where-to-Find-The-Lost-Compass-2.jpg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 724c2f6418710695d43b86863a1afb6fad49a65681130bb4af73650d3f7eb0be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: AE1HBDGAFW67RCE5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 131284
x-amz-id-2: m0Zb0FjZ5YxwEaL3mqqQnUkpVsM0YvDLybjACJxOsDFdoc2F5Z33McTquli+XUK9FzeuQBPFjkc=
last-modified: Thu, 12 Mar 2020 00:21:36 GMT
server: cloudflare
etag: "6252d6e778d1161f0afe561cb683b476"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=palh6vXXXvBWewqk4BTD%2F5vWQSmk4YxYq9oyb6rL0YFJOwd57tliOrEUCMcFIsuXCeDhYLjySNbqYvXMhp9GYXZhy%2BTRU7hcW%2FKVVDx8%2F7kkpZN7PFvMSX%2BmYy5LJvMvSUS5%2B9V7"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 68f4bea6ce743a05-CDG
expires: Fri, 12 Mar 2021 00:21:35 GMT

GET
H2 200 8209e88508876c0e81b85ecfb1025eed
secure.gravatar.com/avatar/ 10 KB
10 KB 48ms
7ms Image
image/png 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/8209e88508876c0e81b85ecfb1025eed?s=128&d=wavatar&r=pg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4a0eea6626fa96be69a1d48df3f8493661e2c2ea0fa8b5caa949f765a66abea4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 15 Sep 2021 20:53:28 GMT
last-modified: Thu, 30 Nov 2017 23:46:02 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="8209e88508876c0e81b85ecfb1025eed.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/8209e88508876c0e81b85ecfb1025eed?s=128&d=wavatar&r=pg>; rel="canonical"
content-length: 10452
expires: Wed, 15 Sep 2021 20:58:28 GMT

GET
H3 200 how-to-light-the-furnace-in-Baurs-Reach-520x245.jpg
cdn.holdtoreset.com/wp-content/uploads/2020/03/13143534/ 20 KB
21 KB 560ms
559ms Image
image/jpeg 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/13143534/how-to-light-the-furnace-in-Baurs-Reach-520x245.jpg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 517f4d36e0b879aadb5202a4dc6447c7af6e25e64a21403029ddcb8e20e2d95b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: AE1NQC19V1WA67NK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 20950
x-amz-id-2: WNGIaPKhzKxhh+GqAIbDfKxlccMqaBItd9f4TFbMHdJIUblUJWmLOEIBSRIx/hhRs1KeOD19ZV4=
last-modified: Fri, 13 Mar 2020 20:35:37 GMT
server: cloudflare
etag: "c5713cd74fc9cf3c826039bf5ad1bb73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGVbzKdxGN9%2FG%2BBCR3Wg%2F3sl9GKajuePPYW4GWKkoRSt1AQhBjFqhldT5gexy8DiWOGwGHxL7VwShidH%2BY75LYRziHR6bDy%2B7r9%2FbD%2FchdRCVKcBmzkXFuC3H5eoybRi34MqS93n"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 68f4bea6ce7b3a05-CDG
expires: Sat, 13 Mar 2021 20:35:36 GMT

GET
H3 200 Reward-for-Completing-the-Regrowing-the-Glades-Side-Quest-520x245.jpg
cdn.holdtoreset.com/wp-content/uploads/2020/03/14145812/ 19 KB
20 KB 545ms
543ms Image
image/jpeg 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/14145812/Reward-for-Completing-the-Regrowing-the-Glades-Side-Quest-520x245.jpg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b34064dd651e7de17800e610fb0e39682afc550b4c94a427269d7153599c7e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: AE1VKSR2TVNP32JZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19818
x-amz-id-2: RLruqH+T9pCuXi/wWsdMvHJ4GeOWM73d4r8aflLscWHc0YIeJCNZbmFFwm8HUIjeLWRskq2HKx4=
last-modified: Sat, 14 Mar 2020 20:58:16 GMT
server: cloudflare
etag: "8ac97f212b2f9b706f3f515e387171f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8P40wCsvR9NSk3KPv6gtCkJDPZsesP%2BQTFJ5r4rFXtkursItGpLykKxXHgcL7SPaKZQsFHqrdVEn6BradwCCk5jlZNYqXx0TamG2VDgNnS4jpw6oWYW0dj6%2FZ6v6rEp6PKByl5N8"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 68f4bea6ce7c3a05-CDG
expires: Sun, 14 Mar 2021 20:58:15 GMT

GET
H3 200 How-to-Escape-the-Silent-Woods-520x245.jpg
cdn.holdtoreset.com/wp-content/uploads/2020/03/12132745/ 16 KB
16 KB 434ms
433ms Image
image/jpeg 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.holdtoreset.com/wp-content/uploads/2020/03/12132745/How-to-Escape-the-Silent-Woods-520x245.jpg
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4583afde7981cdf42215109b7baf7bee2bdbd6f45d22b4fb4f1e7e687dcf7665

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: AE1ZYRP2NY6JKG4S
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 16077
x-amz-id-2: zh5lEGYeECSHFYr2Hu01PghA35QPycHNTqn9onF2YtUgT9CPBwhlEUXCeF8HYY3RBNaLgv1/cN4=
last-modified: Thu, 12 Mar 2020 19:27:48 GMT
server: cloudflare
etag: "5e5b9f4dffe9a52a0f82b42c62eaf4ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RdyjDOHLmtbtLvxWN%2Bhnuuq2ml%2FWtR2T5fZM%2Fvmv1iMJnF1o9cZhn7jpIv3NFEJgVP06wH4dQ5EhwwKL8L8lFX4exrBFrWL%2F9ZC2ugmazNhLmD1nysXYZBT6DknXcx2JtFW5QRA1"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 68f4bea6ce7d3a05-CDG
expires: Fri, 12 Mar 2021 19:27:47 GMT

GET
H3 200 scripts.min.js Show response
holdtoreset.com/wp-content/themes/hueman/assets/front/js/ 75 KB
22 KB 26ms
25ms Script
application/javascript 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/js/scripts.min.js?3.7.5
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/js/hu-init.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 398f165fb90ea53788cd1a05817c7d5c093ea3b2f4aee44a4e823ed48c8a555a

Request headers

:path: /wp-content/themes/hueman/assets/front/js/scripts.min.js?3.7.5
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 149
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: W/"60402c14-12b78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2rO9scSS%2BBtFnjMsYmEIOqRW2ub3IGKMu1MuxGVjIGdMHomBTRnW6WeEWGubP9oIfthyleSRsNlF4vymux0qCAgrp%2BdbtPK%2FvNY8SHz%2FKjMZOGovhN75EC0VZvc%2BjFPqyc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: max-age=14400
cf-ray: 68f4bea70f023a05-CDG

GET
H3 200 pubads_impl_2021091001.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 51ms
26ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

7345db8b8745d32b70fbbb0867ab8488760e99ce94aa40a78e73ad7fcba15866

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119453
x-xss-protection: 0
last-modified: Fri, 10 Sep 2021 19:52:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Sep 2021 20:53:28 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 70 B
95 B 51ms
27ms XHR
application/json 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=holdtoreset.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e21d0e97db8221de788cba8ede1bcfcc20d1546f8303ae2d008f8e23db7464dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70
x-xss-protection: 0
expires: Wed, 15 Sep 2021 20:53:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 96ms
29ms Script
text/javascript 142.251.36.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72398024-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.36.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams17s12-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2212
date: Wed, 15 Sep 2021 20:16:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Wed, 15 Sep 2021 22:16:36 GMT

GET
H3 200 font-awesome.min.css
holdtoreset.com/wp-content/themes/hueman/assets/front/css/ 58 KB
13 KB 24ms
23ms Stylesheet
text/css 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/css/font-awesome.min.css?3.7.5
Requested by: Host: holdtoreset.com
URL: https://holdtoreset.com/wp-content/themes/hueman/assets/front/js/scripts.min.js?3.7.5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59

Request headers

:path: /wp-content/themes/hueman/assets/front/css/font-awesome.min.css?3.7.5
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 149
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 04 Mar 2021 00:38:44 GMT
server: cloudflare
etag: W/"60402c14-e877"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrkYbbt6UkPFWjy3tMWLE5mWccUo6SjT%2FrO3j19XowYtT1%2B394YtbnNoNnil8w7FSE2t5ygZt1DWu%2FlwZLrq%2FMpdTRXscjWeOSf3fW69aBPh%2FQIcZ4vnJEZezln%2F3gA4eaI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 68f4bea7d8683a05-CDG

GET
H2 204 / Show response
e1.emxdgt.com/sync/ Frame 2B18 0
59 B 85ms
14ms Script
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://e1.emxdgt.com/sync/
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/check.js?nnn=1631739208672
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:28 GMT
content-length: 0
content-type: text/html

GET
H2 200 arj Show response
okodigital-d.openx.net/w/1.0/ 173 B
560 B 143ms
53ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://okodigital-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=16c63a41-1585-450d-bf03-2921e1a6ccf2%2C06c1b643-cdce-45ae-a090-0a626617bd20%2C84473b4a-d9f8-4bfb-80c2-0e192bb7b8de%2C182fcf5f-e525-4d92-a68f-5801657835bd%2C5e38589f-b498-44ef-be00-6d240f666317&nocache=1631739208986&aus=728x90%7C300x250%7C728x90%7C300x600%7C300x250&divIds=%252F2507246%252C22426007791%252FHTR%252F%252Fholdtoreset%252F%252Fmisc%252F%252F1%2C%252F2507246%252C22426007791%252FHTR%252F%252Fholdtoreset%252F%252Fmisc%252F%252F2%2C%252F2507246%252C22426007791%252FHTR%252F%252Fholdtoreset%252F%252Fmisc%252F%252F3%2C%252F2507246%252C22426007791%252FHTR%252F%252Fholdtoreset%252F%252Fmisc%252F%252F4%2C%252F2507246%252C22426007791%252FHTR%252F%252Fholdtoreset%252F%252Fmisc%252F%252F5&auid=541892186%2C541892190%2C541892194%2C541892196%2C541892198
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.0 /
Resource Hash: 16e83d24f27002ae0b526b0d064fdc2763e3cae7045c7f88f251e8f38515dd04

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
content-encoding: gzip
server: OXGW/16.216.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://holdtoreset.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 62 KB
14 KB 262ms
231ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

caa24495ce080d5f76cfee7bd1821829450124b00572ed9d9275556b4fb4ad93

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 15 Sep 2021 20:53:29 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.111.10; 216.131.111.10; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 133e8cc0-6637-4a90-88af-189099ad2cbe
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
169 B 290ms
88ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

x-nbr: 1
date: Wed, 15 Sep 2021 20:53:28 GMT
server: envoy
vary: origin, Accept-Encoding
access-control-allow-origin: https://holdtoreset.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 613 B
1 KB 195ms
176ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

8c0f86778ab02fce43b703692fc3f99ec4bfda152f733c57da8c59d64e7dd7db

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 15 Sep 2021 20:53:29 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.111.10; 216.131.111.10; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fa0dba91-ad36-4ce7-85af-3ba3960f9936
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
632 B 98ms
29ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.22.0
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: a2f0eccf2a467c2e14ccf9ef1067aefe602b4eba6e02317985b32ca3ab5864b7

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 15 Sep 2021 20:53:29 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://holdtoreset.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 296ms
235ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17974&site_id=342942&zone_id=1823744&size_id=2&rf=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&tk_flint=pbjs_lite_v4.22.0&x_source.tid=16c63a41-1585-450d-bf03-2921e1a6ccf2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9999924385485588
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: edff2795b5d4724f0ba6d07f9b2522f82a8abc254e7086be90461277b32b027c

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:29 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 127ms
66ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17974&site_id=342942&zone_id=1823744&size_id=15&rf=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&tk_flint=pbjs_lite_v4.22.0&x_source.tid=06c1b643-cdce-45ae-a090-0a626617bd20&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3116921925235985
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 14c87234cfd4636d189b748cedc1baca54e206b98f8ce54f58ede804649c3ae7

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:29 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 294ms
234ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17974&site_id=342942&zone_id=1823744&size_id=2&rf=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&tk_flint=pbjs_lite_v4.22.0&x_source.tid=84473b4a-d9f8-4bfb-80c2-0e192bb7b8de&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03283986093611713
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 07403ef15ac28d21e46c504f0bae8973338e2690b01167fffb251470b5da0025

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:29 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 293ms
233ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17974&site_id=342942&zone_id=1823744&size_id=10&rf=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&tk_flint=pbjs_lite_v4.22.0&x_source.tid=182fcf5f-e525-4d92-a68f-5801657835bd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.681801070069229
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 1e3e48a3467dbe47c72c636766b850ca9dca274716d8fe354a1afec4b370231a

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:29 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 119ms
60ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17974&site_id=342942&zone_id=1823744&size_id=15&rf=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&tk_flint=pbjs_lite_v4.22.0&x_source.tid=5e38589f-b498-44ef-be00-6d240f666317&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9571756515280707
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 676be3c5f7c8dfa88261eff3c6b333ee72b5c2019e0dfec2636a19e4fb38f3ec

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:29 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://holdtoreset.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
372 B 180ms
136ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=566375&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22405239a0f6bd227%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%224.22.0%22%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2242bc481d448bdd4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22566375%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22430912cdf2dde94%22%2C%22ext%22%3A%7B%22siteID%22%3A%22566375%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22451b3aeabc91142%22%2C%22ext%22%3A%7B%22siteID%22%3A%22566375%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2246d116650c9857d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22566375%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2248408413f537915%22%2C%22ext%22%3A%7B%22siteID%22%3A%22566375%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d74392e183eda284402b1b677afa14ce439654d46b1fdb45bbb0f4a72d9c95bc

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.111.10], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://holdtoreset.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Wed, 15 Sep 2021 20:53:29 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ 56 KB
21 KB 23ms
22ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2694
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 63ms
30ms XHR
text/plain 142.251.36.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1523988737&t=pageview&_s=1&dl=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&ul=en-us&de=UTF-8&dt=Ori%20and%20the%20Will%20of%20the%20Wisps%3A%20The%20Lost%20Compass%20Guide&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2140295098&gjid=436336254&cid=640643907.1631739209&tid=UA-72398024-1&_gid=2084910429.1631739209&_r=1&gtm=2ou9d0&z=1620423641

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams17s12-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://holdtoreset.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
463 B 93ms
40ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=holdtoreset.com&doc=complete&pg_h=3392&pg_w=1600&pg_hs=3392&c=1&aa_c=0&av_h=250&av_w=300&av_a=75000&b=3037&all_b=3037&d=0.074&all_d=0.074&ard=0.014&all_ard=0.014&dt=d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
279 B 42ms
36ms XHR
text/plain 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-72398024-1&cid=640643907.1631739209&jid=2140295098&gjid=436336254&_gid=2084910429.1631739209&_u=YEBAAUAAAAAAAC~&z=1258130782

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 15 Sep 2021 20:53:29 GMT
content-type: text/plain
access-control-allow-origin: https://holdtoreset.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 83ms
31ms Image
image/gif 142.250.102.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72398024-1&cid=640643907.1631739209&jid=2140295098&_u=YEBAAUAAAAAAAC~&z=769074682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f104.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 86ms
31ms Image
image/gif 142.250.27.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-72398024-1&cid=640643907.1631739209&jid=2140295098&_u=YEBAAUAAAAAAAC~&z=769074682

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.27.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
emxhb.emxdgt.com/biddr/ 21 B
151 B 701ms
211ms XHR
text/plain 52.87.113.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://emxhb.emxdgt.com/biddr/
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.113.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-87-113-235.compute-1.amazonaws.com
Software: /
Resource Hash: 82d605aea1281c1020c7462aeba6f1b8b336a107701adb721cb08ffd56ce70e6

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 15 Sep 2021 20:53:29 GMT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 21
content-type: text/plain

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 84ms
30ms Script
application/javascript 142.250.102.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=holdtoreset.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 84ms
33ms Script
application/javascript 142.250.27.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=holdtoreset.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.27.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 157 KB
52 KB 560ms
560ms XHR
text/plain 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1809388195768560&correlator=1259068249222171&output=ldjh&impl=fifs&eid=31060437%2C31061691%2C31062525%2C31061692%2C31062528&vrg=2021091001&ptt=17&sc=1&sfv=1-0-38&ecs=20210915&iu_parts=2507246%3A22426007791%2CHTR%2Choldtoreset%2Cmisc%2C3%2C1%2C2%2C4%2Cadhesion%2C5&enc_prev_ius=%2F0%2F1%2F%2F2%2F%2F3%2F%2F4%2C%2F0%2F1%2F%2F2%2F%2F3%2F%2F5%2C%2F0%2F1%2F%2F2%2F%2F3%2F%2F6%2C%2F0%2F1%2F%2F2%2F%2F3%2F%2F7%2C%2F0%2F1%2F%2F2%2F%2F3%2F%2F8%2C%2F0%2F1%2F%2F2%2F%2F3%2F%2F9&prev_iu_szs=728x90%2C728x90%2C300x250%2C300x600%7C300x250%2C970x90%7C728x90%2C728x90&prev_scp=%7C%7C%7Chb_size%3D300x600%26hb_pb%3D0.00%26hb_adid%3D53d3c4fd24af16c%26hb_bidder%3Dappnexus%7C%7C&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1631739209&dt=1631739209357&dlt=1631739208456&idt=492&frm=20&biw=1600&bih=1200&oid=3&adxs=270%2C270%2C1040%2C1040%2C315%2C-9&adys=1914%2C501%2C105%2C395%2C1109%2C-9&adks=4120959531%2C18150794%2C377359326%2C3576368608%2C323234422%2C745139779&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fholdtoreset.com%2Fori-and-the-will-of-the-wisps-the-lost-compass-guide%2F&rumc=1809388195768560&rume=1&vis=1&dmc=8&scr_x=0&scr_y=0&psz=720x10%7C720x40%7C300x250%7C300x0%7C1600x-1%7C0x-1&msz=720x0%7C720x0%7C300x-1%7C300x0%7C1600x-1%7C0x-1&ga_vid=640643907.1631739209&ga_sid=1631739209&ga_hid=1523988737&ga_fc=false&fws=0%2C0%2C4%2C4%2C512%2C2&ohw=0%2C0%2C340%2C340%2C0%2C0&btvi=1%7C0%7C0%7C0%7C0%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

b90d8b27a09bf18da02894fbb680ee8deda43c871723a70e88b40a7549c1c113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52713
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://holdtoreset.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6C45 6 KB
4 KB 116ms
26ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 41B6 6 KB
3 KB 62ms
38ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1238 6 KB
3 KB 52ms
35ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D6DE 6 KB
3 KB 48ms
36ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 43ms
35ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

aefe9f31909799252840c143110e10be71d8515345f8b54473b819ac1376b9a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27627
x-xss-protection: 0
server: sffe
etag: "1631547519045135"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CC01 6 KB
3 KB 29ms
29ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C3B3 6 KB
3 KB 23ms
21ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 15 Sep 2021 20:53:29 GMT
expires: Thu, 15 Sep 2022 20:53:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 54ms
31ms XHR
application/json 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021091001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

378f58a27ec49cb523ece26c87b0a8f06501bb98ad63d9eae87c8cd396f616e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8555
x-xss-protection: 0

POST
H3 200 admin-ajax.php Show response
holdtoreset.com/wp-admin/ 0
750 B 784ms
783ms XHR
text/html 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://holdtoreset.com/wp-admin/admin-ajax.php

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/wp-includes/js/jquery/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.13

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://holdtoreset.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.2.640643907.1631739209; _gid=GA1.2.2084910429.1631739209; _gat_gtag_UA_72398024_1=1; __gads=ID=5195f2a6ffe808e8-22c3dc222fc900b1:T=1631739209:S=ALNI_MZD9XeqAkVvWK9Bm0cmzofc0yiPQw
content-length: 65
:path: /wp-admin/admin-ajax.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.2.13
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xp8r201vBivOR181bGkD7iFZBHewuij6WxZjTAEHiQGUVdXibcYuKUYffkPz4mmp6HggH8ZzPwv%2BjQt0Mq3JxmHFw6lTNku8zOKQJ0w1cVGP%2BEQBmlyOy3q6vuGZnkXd%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://holdtoreset.com https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 68f4beaf0bb93a05-CDG
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 200 admin-ajax.php Show response
holdtoreset.com/wp-admin/ 0
747 B 827ms
827ms XHR
text/html 104.21.61.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://holdtoreset.com/wp-admin/admin-ajax.php

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/wp-includes/js/jquery/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.61.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.13

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://holdtoreset.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.2.640643907.1631739209; _gid=GA1.2.2084910429.1631739209; _gat_gtag_UA_72398024_1=1; __gads=ID=5195f2a6ffe808e8-22c3dc222fc900b1:T=1631739209:S=ALNI_MZD9XeqAkVvWK9Bm0cmzofc0yiPQw
content-length: 96
:path: /wp-admin/admin-ajax.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: holdtoreset.com
referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.2.13
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqphmzOFArlOu5ko3Z3lZyPYaHzacvPRNJ1kvz6jdovAAW5Y6BK8Ymc5eJEvY0r3IV0hYiL3aTPAKOa0OUUKFiebAylIC8h7%2B0K0uSCSFWHLKNFeWEnAqH%2BzsW2wdSx10x0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://holdtoreset.com https://cdn.holdtoreset.com https://holdtoreset.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 68f4beaf1bc13a05-CDG
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 30ms
24ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 15 Sep 2021 20:53:30 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
348 B 195ms
27ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~ktlze7pf&c=1809388195768560&e=31060437%2C31061691%2C31062525%2C31061692%2C31062528&ctx=1&met.9=1.15n~13.190~2.19i~3_31.1l9~7_31.0~7_32.0~7_33.0~7_34.0~7_35.0~7_36.0~4_31.20w~5_31.21l~5_32.21y~5_33.224~5_34.230~5_35.23c&met.10=1_2.IMANEAAIABiAmHUoAQ~1_4.IMANEAAIABiAmHUoAQ~1_3.IMANEPjJBAj4yQQYgJh1KAE~1_5.IMANEAAIABiAmHUoAQ~1_1.IMANEAAIABiAmHUoAA~1_1.IOMPEAAIABgAKAA~1_2.IOMPEAAIABgAKAA~1_3.IOMPEAAIABgAKAA~1_4.IOMPEAAIABgAKAA~1_5.IOMPEAAIABgAKAA~1_32.IJcQEAAIABiAmHUoAQ~1_34.IJcQEAAIABiAmHUoAQ~1_33.IJcQEPjJBAj4yQQYgJh1KAE~1_35.IJcQEIDlCAiA5QgYgJh1KAE~1_31.IJcQEAAIABiAmHUoAA&met.3=112.1dg_4~113.1dm_3~298.280~298.280~298.285~298.286~298.286~155.27b_x&met.1=1.ktlze6bz~6.0~7.2~8.h~9.h~10.1t~11.x~12.3b~13.vp~14.vs~15.vt~16.14n~17.14q~18.14v~19.1dk~20.1dk~21.1dl~22.12i~23.12i&qqid.1=CMXrxp_ugfMCFdmy3godh1YJLA&qqid.2=CMbrxp_ugfMCFdmy3godh1YJLA&qqid.3=CMfrxp_ugfMCFdmy3godh1YJLA&qqid.4=CMjrxp_ugfMCFdmy3godh1YJLA&qqid.5=CMnrxp_ugfMCFdmy3godh1YJLA&qqid.6=CMrrxp_ugfMCFdmy3godh1YJLA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://holdtoreset.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5C52 624 B
558 B 77ms
33ms Document
text/html 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Sep 2021 20:53:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnNTy3Y8Bmjqafuuc8bc7H_5g5c7MOLUk4M2iWGdKAWJgNhtpXgKOVhchVr; expires=Mon, 10-Oct-2022 20:53:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1238 25 KB
13 KB 99ms
57ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSeYsmXzYrZaEtOqFOv_khevQsTSptxY9JoIGWkfQd5B9TnOtIZWcLCjwNwsV1bFsqo6SswVBfh-l-lP6gnWElFsVKA-uQrCec5-nFtwmRGFDbA_jbGsQHdagLSB_N4jarfroYbM87-DqN4Byh7cT1M6wtFA&cry=1&dbm_d=AKAmf-Dz8_vd2opDUdFSyJkgxLRj5NxIMETUj_WBspFvkXtreZEMgRDOJg7qBV1mi2m8Sa9xaPmPYRSXlB5Og6V8odQtLG_PZ-wPnoDRf3bYJdX_OfNbrWl9XPyCCJCfRQXno70sK2fA4TFCLnTiT347tljfsE9_eOGrgAn9tYpazOaN8AqOH9g0C1HBInkKPDNm9V3ndsZd5XepcgqFENRlpTngb0p0oPbzFL6UrX3kPbJ6qI1ACfsMADAMOKJ9TLtbEQnRrOtt2pbGVtvyQnFUjEcupGC3bWO4MSc5lWHFX0l-Zs6T76K0rmnKLTSXAEalLmhikEgaloA_hF89KdWN8A3045B2R3UPNXxDpNtXrjfk8gfG9zXW_leSV7fui19n3cJTI2R9eV03d3HQsfFVowQpwHAURwejeCWn7FBC-erMB0Bijo6_zC9_63lgTQ1ZTAG6eXl9deWUeQ-yf0A9Tap_H9IqFEKEgg5klUO5t6u9M252rSEsCNbsWPx1dHxslqAVJUQxGeiIa8MBdG5q9keRUdAdfe2mTGBgFSamkpMlYPo_LfD-m8jRYB3vh4JHzjFqPwUk-ERucZduKinMDCL0UMBO831hTZbNsn8Gk0Wv-Cse5P5F8dZemt1MEjgDoBw32-N067Ln9sRDRglHIUHGLzpLB9dmAoBCDqlYEtLYg8l4Czd4MaxKniHnwHflWddylZWo5y7rP1uaNPb2TKB0YqZOU3l2j3bweQ4lxAtPC-RRcxdcRAeZ6kzT_jmtEOOCq9Vk5OQ9I3RJVnhs8iwomHLzn9E2N8RxA9n1YAdxKN9TZGVT9o2QOnVR-8emHVRM1O9f-q5kIfGjJyMbemQx1OIiTiIGjxV3U-VzDRd_NRFPoIaWkcv0pjKkC0JnOuZLOaMtcpf6E6_ZwgHx_8HfU25-rIjwBpC_u2EKCf5-7e7SQ8CFv_PCUehXq64S6OYXK-ZW32QPTXFEub5R3Gly8twEnG1GhrVLs9m7-1Z4DLThyzSn0YYJI_Y3UAjp4z3QjeiLr_VP9VPcje8fZM2cP71L1JvITjtuD1En743Z1y6NaUYjotugRTE-tW-94JccaY4Nhj72l_8oF3jT7jUeKO33AGtze6RPXZA0oVs2zLimzyNF0UXs150JyWqxDhzfuWLaEybiCVSvjwM7jHgEH4yfi_6L13uMjQzKenGQFjURLq6VisuGZX-NCT7cr_Fmz7kYkeL0k75ydKKEiaUL5MCzfTWcmP_rTiEJVtb7wdwGcFHSQSM82NZeCxEBiFpr8XyIzVbvBrhPkqhN9XwWMq5AJg8q_KZxo-oyQ9UZPUtOzG54lCQ841RnVfH_KdP3IcCFITJAWFBEc1PWYutedQKsd8daW-Or9LA29bN_rv5peQUSwpm-gy8m8iY_t-dJExhRiOKCaFXZ14ootir5ofLFXhVIgqvjFsmCeZDN5bnCvFOsCvTPgLp2cX0MPKCazu2I6VV_Hvfmd8mWiqUDSYvRVTGwi5y8fDALY6qJZy0o88HClCC2-qNH-Y2J3nkHbHH6TYDpMzUaqVTJTBOOuI4eFrkQjbA0IqR8nWDw5npzeZsZlEm0jEjf1kssCmVxKRwAYhRRFuaeMllj7N3w53vV2zHpKb_OPvOl_ZLvJkAfUV7KtWkIBrIRPjvtRaOOZLTx9jVJCB2DkLCOQtOx8PJ2C5giYIDoMAt7XvnMtQbuB51pmfO2gKvWgA5IwSx_2VtwE6D2G0C8XDafvEWAOYUMAWcoY2fnAxOy2ITI-JJlrtTSUxIdjAFFTypqmcBonwOyyhScw-gPOGzwznIVR8O87g2Rg1BHExmMBR_A9oELV58NiueOqeGlx18EulaGIQOm-rQKxSdX1Gt0yT3_RMw7h80GZRYqFPaD5rAqOU1FPtjrt-vxwoN3g8d7x5SbymAH91IGfZ-9-PNaNyflf6E-wYBT_0LIajGqiWQl7ACPqFWG3e2X1UWWnuyyaopQ9u3KnsxKVAcT2oTrPrZ35Gp7cGxgT42z90V9G9Xo3rBAAetu4rcbVSQ80fo9IcqaUUI0G8jVV3UuULGDb_J9yLNC9j5R9eiR5kPCGS5P54Hw7Zyu1twmJeWTxo6wzAyPkA6YoepBXJ1ObfM6d7sl_GxfO9WGLh58_bDIZzDcCRc-NeuVns3NsXVgx5WkBs70w9WssvTOKHFt2Oe7vWLNbp7pEcwU0eQOzkdw2WzbRLUiahY9gBA8gzBpNDhXEbRwsidw2MbBz28YdkB4C59oS7OjKRKaqiv7SAO94jduNSzMH-Dyg7v8OPPsBxNVtjOefquDsC_WCUONGFgHWY7yIIMNRrjjtm2utcVKW53MkNLx7xRlu049m6gCxg1JaDTBqSaRb7KGBnXl7KZ3LsrJvv0oF5foL2zHBPaFuHEKLiX6jH5oJ2QLqMHNh5l3q9BPR6yikkL3XN7F-oIGlXaXzC7ydxZJ_-L5tphnlVtaqaUYxw7t8otceGbC_A5WUnMTTiRZzkiewWjq_mkl7U6Xnp9DvDIVWfV44qDRhrwOV9szKGKLGTxFm4pp_2U4STspP0ABuMSDi-86sHYuwdPpOdPFQhpyHRl9iYyJ2cboEOrfjb87Brw8EZmncEpQBSF8HcRIapaJBoOTORgU711xaW6AhwnZbDbmeCB1C-DpLQPYSNoWsZYpON1eelN0kdRe09ObCwfUfliWv3BhSY7_KKHwwgXd-X9D7hfSmyJUdl8A4umqhHaB0ox03JYpX1wnwrNiFMCb5VhbQi701YvFU5XEvrzH0DmkLTOKRvH97hQ0ZKLqDioTl8mq3btsNBED6BWEN16dFkB4u0SfQ96PQotlRCxPieQTWy3-ZbzgiCbKR0dOP81oKIleKopeiep1tzs_FsRyGoDuHDSKlQ1WG8-C_2fCK4I73CVhH-S5yQhQXDahGve0Ib2BBGnd7fiRaDaIkSDPZVqF2svbWvOXbEk5UrhksyB5bzCf5d8VM1_gbGrnPSF0qo5SR4R7o8EG34IxI9R7WlGwW9gYUBUpb-utffjtCvDK850IdQqemmnOo3p5-tv-dVifFAyUGqX05JxYyGP8AYpHFJWwLX-qs-zQ7RiIFH94A9-9Gj6zUeFIKjGq7xDou6eDUlHs8wliMeGUBehItvr43l-Xas2NgjrirkYtwdGcLpkz4VtDXCoH0Ep-dVjVUqOXP0KRWt7OocMG4FEF_b4qDy9jpU-mVSgpGiDNMlIinbHUcdC0Gp-9svo0XQHS3p4BZaptDMiXqy7L&cid=CAASFeRokfveaQIIBFaWZJnoE_TO0XcFbg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

b8b0818c560c40c73866a81c2eccafb3139266b22c01be2a9d7bf8a2be4565e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12991
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1238 42 B
63 B 81ms
45ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DaAjzOPXEwR3MElAOLiqaNDFlX4PS6yvPgkyKurR8dFccm4UEeZNDJsrScaq04vvdQXghbDEGmE6atkXrIsMmh6N9sRSpd7QOScquA6ykVXgy4r5U

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 1238 8 KB
4 KB 49ms
26ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

5bddb0ce048b80cc54fb4dac134b835c13575e06cd0cf83f7bd1d008f4a44360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3977
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 14:49:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Wed, 15 Sep 2021 21:08:53 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame 1238 2 KB
1 KB 48ms
25ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/window_focus_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 02:52:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:52:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1238 125 KB
38 KB 52ms
29ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38646
x-xss-protection: 0
server: sffe
etag: "1631547526571764"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame 1238 14 KB
6 KB 47ms
25ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 20:47:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1238 0
0 144ms
39ms Image
text/html 142.250.102.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ3qsnGkks-_D_dycepZuRo0oVcn38MZMU1PvvVpedKFor80TWGdDfHetePoNEs8NDHFDqLygRA3llJAVsxwGQXfbxjvA
Requested by: Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.102.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: rb-in-f104.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5730 624 B
723 B 52ms
32ms Document
text/html 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Sep 2021 20:53:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnVxcq2W5bwyPJA-wLqq4bTBSzevpsVMhF0nirHD69gwovOVSZEASAuWbSw; expires=Mon, 10-Oct-2022 20:53:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D6DE 53 KB
25 KB 122ms
95ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DhcwhqHo5C6JTmYDHHvKxaT8QOw60OUvHLDvD9yEzbS3eVYMWt8WmhigIhvAj_IUMr_uSJCINBUN3TnW9aVPhvCkeo6jZvJ0tPKLE4EAL_-Sxo16wcaqJqybglmw96B91wGqF1x777oIOYp6kh9uaPoMY5FQ&dbm_d=AKAmf-BVAnj__CWIKqyjjTiJ7IswdTjqeImImEBGzUfdDpjJM1dpGMC-50TdsXG0ZFnEvvFdHSny49hhSUbyfBCRsK5Xy8CIcubl7fq-TfPhxb6Htx0qUP6uXinlHmr33F_OvyUTVT7ddDMg2CLnr3yG9vcteEIRBnezxyxKh6MvpdCQ8V-SXxe-qMvR-fd7sAXDt84S6SemAJeJtEqba2J9lmdQVsFJCV2a8DaelRu319_dMGUfZQDQ2eiMOpIrCDklfgxria0HPQsAepI4Rz8wqXeuuJaD8PdHprF3obaW_YqC23KzFPPEOYoElGCBDBgi6IwcaLkNxPalv9SPyK5beeKC5PNNi1gDdS2BSjUZeUCKzf-zX3e25o-KrvdVT96wlRr-iEqjGqcMoc7fpwlxgAhAB3dKyGnbAYOap-gmuue7guDAkglHJ5YICBSGE5tCwmMGLuV2_7roasbgys_nNch3mR4EUhnVG5m1WUWKIsHZ9cC7sDQUs64zd_wAJ3ROeXxSX1mDMXPESCNBj3JDnJqxfq4HEeryHFKyEu-1Ewf_rQkuWGPtIpDvgolAMFgyEeQNxCjR3AfGmbYc3n54NzqIUY4aSyhP8zgyETNqqymK66Dz-M64VtmbXzWJfYVAfE-mneu7qsv1nK-QIVxZl-EBaZvjuzuuom4wUuHq9c12ZXah3hENszojiSNkHDD-gYhug5RntsKhAJUd3yZdPJ5lb2m5_pmg80Ag-SsJ__bP8-7bT3Zyfjittq-PzDHparjABdmT-KGyiWKaecB2XgurGQMBALMit34bysQVOZ_HReJ8BZ1k7YUKnu8ASMBw7iDfIQBfYSApPXdIEk2FLr5iYbC60CJFZ12ZHZAhykc_2xNF0rpNxXeRQ2_e8gQPuEDm-NldAmdhVqEyY9GxX35exe2mPnlRXibfNeHYGMAfmB9FfbFgTdpGwamqcKDT0BSt4Vw37z5LoTlikTTeNi3cQsgz7JAW8mklAsm-LhNh0yLJklHafygx-H35tXJcohMURrpapWauUhmLn7VhuGU_p3CXSoUokMTnG9Xe7q4KzR006ty_Xk53Gk6ska6HodnpyqXc-949uedZvpWxDHMta1tA3t_n4Cgl1OXELrCYzFAFm0hB6OjVdJA_oLEnFftHrPeGbMKKJ8yhtrviBU74OI0rJUrerqrC2_Ev-kAKEn5xd3GcHkfc_8Pn7D-Oa4dBGh_jtaCq3bAn5yN1I9C4Xa-G_jeNfVUoBWcFphIExLa5FvHORQePjqYVe8gYBLUMe0pC_HcYKf0O2Asnvzms5e4heVn51qrfFtRQ-KP6St7ga_z-LCWIoO4X-nkD95mLxt2T7yh9IE9YPfNhKMB6eimxgCpnJL7XCP2z72h4fE0ZEuHVUqjPVYklD4REyWXKQPs2R8NT7jN9UpLn5yBSAoH63_LBmnqbJ3SYmB7Ng05VffskUQl-LejHnmCSKkl5rWJwzT_ynYQToFelQaJ_4y5SATL5G0jddadao7ZyY-Q4pgwvbOFACFPZlSs0oEzftjQSgLpq7demNVc1JLkIP7NC78BQ41qafLjxv5w03pCA-q5BmsL_1fsO6TQjwYruw4OIclxoQvpxSsRdEIAohnqUMRM5XUX7-Csc7zmxV9BmL4L2Gxlkp2kOWurCAGRHPAAv-TeH9H_sMDOlAa0DcebZcWOx2CaZT6I8RyIkbb0qMqGtoXTXbaX4XuOQOgnBHjAn_dOGcBMImUafmoVY88c7ToKLJfIsLRU3sutOVfgcomjKPPk9F4hmasmTDXCJFmbVs04UwWSV_D2RLJCwxZg6ej26AOTu1ayj7WrbS-FHmH4Gp34s-mhsUBsI-_hOtjYJSi5QrNM2GKLlOButLLKD7zWt4cokQ77cPLcE0irvkw9HDWxq9vSKg-xpNF1iO0fjyYG05cj_4hz7nH3pIudy9FS1LJg-e1GnQYbR9M7Sx0aoAZ0NrqL1-ssZKqisGfnGYxfBJ9JVBOPDqHNRMdIPa5miQtaT5JNpK6GhFvIrvf28FN7XtOfDlUp1W20Neq-PpEAwErySy9l84RXc4a8GAwC-e2xjSCbSp9-2_0I-Q8dqo--61gbuYwq7Ph-1jUeY4zKj93y5Gnotka-SHESBfdsZAVwBH_k1O8i7ANAPMaz3uGf5lyWVseZuwmDWd_HYcRakPs5oTE-od_zlFtx3IAI9ayqmFayRKDoJaLGXEjoXdUanv7DXqKEiNJtqqIpIvmttWZcUHHHDp373T82adVJAvQHCjzbjc90dXIyAfpkzs2cDhwmopObrF3l0aiwCspaZznSacWgmbytC9kUSyJ-v9DlkkMuXFUX_kH1iReE-2T4jCy79w-y4YnLdEq9LBV1jmyG3bNV14Qr9KpsJ-G5s79PcrpbxG0i4kY3Xbdpb8FnJLhQH7dcRJ04G3fY4qsWIdz40CyHbIS2tresEF5hiW01gdkMTbpAdiYG9F7AAOmLQk7jqPNu2rt3lMs2ZmalR4Jqswd2PS3_WF8Mw5VT-WBWGvjUSzLdR8qGoO6SG8jsIV3l70ELOmUm6tnJOcHSmli0-wxZ6nimlxEi3l8u70cN7UvPEB6rGy2GHMLsBooIL0ghuEXbtMK-aoG0jyaLp1SuNWHbCkK4KO1lYb-ZHckLRvWoPQ5iAv3kpy_MTWO3fmWScwUVzZb-3t5_h2-5-VZC3KJB3hxCJ1GFIp6BaZ4746lZgRrhIDGMtO6-NYJ2oUq-Ge-c4HgWu_G-urbcS3G88EPEJudfRbVoSgUIawEhxleByPE31juf-z0sEwbQRQizG6y2Pj_M3k55qeGbXwoepp647KdKb4C8LAGALD7qhD9nw9HPdUvQHp3_SqK4rxOxhEzfD9fTFJyTANt_WhRvJJhuUqMtNeNeUVJO6pShCYCJ60e8DRpb2WR8uTmTbb0ah5Xwoh0SpDqfszxl9p1gX2zS58esXN3Sbvo5QKnHhqo4z_iIE-uBwE2bKqBaoXkTtDLrA5q_nXSUfM8Se9A-GTAzGtnRr4zBZ3H_tu2eF57Z5FVSU7fo3ZPpdeF6qOeIXCyOihIsN0ijVKK9osgkHOa-BlkCDvjL3JXpzJOF5cVQpfXYa-itRYtfYUC1PxqZsMmLNaIK4SoGiGejuEIQUmC-hVNCPBqPh8-80RHyFBGcVYgCgTcbVR45almn6z7bUWpAh6Z_FL3uY17jwlfRQyzjxhsEl7yI1wg&cid=CAASFeRotITCfi5wpbnv8BYR8qNqI7-GSg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

985888bf8717d6bcc8e0db5945c3035b644d064bd541b2552d2252861860ab8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25475
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6DE 42 B
63 B 67ms
42ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B2LEVUNVPmKhyCrv-01YrmJDmQzs1mVa0w9xon0Qt_mhqekQbmS7r21YgADH3WoN-vMme35jxwN2_F3MLXR3W9GSR_WbnNqi6tvjJ9aCLGkzMzs2E

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame D6DE 2 KB
1 KB 44ms
25ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/window_focus_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 02:52:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:52:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D6DE 125 KB
38 KB 55ms
36ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38646
x-xss-protection: 0
server: sffe
etag: "1631547526571764"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame D6DE 14 KB
6 KB 48ms
28ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 20:47:46 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A2A9 624 B
559 B 40ms
33ms Document
text/html 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Sep 2021 20:53:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUkP81Kux_QmYmxfaaTOA40YDkwj7xvsqLts4MgNzyc98RSvy_I8I7wYTbcB; expires=Mon, 10-Oct-2022 20:53:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 41B6 53 KB
25 KB 88ms
81ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_t2psVJMdqefQ_szSUDuwzDJd5j1GTv740HOVuHziYW2bQHkPFZnqd4-qjS3TUmeBHtSMz2rt_EHqLutbOukxFxsaA7E3ZOo-JvmtC-l6UGxgbks5_UWyA7XPeEXA6rdPyjrJ8Zj6dxZxdWx9yQAVaMi_uA&dbm_d=AKAmf-D8Q6_cklYzqncguaeC9UAdEfOKgeWqyCQxZOVDIEtkFYYCgJNf3lzJ_E3wHz8nHq4EopbW-o7sk3gxc7ePwtVWw5cElVMa7nbhh6Z-QlgYjs876OnMvety1HSS8Urvli2Jy7OGthpL_zOizHzu3NFCP6KmCuUA4LG2tyakSeRQXk_FddPx10qCtchfL6pBe0VjBV3vHVCCeOn1IBZdg8G7Aa6fH-LECNnIZd8x-X-w8SRCnby7JW3UcAaOzfmdpK-jH3HFVSNqVGwqvp8vpts4DHTWHJqNQZ3k2ANYwYrRNsy1ZPoGTUJc4OcuX-7JxmZCut0sePSRmuIJGg1rUKFeEak5SW85tYHwM-DiIGRot7ytQXOLMha3WFVswR6QFIhgkq_Wu_VeJDLZlL06nkG9aCJD0243tv4LgoofFOJtxT23-3CmX3JdohEc1qsCOJyEUYBp3Ns6WAy1gSOtAr6_2m0yVzz3zXfG5NLwt8dQj0ni0Ou2D1nv6i-DES2uwmHxl_8KexcOPDradPLtmnkpCtJKL7opyNnDaapwJzmDvNDZvzU7SKRNAuxS9qm0QcnxuKXM1IPckkJN0wcXYG460Hr9XAbYeIKC6T52xu9kVRG2BHDFxAY2kgdcX7zXP5gSEfxg25M57Xbgtd8IS49lR2NmWFGpXTSE10aHK37dqBCRkiHixjzmpvJrRR1sD9DtAAtUg-7YxZlvzu8DBlJgkfjxa-TwDTcJyjhNmmzZqMsXk389LRQtTeqn9fCZmrdnoZ8C0hYhDctNKPyu3nO9AYiZucy6j5SL0o-0Jck4P0nkCMceY5Iy6M_SG_clchu-eKbPt45n_sMA9ApcnWKpmuCb1SQV56qcr0WL-vMopv77eUkeV6no-A4q6riYlXW8pVKwz32iS9M2eGv3FDvzR1vIzHhwLWemmgbxJxIsC9tMs18s8gl1n17O0hZHcayrstzXt20BbbH-D0e9PotMhOIzVvzYdNq-QKYCdkox6p9DQNi9U5jbw_-CG9UE20ANiu39QC0hjBP8HiGDmlgrkXYj4pqygQKbeaMcCShzNEycjMDEMKMp6CfGjPhcWJn2LsuMGtgCNIGMAdg-VNotGIMRrPvauGTUtRf1Eo56EWjPaOEX324O8grJexh-W4RY4Dm8qRmljLNKcfHkyKokGEjU7uK3y_NyF4baQ9ToWEBb-uXucmJH7voNVi6GTkMWc-li_N4ZboZY1tqwf7MimfxNEGDlYyRbm_sRgl940dGD_1MGmG3d0Co65OqLsyYK9G8DKiLVNNS1HkAZ0RLSdS6pp5SvvG0Q8itxfIdQ1OYjeJhLd9Swbx6JyRutBZ2v-nQcbnnwUlT2VJnNPlWqtcbs4PKu0uooDC8eVX7GeGxsLbI1LfWEpBA72hfiOoS-8YmFx0pGHrysIV7aaUhWSncMe9kCjswk81qiQllE40AxfCbNFY_xc2O7SeUDs01a01KAP4FXqIYdMK6UehxNMrP3TKAi588gpb-V71jfSZ6F42J8PEfTkGOiLzYpIUGkMzxeq2DaZytekaZf8gekdjD4ooy148cVeqDXddD58U-2LBxvoEsj8w_7uMaE9J0Qyqs3bNd_hm29phYYJIgCpjIx00kZkxH74GOVkqEWF_zQU3DWFFcRYYIWScQjKBfaaGcDtAxTNJ7Oo3ceUEwx4vLgWJ76DXzXTXtt39MsP78jXmKq2v1_hTsKSWe_pqcbyyM-KH7r9BNBu82EqNRZC1q-WCGHDoocr0DKSAAcvxf5MuwSz8Tjxc7g5YVNE2mZAj7YQ1ZPW7sE3w3vqZvvuCHjE_RmJzpZBqVVfcn5rfSHzdMrYktR3i-zjdOJAsuGHeO0GifEeiTLU5amYNuoNavF9meLt1mSXHXijlLjjDg0Y6FvoWQWmcFDmQWWekaTvENHNXyvQbGtB3fc0QJsALhuW3-dxBS4lBQI55NAnS-9hfCZ8ChrjDvqQrxNR2ft1uNsunr3ETTJfCt69-U7oLy4L7LkB9Y2qCj0RXUMOaX_6TeOmFsWeJarqIM9yBa8xV9mM8guCGkBb37t53FlMffJKzYSIJbR6d3ujFj_B-SXvno-z2BpfG7H8TmoMLh4BZP4uFP6XThIcjL9SSwjp_QX_-kEJI_56bmuuKM6Btsip7dm4oJR0pZr9PwInb4KpluOXemGdN73XIIcJEb3BlN65Jt1Vwc0_157fefx8PHArzj53vDgn3UtzXaVMFbkTXg24dQ5JuWA7jYKzSsmOtw_IhDPeXr6yf96qLb27auZZN-ZAgJqfnX2MqPVFVGFfEg4yBKVXxOeaAf2c61983NdFVdw-aAfEbFi6jEfrG-pSS0Yo9gMR9e66vUwY2z3Q65GRZ7E3hMPx2N_9RV05vkOl6hOHbUjhv2tRWxEgEO9yXuupPt_4qHNMyFf8XxMwLJJNB-ShihMbuA1PnjSfVYSxS3Z1u8qKM6RqkzWrv23xRFIp0RKfJH9bJf81vwJx1w2dF78SsFBLJChxiXwYkzrryd0RTPlvoy8mJ6nTAQVJD9z6brP9L7yhgqNOb4bmphU8KhAtTGBSd4S0ki5i86D5yaZFXoMKpsqg_BJbxmV7pD68NJWjkBM7mNX-poGTbklV4ktNgHo3vAvxwkB5rsq1g1otusK7OozDPCDXloY9haAk4l06Rx34_dK5I7ga8Qi3r8lTMmCBFpfvjuwLMCc85pPjDf8jKCTRiuCRFQC7ibxddKbPnZyIavbJSmwuFTrHT1KP5ahLKnZiJj0GqBOSzjXuHOVcMl9jcGlhQ2d1i4iMVlP63UMhrckLbWvAZJ1-xA5DJ37RNFuUZd1ZsHBuEEKnq55Uy5dZUXxwsg44Wjj-jEeFG-nZsjRpKXtuWZ_HkMFvaDQMn_g1mftDfObHmesJexE-lzlH29CAKTnIrBRRdG4PRDrOLQkE2zjPZN8Fk9zw8mNHISHjktLrN5A5Q-6z8xxJ6ucUq5GD9fZV0RMz7CqpaXXpieSCuJ11RNlpV0PtOVYs7nYqaERwOY18Dmy5nl5rMreQui9QBLOGy_23etQBfAjwISKBN2h3PIRZWEOvTichSh2v7BUURC9hXKx0TKt3n-X9BLK-vmtQoP3IHRadD1DJHkSKtE7wqSAhWSISD5TQqUhuesapyDpT47BiIbLCS86ORyrtl_Pio9umsdqexchZee4DPrjF5qA&cid=CAASFeRoQSUBzQ-ws7guIlEr_xhSGpUOPg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

ea72ca708f32dfad93ded61c686e21db592c2fdaf537ea33c87f39dc66fb4816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25406
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41B6 42 B
63 B 47ms
41ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A1RU3Bc4NrX6_U3a_4AQK7_TQXASFUqbwhQImE3A-WfJYfgnIpJ8l5agFr0x-rtdA4lIUPKsH-aEQDBlV2WSJ-PDxfsfnPAlp8RlFSWXN9zMxIyG0

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame 41B6 2 KB
1 KB 43ms
38ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/window_focus_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 02:52:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:52:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 41B6 125 KB
38 KB 50ms
44ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38646
x-xss-protection: 0
server: sffe
etag: "1631547526571764"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame 41B6 14 KB
6 KB 30ms
25ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 20:47:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 41B6 0
0 118ms
43ms Image
text/html 142.250.102.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSyfiz6rksKOIfylGTA_RnZYGpcxBiupJwxNyPy-2crra6KWRLtLIR3wJ37PH0HyYdBKKHqdMdCwpeKK60RAPBNvAM7kQ
Requested by: Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.102.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: rb-in-f104.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 545A 624 B
560 B 55ms
54ms Document
text/html 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Sep 2021 20:53:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUngHRcFwXGEhOkrTrqvZKYNmbkYM0BnSjNwD1oDjj_QW6Q3WlivH1ripU9V; expires=Mon, 10-Oct-2022 20:53:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame CC01 114 KB
40 KB 145ms
24ms Script
text/javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Origin: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 06:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50187
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 06:57:03 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210914/r20110914/elements/html/ Frame CC01 6 KB
3 KB 44ms
40ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210914/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

9dff9c5d8bb8ff3117fe17757c275af96ca695dc60d7fb811331cb38815a91a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2627
x-xss-protection: 0
server: cafe
etag: 17449454297928180344
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 16:47:29 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210914/r20110914/ Frame CC01 18 KB
7 KB 58ms
39ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210914/r20110914/abg_lite_fy2019.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14761
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 7316329070599479730
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 16:47:29 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC01 42 B
63 B 72ms
38ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DkHKGNk82tAFU1K1z0oi_fNqaHMuvZDMWKGkSXDCJqX8Aewbn7ot7SnssIaADjPCgxKAU7UeStyKMBfoKXA-HOcwmDeImDAUJ9rP8-RC6QfOqbli4

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame CC01 2 KB
1 KB 69ms
34ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/window_focus_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 02:52:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:52:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC01 125 KB
38 KB 83ms
34ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38646
x-xss-protection: 0
server: sffe
etag: "1631547526571764"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame CC01 14 KB
6 KB 82ms
32ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 20:47:46 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9E1B 624 B
297 B 57ms
31ms Document
text/html 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmm-swjXQMPDd2VD6Ju0OvdxGKX262g3IqgBrSS8Yqm8RtLzfXa6kSnQE4CBUs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Sep 2021 20:53:30 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C3B3 53 KB
25 KB 79ms
61ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ai0N4kg6mkj2vu9LMaoYoxk04jL9yXLI_4Fm-74Vw2O748iVRomI3InefG94UpYvhvkeQoi1jFL5PcYcbA45WRCaJNe2Cu9FXDh5E1dqT1ODk_lusHFjjJq79APEkgZjN1UqlKuFjiHXcVL4J1NWbnxP-_nA&dbm_d=AKAmf-CHK4E7eQa19ooO6aXpridU6j1uCOZ4fEiBN8bYpWb4F9rgh9ctX7KK8GV4_d0BefSHwnnluawcp-oHG9Z5KYCMnJVlW5asVUKgbmMM0cUrOLdE675QYZBU4bILmRobhqjxqFbiwew_9TOlLYw83tXFO7efy-b_JKERTRd3pb3W9q3fmFUFRWlxNuv6t74xz41tfpv1J6moGzvXcHX6aY-N8ZIhpg1Spqr6K5xzZIn49a2RzKbEOxPG7m9vmHkhAQEZWuBgEwRw7i6M59zfpeGpjx2appogFIWCqzYPnGlQM6H4OTiThOV8Q2nEbAvUKBtozIhT9ZHK12coJo0iu8Fl5Fm0RCf8s0P8Af4giQLy9xQNwV-XhGpPpPTsC5ZzlBj62tet9nzgiSEAXa1I-5vZTN_0i7qkffrBCPH8usYTBkT70ynYUFLrvo9_OqdkOaG87DLHv-LyNLRgSOURsVSciBpyTq3xrshu2HoAjP29-7jAWbj3MHt94NHLzrCeAES4LNeLju4gr5vA-w-bbZMwatpZ04R0EiY-iAKbA7tIFwhb3nGrQWVKXmhjZ8YzF_EMcw4waYATU5rGSoQb7TKhU6_LPo04qW3m4hB7E7E_1rPzyK6SYJFvxCCKd7AJHyzvNOC6lR6PWvlz5ViiZ6SkSpbbqq3y5lOlp6S1KwZpOD-7tglXwun_v2b0LXFnyj_ndPu0242WU658OWfif-tPfN0F6zhwx-9edStPYqGNFGiBftF2T7BXqtuFyPvGQYApQ0gPp-aAHus0uHbUY4-38fdq2DBHtD7NvMIjZXxIyJsvE5dWDoUPQyxthBEovZFGS-SURivD7A0cPo0nEB4Zm8LgsAwGjALXqWVRTF4XSWz0fRmT-YEpwYgPLY0DuaQPOkktv51AgQYfQ2kX3ME89qf0NYQ4xYzNoOodv0iwVxi1zBPS2Eo6hWNE-GHJLky1HBLxKKUQv8vV3nkuIIFrCQ2SrFxmZVLJJYiyXXt5XkUaiqEZruonKlOJx8_zu1RJHrjuB5b3SjJ3klvW7T7W_eTFZLzWYom8NlFofmY2KSc3vfyzKlEFGStYHaVOhnYA0a8M8Npjh15FxtpQ3HTnj3SlJvq5JxFD255VjpAzWtHITMQrw8PMt6JZuurKXLN2T0EC6ssWIGYjh_MkR-QqLnpIwH2mjbW7p5UEHqAOnl9UH9muBZ_6B5vAY5q6_nVyqeBgbGDe9tDRVS8xwsC7HA1ywDz6N3fR9xJOSeC4pR8GChVLXsnZuNFbDG4lfzR8y93Z_YQ9jSlo_2UEXC70xKgwgDtBSvfH5XvjWBHANEr60m_ImUZOEWGPJfuG44_pXUxm6HhdAAWhBFgbzEKHFj4d9B6y1B21zwWH4DgplvIR_65S2A3kPt5mSzQXFZwNLhB7YQEUfBrd6Jo43qgW46w4UCn7A4JBWU6lDDJzDV0iTVnU3U8QfRZYYhBvILneBBwv8fyv-tMSCjSr-1JGBth83YDY3lgsra-XVLAFlcfxeeTu-UzHUCKPMOEqw24_42iKebAiz-T0eTRWjmElMPKZYzss83dc7r42H1eBxv4zBi8gcylm-IBNiK5y8JXtXV9_2SAJ7UeZDAuP-AVfzSqGLeO8i4APxEtYRGS8tFUqYc5rN9R3p6GQrghJBCxNrjp_i8bCUw_FL1ERyxwWlyiWcJYkcqLWhqMtB4Bm08gPSyNh7OV1sQg7dA0kAKFJkQiD5oIfTAZVGcwzSnH33sjcQKMPzTohVrkHidKcjEEuXiZ0gXew8ThEGSysudb9aKXqUQEhfLA1Q5vWgDl7xOv6qmnDVy3VIqrKZamdezAxibGCxE_PeMnFHwVXp58PSlxi9IGlqklpS8MlFQbz8793agebkFORw4vVKC8n7PUBan3uDMr6wPEZiJFibruGpUu0EwjCRkkG47v8-hqHegWkSIPuF8-yOFDUvACPgDExobDx2UyMS9_UFUUc4khIZVBpor-Ku3bKyF6VyDGcWNJmJBsOxUYpT95ZyZNfnJldIoX4gmI3JfCk8PG5363Y5xdPIWaKf7J2VCiTvPYV9w1BAv0OlUz0F2VfEpEVSMwvI8E1OCPu9-MhhxNV8wh6TofnCHB3uMNPcjxC32tJ4QJe_Ad_weng-AmirRf3BOmQjiNneU1b5R1jDjqz9GRLsf9nRoX619NDCRAW2Mym9kmL56TaYtNdPhLhOYuwfYb23obvv9PXi1l1BUnDC9PHSBC27V-Xv4WQIlToiXwPSC-_H8v7S06EJ0StNCvgfctBTC2hFdINmwZ7UmjFYr2h89D9yIEXa0MYEfcqfC3cZC14rxstghr-q0QOrQDTEApsVKzNSqaKVVEWzSaPwLzcuF99oPrKM2Zoe3Fe7ZxkURei5kzjFnQWJHRwj9NY-aovLnPFFrh1GpBeD4JkxLMG1kcb11vdt280OhM8p0YHhyKI9wXTp8DzO9va5f6jdIbhyGkGv0s-p-bypbDpFNyrmMPneasF7inL-x7o9P73dF2v3uaUPfBcDi2v63IAJHmYRuaGNAlcTtz9qsutgIPKI1sv7rq6YciGakIXBTU12lRwEkfAQcYK9s7lHSOsXr9AHRUA5p7cCPGLOA7mxkKJ96ygk4uq69MtyR9XWlzgDaz5O-g2EgrS4Lqbz3Tj1Ek1VHbYrLupX3oaLHGp15osLFM5SC2mmwmWJrRaGlQt-5coP06ASsUis5YAHgSqY4eI_zHBv5ucUqZ1QZNjqxe8D9LNK6JcChiVakfvvA1xATxWnDN0fnXx6atxgeJt2jMIk3WHLRf2vRJMPjt0WiVfKYZNt5htHAvn4-BlRI6HJFfBtfnjGhCo8_tbaBnCXtk4vFfvbcPX0WHGflg0uovBNT6j-tlCwnsRV9Gv1X--Ysd25eEapsGjGu9voyhG1Gm_ooTgJDaNZJoAyq8lzQF41OMwLb8Zcsd_LK0YVoLqQaiXGj8zbMmX-awPKEr_KcFgRuN_38fjWSVPLs-MvVyEFLGOSLBOi5wvXsEDbV-LyyzPgKizuLDLj9ARE1ZtaJZGTwaDraQkHFf82EwbXVvBeD_d9wB_5iNF1VOJww69r3ca2N4iXS_fI5j1lZCsjSCs9wBOelTvScyecJN0BBMtqiWJ1OAP9PMzCBMGvN_railxeBWisf0vItY-6DEcG96Xwcnum_tu9C76LQPoQFgAsjb_0aHea1g3gjOG6Zzqhy58uw&cid=CAASFeRoJeDqR0Zi8YmhEKWfmtF-Cd5yMA&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

38c2f3e5fc93b003e3631107b6080f0be39c3c3da4706e2baac19d6f15102059

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25409
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C3B3 42 B
63 B 49ms
30ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DYvDAnd9V-4xEoFs2R_6mZuT7gb06YfKDv9rK7NGmI5KE5AvBXgfRpHAPUTtfDij35-AtRjPYYe61nZDG_dON8QYRLcFfFsuY9oBe0lgHwHC4m7UM

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame C3B3 2 KB
1 KB 43ms
24ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/window_focus_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 02:52:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 02:52:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C3B3 125 KB
38 KB 49ms
30ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38646
x-xss-protection: 0
server: sffe
etag: "1631547526571764"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Wed, 15 Sep 2021 20:53:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/ Frame C3B3 14 KB
6 KB 43ms
24ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210914/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 20:47:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C3B3 0
0 53ms
28ms Image
text/html 142.250.102.104
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTouYk0baTIgXDhuaHnsB064MjJv-BH2GyXNd7keEYfoNj5BTcTtLgTYsUXAgRMRo5bSMvUlS3kS5Ry3juIaNG49zGw8w
Requested by: Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.102.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: rb-in-f104.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8141 12 KB
5 KB 48ms
24ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Thu, 09 Sep 2021 04:25:03 GMT
expires: Fri, 09 Sep 2022 04:25:03 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 577707
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0DDC 783 B
534 B 58ms
33ms Document
text/html 142.250.102.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f104.1e100.net

Software

GSE /

Resource Hash

e05c92727e9892dad43d0d90d9cc376c27431042968b573be284035300456ac1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AeMYahJZOvVTYT7emh9YSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 15 Sep 2021 20:53:30 GMT
date: Wed, 15 Sep 2021 20:53:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AeMYahJZOvVTYT7emh9YSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame 1238 23 KB
9 KB 22ms
21ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BSeYsmXzYrZaEtOqFOv_khevQsTSptxY9JoIGWkfQd5B9TnOtIZWcLCjwNwsV1bFsqo6SswVBfh-l-lP6gnWElFsVKA-uQrCec5-nFtwmRGFDbA_jbGsQHdagLSB_N4jarfroYbM87-DqN4Byh7cT1M6wtFA&cry=1&dbm_d=AKAmf-Dz8_vd2opDUdFSyJkgxLRj5NxIMETUj_WBspFvkXtreZEMgRDOJg7qBV1mi2m8Sa9xaPmPYRSXlB5Og6V8odQtLG_PZ-wPnoDRf3bYJdX_OfNbrWl9XPyCCJCfRQXno70sK2fA4TFCLnTiT347tljfsE9_eOGrgAn9tYpazOaN8AqOH9g0C1HBInkKPDNm9V3ndsZd5XepcgqFENRlpTngb0p0oPbzFL6UrX3kPbJ6qI1ACfsMADAMOKJ9TLtbEQnRrOtt2pbGVtvyQnFUjEcupGC3bWO4MSc5lWHFX0l-Zs6T76K0rmnKLTSXAEalLmhikEgaloA_hF89KdWN8A3045B2R3UPNXxDpNtXrjfk8gfG9zXW_leSV7fui19n3cJTI2R9eV03d3HQsfFVowQpwHAURwejeCWn7FBC-erMB0Bijo6_zC9_63lgTQ1ZTAG6eXl9deWUeQ-yf0A9Tap_H9IqFEKEgg5klUO5t6u9M252rSEsCNbsWPx1dHxslqAVJUQxGeiIa8MBdG5q9keRUdAdfe2mTGBgFSamkpMlYPo_LfD-m8jRYB3vh4JHzjFqPwUk-ERucZduKinMDCL0UMBO831hTZbNsn8Gk0Wv-Cse5P5F8dZemt1MEjgDoBw32-N067Ln9sRDRglHIUHGLzpLB9dmAoBCDqlYEtLYg8l4Czd4MaxKniHnwHflWddylZWo5y7rP1uaNPb2TKB0YqZOU3l2j3bweQ4lxAtPC-RRcxdcRAeZ6kzT_jmtEOOCq9Vk5OQ9I3RJVnhs8iwomHLzn9E2N8RxA9n1YAdxKN9TZGVT9o2QOnVR-8emHVRM1O9f-q5kIfGjJyMbemQx1OIiTiIGjxV3U-VzDRd_NRFPoIaWkcv0pjKkC0JnOuZLOaMtcpf6E6_ZwgHx_8HfU25-rIjwBpC_u2EKCf5-7e7SQ8CFv_PCUehXq64S6OYXK-ZW32QPTXFEub5R3Gly8twEnG1GhrVLs9m7-1Z4DLThyzSn0YYJI_Y3UAjp4z3QjeiLr_VP9VPcje8fZM2cP71L1JvITjtuD1En743Z1y6NaUYjotugRTE-tW-94JccaY4Nhj72l_8oF3jT7jUeKO33AGtze6RPXZA0oVs2zLimzyNF0UXs150JyWqxDhzfuWLaEybiCVSvjwM7jHgEH4yfi_6L13uMjQzKenGQFjURLq6VisuGZX-NCT7cr_Fmz7kYkeL0k75ydKKEiaUL5MCzfTWcmP_rTiEJVtb7wdwGcFHSQSM82NZeCxEBiFpr8XyIzVbvBrhPkqhN9XwWMq5AJg8q_KZxo-oyQ9UZPUtOzG54lCQ841RnVfH_KdP3IcCFITJAWFBEc1PWYutedQKsd8daW-Or9LA29bN_rv5peQUSwpm-gy8m8iY_t-dJExhRiOKCaFXZ14ootir5ofLFXhVIgqvjFsmCeZDN5bnCvFOsCvTPgLp2cX0MPKCazu2I6VV_Hvfmd8mWiqUDSYvRVTGwi5y8fDALY6qJZy0o88HClCC2-qNH-Y2J3nkHbHH6TYDpMzUaqVTJTBOOuI4eFrkQjbA0IqR8nWDw5npzeZsZlEm0jEjf1kssCmVxKRwAYhRRFuaeMllj7N3w53vV2zHpKb_OPvOl_ZLvJkAfUV7KtWkIBrIRPjvtRaOOZLTx9jVJCB2DkLCOQtOx8PJ2C5giYIDoMAt7XvnMtQbuB51pmfO2gKvWgA5IwSx_2VtwE6D2G0C8XDafvEWAOYUMAWcoY2fnAxOy2ITI-JJlrtTSUxIdjAFFTypqmcBonwOyyhScw-gPOGzwznIVR8O87g2Rg1BHExmMBR_A9oELV58NiueOqeGlx18EulaGIQOm-rQKxSdX1Gt0yT3_RMw7h80GZRYqFPaD5rAqOU1FPtjrt-vxwoN3g8d7x5SbymAH91IGfZ-9-PNaNyflf6E-wYBT_0LIajGqiWQl7ACPqFWG3e2X1UWWnuyyaopQ9u3KnsxKVAcT2oTrPrZ35Gp7cGxgT42z90V9G9Xo3rBAAetu4rcbVSQ80fo9IcqaUUI0G8jVV3UuULGDb_J9yLNC9j5R9eiR5kPCGS5P54Hw7Zyu1twmJeWTxo6wzAyPkA6YoepBXJ1ObfM6d7sl_GxfO9WGLh58_bDIZzDcCRc-NeuVns3NsXVgx5WkBs70w9WssvTOKHFt2Oe7vWLNbp7pEcwU0eQOzkdw2WzbRLUiahY9gBA8gzBpNDhXEbRwsidw2MbBz28YdkB4C59oS7OjKRKaqiv7SAO94jduNSzMH-Dyg7v8OPPsBxNVtjOefquDsC_WCUONGFgHWY7yIIMNRrjjtm2utcVKW53MkNLx7xRlu049m6gCxg1JaDTBqSaRb7KGBnXl7KZ3LsrJvv0oF5foL2zHBPaFuHEKLiX6jH5oJ2QLqMHNh5l3q9BPR6yikkL3XN7F-oIGlXaXzC7ydxZJ_-L5tphnlVtaqaUYxw7t8otceGbC_A5WUnMTTiRZzkiewWjq_mkl7U6Xnp9DvDIVWfV44qDRhrwOV9szKGKLGTxFm4pp_2U4STspP0ABuMSDi-86sHYuwdPpOdPFQhpyHRl9iYyJ2cboEOrfjb87Brw8EZmncEpQBSF8HcRIapaJBoOTORgU711xaW6AhwnZbDbmeCB1C-DpLQPYSNoWsZYpON1eelN0kdRe09ObCwfUfliWv3BhSY7_KKHwwgXd-X9D7hfSmyJUdl8A4umqhHaB0ox03JYpX1wnwrNiFMCb5VhbQi701YvFU5XEvrzH0DmkLTOKRvH97hQ0ZKLqDioTl8mq3btsNBED6BWEN16dFkB4u0SfQ96PQotlRCxPieQTWy3-ZbzgiCbKR0dOP81oKIleKopeiep1tzs_FsRyGoDuHDSKlQ1WG8-C_2fCK4I73CVhH-S5yQhQXDahGve0Ib2BBGnd7fiRaDaIkSDPZVqF2svbWvOXbEk5UrhksyB5bzCf5d8VM1_gbGrnPSF0qo5SR4R7o8EG34IxI9R7WlGwW9gYUBUpb-utffjtCvDK850IdQqemmnOo3p5-tv-dVifFAyUGqX05JxYyGP8AYpHFJWwLX-qs-zQ7RiIFH94A9-9Gj6zUeFIKjGq7xDou6eDUlHs8wliMeGUBehItvr43l-Xas2NgjrirkYtwdGcLpkz4VtDXCoH0Ep-dVjVUqOXP0KRWt7OocMG4FEF_b4qDy9jpU-mVSgpGiDNMlIinbHUcdC0Gp-9svo0XQHS3p4BZaptDMiXqy7L&cid=CAASFeRokfveaQIIBFaWZJnoE_TO0XcFbg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

574d0f8eeef6741771d3cef0cc4869634263181bbf42de1e93ca22dcae36d8e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9215
x-xss-protection: 0
server: cafe
etag: 10665788317172091938
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:47:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1238 41 KB
15 KB 23ms
22ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:10:50 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame 41B6 23 KB
9 KB 21ms
21ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_t2psVJMdqefQ_szSUDuwzDJd5j1GTv740HOVuHziYW2bQHkPFZnqd4-qjS3TUmeBHtSMz2rt_EHqLutbOukxFxsaA7E3ZOo-JvmtC-l6UGxgbks5_UWyA7XPeEXA6rdPyjrJ8Zj6dxZxdWx9yQAVaMi_uA&dbm_d=AKAmf-D8Q6_cklYzqncguaeC9UAdEfOKgeWqyCQxZOVDIEtkFYYCgJNf3lzJ_E3wHz8nHq4EopbW-o7sk3gxc7ePwtVWw5cElVMa7nbhh6Z-QlgYjs876OnMvety1HSS8Urvli2Jy7OGthpL_zOizHzu3NFCP6KmCuUA4LG2tyakSeRQXk_FddPx10qCtchfL6pBe0VjBV3vHVCCeOn1IBZdg8G7Aa6fH-LECNnIZd8x-X-w8SRCnby7JW3UcAaOzfmdpK-jH3HFVSNqVGwqvp8vpts4DHTWHJqNQZ3k2ANYwYrRNsy1ZPoGTUJc4OcuX-7JxmZCut0sePSRmuIJGg1rUKFeEak5SW85tYHwM-DiIGRot7ytQXOLMha3WFVswR6QFIhgkq_Wu_VeJDLZlL06nkG9aCJD0243tv4LgoofFOJtxT23-3CmX3JdohEc1qsCOJyEUYBp3Ns6WAy1gSOtAr6_2m0yVzz3zXfG5NLwt8dQj0ni0Ou2D1nv6i-DES2uwmHxl_8KexcOPDradPLtmnkpCtJKL7opyNnDaapwJzmDvNDZvzU7SKRNAuxS9qm0QcnxuKXM1IPckkJN0wcXYG460Hr9XAbYeIKC6T52xu9kVRG2BHDFxAY2kgdcX7zXP5gSEfxg25M57Xbgtd8IS49lR2NmWFGpXTSE10aHK37dqBCRkiHixjzmpvJrRR1sD9DtAAtUg-7YxZlvzu8DBlJgkfjxa-TwDTcJyjhNmmzZqMsXk389LRQtTeqn9fCZmrdnoZ8C0hYhDctNKPyu3nO9AYiZucy6j5SL0o-0Jck4P0nkCMceY5Iy6M_SG_clchu-eKbPt45n_sMA9ApcnWKpmuCb1SQV56qcr0WL-vMopv77eUkeV6no-A4q6riYlXW8pVKwz32iS9M2eGv3FDvzR1vIzHhwLWemmgbxJxIsC9tMs18s8gl1n17O0hZHcayrstzXt20BbbH-D0e9PotMhOIzVvzYdNq-QKYCdkox6p9DQNi9U5jbw_-CG9UE20ANiu39QC0hjBP8HiGDmlgrkXYj4pqygQKbeaMcCShzNEycjMDEMKMp6CfGjPhcWJn2LsuMGtgCNIGMAdg-VNotGIMRrPvauGTUtRf1Eo56EWjPaOEX324O8grJexh-W4RY4Dm8qRmljLNKcfHkyKokGEjU7uK3y_NyF4baQ9ToWEBb-uXucmJH7voNVi6GTkMWc-li_N4ZboZY1tqwf7MimfxNEGDlYyRbm_sRgl940dGD_1MGmG3d0Co65OqLsyYK9G8DKiLVNNS1HkAZ0RLSdS6pp5SvvG0Q8itxfIdQ1OYjeJhLd9Swbx6JyRutBZ2v-nQcbnnwUlT2VJnNPlWqtcbs4PKu0uooDC8eVX7GeGxsLbI1LfWEpBA72hfiOoS-8YmFx0pGHrysIV7aaUhWSncMe9kCjswk81qiQllE40AxfCbNFY_xc2O7SeUDs01a01KAP4FXqIYdMK6UehxNMrP3TKAi588gpb-V71jfSZ6F42J8PEfTkGOiLzYpIUGkMzxeq2DaZytekaZf8gekdjD4ooy148cVeqDXddD58U-2LBxvoEsj8w_7uMaE9J0Qyqs3bNd_hm29phYYJIgCpjIx00kZkxH74GOVkqEWF_zQU3DWFFcRYYIWScQjKBfaaGcDtAxTNJ7Oo3ceUEwx4vLgWJ76DXzXTXtt39MsP78jXmKq2v1_hTsKSWe_pqcbyyM-KH7r9BNBu82EqNRZC1q-WCGHDoocr0DKSAAcvxf5MuwSz8Tjxc7g5YVNE2mZAj7YQ1ZPW7sE3w3vqZvvuCHjE_RmJzpZBqVVfcn5rfSHzdMrYktR3i-zjdOJAsuGHeO0GifEeiTLU5amYNuoNavF9meLt1mSXHXijlLjjDg0Y6FvoWQWmcFDmQWWekaTvENHNXyvQbGtB3fc0QJsALhuW3-dxBS4lBQI55NAnS-9hfCZ8ChrjDvqQrxNR2ft1uNsunr3ETTJfCt69-U7oLy4L7LkB9Y2qCj0RXUMOaX_6TeOmFsWeJarqIM9yBa8xV9mM8guCGkBb37t53FlMffJKzYSIJbR6d3ujFj_B-SXvno-z2BpfG7H8TmoMLh4BZP4uFP6XThIcjL9SSwjp_QX_-kEJI_56bmuuKM6Btsip7dm4oJR0pZr9PwInb4KpluOXemGdN73XIIcJEb3BlN65Jt1Vwc0_157fefx8PHArzj53vDgn3UtzXaVMFbkTXg24dQ5JuWA7jYKzSsmOtw_IhDPeXr6yf96qLb27auZZN-ZAgJqfnX2MqPVFVGFfEg4yBKVXxOeaAf2c61983NdFVdw-aAfEbFi6jEfrG-pSS0Yo9gMR9e66vUwY2z3Q65GRZ7E3hMPx2N_9RV05vkOl6hOHbUjhv2tRWxEgEO9yXuupPt_4qHNMyFf8XxMwLJJNB-ShihMbuA1PnjSfVYSxS3Z1u8qKM6RqkzWrv23xRFIp0RKfJH9bJf81vwJx1w2dF78SsFBLJChxiXwYkzrryd0RTPlvoy8mJ6nTAQVJD9z6brP9L7yhgqNOb4bmphU8KhAtTGBSd4S0ki5i86D5yaZFXoMKpsqg_BJbxmV7pD68NJWjkBM7mNX-poGTbklV4ktNgHo3vAvxwkB5rsq1g1otusK7OozDPCDXloY9haAk4l06Rx34_dK5I7ga8Qi3r8lTMmCBFpfvjuwLMCc85pPjDf8jKCTRiuCRFQC7ibxddKbPnZyIavbJSmwuFTrHT1KP5ahLKnZiJj0GqBOSzjXuHOVcMl9jcGlhQ2d1i4iMVlP63UMhrckLbWvAZJ1-xA5DJ37RNFuUZd1ZsHBuEEKnq55Uy5dZUXxwsg44Wjj-jEeFG-nZsjRpKXtuWZ_HkMFvaDQMn_g1mftDfObHmesJexE-lzlH29CAKTnIrBRRdG4PRDrOLQkE2zjPZN8Fk9zw8mNHISHjktLrN5A5Q-6z8xxJ6ucUq5GD9fZV0RMz7CqpaXXpieSCuJ11RNlpV0PtOVYs7nYqaERwOY18Dmy5nl5rMreQui9QBLOGy_23etQBfAjwISKBN2h3PIRZWEOvTichSh2v7BUURC9hXKx0TKt3n-X9BLK-vmtQoP3IHRadD1DJHkSKtE7wqSAhWSISD5TQqUhuesapyDpT47BiIbLCS86ORyrtl_Pio9umsdqexchZee4DPrjF5qA&cid=CAASFeRoQSUBzQ-ws7guIlEr_xhSGpUOPg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

574d0f8eeef6741771d3cef0cc4869634263181bbf42de1e93ca22dcae36d8e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9215
x-xss-protection: 0
server: cafe
etag: 10665788317172091938
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:47:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame 41B6 8 KB
3 KB 25ms
24ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18475
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:45:35 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 41B6 0
205 B 45ms
38ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstqw2Xoo5EPyUgwrmbkLGbdSJoNi4xDckZim-nFzArvQNR9LkqDQzkQ4G8vQDn_JpIQZbkuId-MEmjE4aDrrsnMSd8D1dFDhxzghHeAiIGz2I3zglGF8vN79mnebIH5omc4iB15Q-EGp4m7Uc38O_l9W9D53RmVy_AxOCZ1-30O510H-G7Pkq21yxMj_Xz56eyLcg5sJ62mgotagESjxLAjJyWfkzZY27wSrwVucGoKzB3DjW-xxcjkmCTgthNCN7Cpfn_hCp5jiACVZ_bbC26J5g65xAOtV3mnNcd5tAj1RdsbqraBT2fDgRRwEdh9ii6aOdC95LLENOCFbHP9jpyTJdJN67fIleQSjpoikh7rYt9O25Qwa90IcJIxELwHPfuqVenMjOvZUou-VnlkwrDXaNufQ4-bObJbY9SKfgjYbiccofSB4z0MYK2wM7rMYYViypkkzB6et79jb36Zm0kfws1Op8A31pbQffJ08J3GpYmDbdX9szmqHxfFtBTyU2G9Y_w5samTZQ9GYBsNlvd6io86T1QVs5S3BwzBysLWSqg16XW3n_kQJmG4aZss1_1gArTRjaaySevaUvDem0-RvwPMrNLN-T7sSeGaGVdWTfBGyOveRQALfWZ9HA73KK58KfBV71oT0bS_VpPPabXEq2lW3hKoCIWbf9cKBduWBM0nrachyZt0N0YYgRCk_8PX7wuerlEEq6gaY6GbyJ3DKHCQZ2l5EIIGqwU1niLz0D0dTKwJgspP28gdLp8JsHhuw_eCs7YpywJcWLvghkK7MMFArBkPylC_9lx_ngIbNr5PjuiCI5HFC_k6rNAlEw89zactysMrWQ9rxXlMHaHU1JwayXdoDBcAYrSg13fwc236093aH1T1TA-f3vOS68Ym1rnJuX8t4CnqFh5XFkgtpaJOcekpx4l_tXSWjB9PHTBS5BKWZszrmIXCMo4Pxvs9_7dcMxgcBsdn1rOg-d-AMIUJsD2CPsZjeRh-XIX4-jd8KzIm9yfMKoO1U9xFyZ29NL2jpzFCVKMpVd4OYjiFyeR9JIeArpZil4Z15Pd8-Qj88X2glSekbTo7kq0tqjSg46rmXFQNX9RKYWua-EUFEXYhYlhLwoJg4Iea-R2_Xhrm515XqG0XWnnTLL3WR9JW1OkKbg84SPDfHDw3dl70wEJuy927Y4SwPo-qEHKnuQ&sai=AMfl-YTNGjKSzlV168YIA6QRsmWIyRNooYWm11LqDOBQ8mKoO7Lx7yjS8AqNTPZSV5oUYh46c0pgHpCXoEfULcLbsMTBZ5E7LWMWmDFV0bAIT3tkpY2EU3seB-83ubH9tsETwYxr-hRSrjsbv7SXbjuSef8BGrwh912b1eb5o7E&sig=Cg0ArKJSzJzeOykohkI7EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210913.33886&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 15 Sep 2021 20:53:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 41B6 41 KB
15 KB 24ms
22ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:10:50 GMT

GET
H3 200 7602725280263994576
s0.2mdn.net/simgad/ Frame 41B6 80 KB
80 KB 50ms
25ms Image
image/gif 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7602725280263994576

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

203faa4328f0bcf6453d89bddb8a13561eaec599ec4a6301f4018f24ab96da69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 09:50:57 GMT
x-content-type-options: nosniff
age: 558153
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81785
x-xss-protection: 0
last-modified: Wed, 10 Feb 2021 17:12:37 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 09:50:57 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame D6DE 23 KB
9 KB 22ms
22ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DhcwhqHo5C6JTmYDHHvKxaT8QOw60OUvHLDvD9yEzbS3eVYMWt8WmhigIhvAj_IUMr_uSJCINBUN3TnW9aVPhvCkeo6jZvJ0tPKLE4EAL_-Sxo16wcaqJqybglmw96B91wGqF1x777oIOYp6kh9uaPoMY5FQ&dbm_d=AKAmf-BVAnj__CWIKqyjjTiJ7IswdTjqeImImEBGzUfdDpjJM1dpGMC-50TdsXG0ZFnEvvFdHSny49hhSUbyfBCRsK5Xy8CIcubl7fq-TfPhxb6Htx0qUP6uXinlHmr33F_OvyUTVT7ddDMg2CLnr3yG9vcteEIRBnezxyxKh6MvpdCQ8V-SXxe-qMvR-fd7sAXDt84S6SemAJeJtEqba2J9lmdQVsFJCV2a8DaelRu319_dMGUfZQDQ2eiMOpIrCDklfgxria0HPQsAepI4Rz8wqXeuuJaD8PdHprF3obaW_YqC23KzFPPEOYoElGCBDBgi6IwcaLkNxPalv9SPyK5beeKC5PNNi1gDdS2BSjUZeUCKzf-zX3e25o-KrvdVT96wlRr-iEqjGqcMoc7fpwlxgAhAB3dKyGnbAYOap-gmuue7guDAkglHJ5YICBSGE5tCwmMGLuV2_7roasbgys_nNch3mR4EUhnVG5m1WUWKIsHZ9cC7sDQUs64zd_wAJ3ROeXxSX1mDMXPESCNBj3JDnJqxfq4HEeryHFKyEu-1Ewf_rQkuWGPtIpDvgolAMFgyEeQNxCjR3AfGmbYc3n54NzqIUY4aSyhP8zgyETNqqymK66Dz-M64VtmbXzWJfYVAfE-mneu7qsv1nK-QIVxZl-EBaZvjuzuuom4wUuHq9c12ZXah3hENszojiSNkHDD-gYhug5RntsKhAJUd3yZdPJ5lb2m5_pmg80Ag-SsJ__bP8-7bT3Zyfjittq-PzDHparjABdmT-KGyiWKaecB2XgurGQMBALMit34bysQVOZ_HReJ8BZ1k7YUKnu8ASMBw7iDfIQBfYSApPXdIEk2FLr5iYbC60CJFZ12ZHZAhykc_2xNF0rpNxXeRQ2_e8gQPuEDm-NldAmdhVqEyY9GxX35exe2mPnlRXibfNeHYGMAfmB9FfbFgTdpGwamqcKDT0BSt4Vw37z5LoTlikTTeNi3cQsgz7JAW8mklAsm-LhNh0yLJklHafygx-H35tXJcohMURrpapWauUhmLn7VhuGU_p3CXSoUokMTnG9Xe7q4KzR006ty_Xk53Gk6ska6HodnpyqXc-949uedZvpWxDHMta1tA3t_n4Cgl1OXELrCYzFAFm0hB6OjVdJA_oLEnFftHrPeGbMKKJ8yhtrviBU74OI0rJUrerqrC2_Ev-kAKEn5xd3GcHkfc_8Pn7D-Oa4dBGh_jtaCq3bAn5yN1I9C4Xa-G_jeNfVUoBWcFphIExLa5FvHORQePjqYVe8gYBLUMe0pC_HcYKf0O2Asnvzms5e4heVn51qrfFtRQ-KP6St7ga_z-LCWIoO4X-nkD95mLxt2T7yh9IE9YPfNhKMB6eimxgCpnJL7XCP2z72h4fE0ZEuHVUqjPVYklD4REyWXKQPs2R8NT7jN9UpLn5yBSAoH63_LBmnqbJ3SYmB7Ng05VffskUQl-LejHnmCSKkl5rWJwzT_ynYQToFelQaJ_4y5SATL5G0jddadao7ZyY-Q4pgwvbOFACFPZlSs0oEzftjQSgLpq7demNVc1JLkIP7NC78BQ41qafLjxv5w03pCA-q5BmsL_1fsO6TQjwYruw4OIclxoQvpxSsRdEIAohnqUMRM5XUX7-Csc7zmxV9BmL4L2Gxlkp2kOWurCAGRHPAAv-TeH9H_sMDOlAa0DcebZcWOx2CaZT6I8RyIkbb0qMqGtoXTXbaX4XuOQOgnBHjAn_dOGcBMImUafmoVY88c7ToKLJfIsLRU3sutOVfgcomjKPPk9F4hmasmTDXCJFmbVs04UwWSV_D2RLJCwxZg6ej26AOTu1ayj7WrbS-FHmH4Gp34s-mhsUBsI-_hOtjYJSi5QrNM2GKLlOButLLKD7zWt4cokQ77cPLcE0irvkw9HDWxq9vSKg-xpNF1iO0fjyYG05cj_4hz7nH3pIudy9FS1LJg-e1GnQYbR9M7Sx0aoAZ0NrqL1-ssZKqisGfnGYxfBJ9JVBOPDqHNRMdIPa5miQtaT5JNpK6GhFvIrvf28FN7XtOfDlUp1W20Neq-PpEAwErySy9l84RXc4a8GAwC-e2xjSCbSp9-2_0I-Q8dqo--61gbuYwq7Ph-1jUeY4zKj93y5Gnotka-SHESBfdsZAVwBH_k1O8i7ANAPMaz3uGf5lyWVseZuwmDWd_HYcRakPs5oTE-od_zlFtx3IAI9ayqmFayRKDoJaLGXEjoXdUanv7DXqKEiNJtqqIpIvmttWZcUHHHDp373T82adVJAvQHCjzbjc90dXIyAfpkzs2cDhwmopObrF3l0aiwCspaZznSacWgmbytC9kUSyJ-v9DlkkMuXFUX_kH1iReE-2T4jCy79w-y4YnLdEq9LBV1jmyG3bNV14Qr9KpsJ-G5s79PcrpbxG0i4kY3Xbdpb8FnJLhQH7dcRJ04G3fY4qsWIdz40CyHbIS2tresEF5hiW01gdkMTbpAdiYG9F7AAOmLQk7jqPNu2rt3lMs2ZmalR4Jqswd2PS3_WF8Mw5VT-WBWGvjUSzLdR8qGoO6SG8jsIV3l70ELOmUm6tnJOcHSmli0-wxZ6nimlxEi3l8u70cN7UvPEB6rGy2GHMLsBooIL0ghuEXbtMK-aoG0jyaLp1SuNWHbCkK4KO1lYb-ZHckLRvWoPQ5iAv3kpy_MTWO3fmWScwUVzZb-3t5_h2-5-VZC3KJB3hxCJ1GFIp6BaZ4746lZgRrhIDGMtO6-NYJ2oUq-Ge-c4HgWu_G-urbcS3G88EPEJudfRbVoSgUIawEhxleByPE31juf-z0sEwbQRQizG6y2Pj_M3k55qeGbXwoepp647KdKb4C8LAGALD7qhD9nw9HPdUvQHp3_SqK4rxOxhEzfD9fTFJyTANt_WhRvJJhuUqMtNeNeUVJO6pShCYCJ60e8DRpb2WR8uTmTbb0ah5Xwoh0SpDqfszxl9p1gX2zS58esXN3Sbvo5QKnHhqo4z_iIE-uBwE2bKqBaoXkTtDLrA5q_nXSUfM8Se9A-GTAzGtnRr4zBZ3H_tu2eF57Z5FVSU7fo3ZPpdeF6qOeIXCyOihIsN0ijVKK9osgkHOa-BlkCDvjL3JXpzJOF5cVQpfXYa-itRYtfYUC1PxqZsMmLNaIK4SoGiGejuEIQUmC-hVNCPBqPh8-80RHyFBGcVYgCgTcbVR45almn6z7bUWpAh6Z_FL3uY17jwlfRQyzjxhsEl7yI1wg&cid=CAASFeRotITCfi5wpbnv8BYR8qNqI7-GSg&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

574d0f8eeef6741771d3cef0cc4869634263181bbf42de1e93ca22dcae36d8e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9215
x-xss-protection: 0
server: cafe
etag: 10665788317172091938
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:47:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame D6DE 8 KB
3 KB 28ms
28ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18475
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:45:35 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D6DE 0
61 B 39ms
36ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsts9dKyt-O15UWIcoTPMLeOqMAzA654T6CxTpVkGHUDzQeHvfZOHhK1qoy7HosnOmz1a8ZfaIRRaxTD9h7bRc7KLq4irumSh9dXiXsyKGCFgF1NcyUTU8guU86lFvb1hK6cG-YYBSQkwBDHZ7Lysq9DLyXTkrRtfWMV7RH_SC0vyFC53SVCahv7-hMFPr7HVrmwRCxxN8n2YZpdHg4Yr59YyaFNOzFnwv0eiN2R21O9X0EabaRHabmsABu47XUVHguY964Llr0NIFHrYnYYsWm2REc11IqJd9O9W0qcpAbJ2Btj9pqJqK8_2yM68Cmt4Q03Rebt4D5ALIVlxO910dBZoJe3rfDEeVqo9ShrjRvW3LDZQU53zADYzNSiDP9a-H8p4RomqVE13le5BEh7p0LoPh3Ul0he1ChmzY7S1GjrTCxH7OonROLiTK_xnHcZOs6PyL6Dk4GhjjKoxHG3jcuVVg2Tdvq9DbQudnMNEGRFtg1Iw4MCiR-UFpzYaZVOpU_l6yCyQo7lYyVd4R4JUCP_v57zzo7bAlYqmYhBLc06PrxUYLv7yqfvJsZnV-xqgZ39W9tBUIjjhYmNZUWUC7AYPWPpqqhFbGwppyX4kAoM1k-xriq9YqctnQjrucSvupD95A-VNEhRI6GhDmEfqmfR4PuBx85XFQ5Wuz_U3UxcvuicMnpX7HO1qjUPYXvCWyUG-ZRPiYC8dIQ1afAhFHi4Im_O-fukPyHiaI2Yvf64a6CJxif4YBJ8_UkLgMT1RksQHoUuGKGe9DTza7gEzh4_Q5TP2aHD2fYx_me024A7kZyRUR9qpjncRdfBpSM8Nn72DKnssXdMX4D14-bdqW2BEXc7q_4fFgyOY5qoDtxFBu-16UumYfJDedo9YmA7yqW9q1XNRCEmK4KMAUnL6vtxPAmkS3Sz1CkAYw-6UF_jjeiKeRGaBD1kF4W4_Y5mC__5o1Ew6eWwOOA4dC_XA2smWtsfzggsrvTN3cdDp1DhVDXY4d2X-wXTeLgc38XQh7e3OFKsMr2mi2JO9o2xAmwuntm9aLvWn3AwYtkqMEa8QqvX7mx55F5pto5Rq2FzpsQ0BjM_WK2iB2z2pBPMFkptHd2tqzIbeLvhTplzqm87SS6XkYfO6US_3FJG_ffC_-mKa3wC9a-BrR6cM5qzd6rCgrs1vRfWDC9dTzDvYd9D5isQikTIbctyZw&sai=AMfl-YSVDb7Sd6jfWj-tsg-bQ_Jbr4jNzeai9KQVSWwLgBytTps_SqTzIa604TqGDXOXCZKi2JfLebvyEs3oSycseO2gtAFBoGulv2hpEnyEkq-fmvL7JNh13EFxquhUej20543AjWub9cxpqwn2qe05adEpBGK2vYBJtwuFmHo&sig=Cg0ArKJSzFgIQN2dK_CcEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210913.56422&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 15 Sep 2021 20:53:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D6DE 41 KB
15 KB 24ms
23ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:10:50 GMT

GET
H3 200 4480886067144806606
s0.2mdn.net/simgad/ Frame D6DE 121 KB
121 KB 33ms
23ms Image
image/gif 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4480886067144806606

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

59e295740351e5c2a8af723bd89bc70cc295d6e0eefe352c8b44398013a2e0c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 13:58:21 GMT
x-content-type-options: nosniff
age: 543309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123497
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 07:42:02 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 13:58:21 GMT

GET
H3 200 7602725280263994576
s0.2mdn.net/simgad/ Frame C3B3 80 KB
80 KB 88ms
86ms Image
image/gif 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7602725280263994576

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ai0N4kg6mkj2vu9LMaoYoxk04jL9yXLI_4Fm-74Vw2O748iVRomI3InefG94UpYvhvkeQoi1jFL5PcYcbA45WRCaJNe2Cu9FXDh5E1dqT1ODk_lusHFjjJq79APEkgZjN1UqlKuFjiHXcVL4J1NWbnxP-_nA&dbm_d=AKAmf-CHK4E7eQa19ooO6aXpridU6j1uCOZ4fEiBN8bYpWb4F9rgh9ctX7KK8GV4_d0BefSHwnnluawcp-oHG9Z5KYCMnJVlW5asVUKgbmMM0cUrOLdE675QYZBU4bILmRobhqjxqFbiwew_9TOlLYw83tXFO7efy-b_JKERTRd3pb3W9q3fmFUFRWlxNuv6t74xz41tfpv1J6moGzvXcHX6aY-N8ZIhpg1Spqr6K5xzZIn49a2RzKbEOxPG7m9vmHkhAQEZWuBgEwRw7i6M59zfpeGpjx2appogFIWCqzYPnGlQM6H4OTiThOV8Q2nEbAvUKBtozIhT9ZHK12coJo0iu8Fl5Fm0RCf8s0P8Af4giQLy9xQNwV-XhGpPpPTsC5ZzlBj62tet9nzgiSEAXa1I-5vZTN_0i7qkffrBCPH8usYTBkT70ynYUFLrvo9_OqdkOaG87DLHv-LyNLRgSOURsVSciBpyTq3xrshu2HoAjP29-7jAWbj3MHt94NHLzrCeAES4LNeLju4gr5vA-w-bbZMwatpZ04R0EiY-iAKbA7tIFwhb3nGrQWVKXmhjZ8YzF_EMcw4waYATU5rGSoQb7TKhU6_LPo04qW3m4hB7E7E_1rPzyK6SYJFvxCCKd7AJHyzvNOC6lR6PWvlz5ViiZ6SkSpbbqq3y5lOlp6S1KwZpOD-7tglXwun_v2b0LXFnyj_ndPu0242WU658OWfif-tPfN0F6zhwx-9edStPYqGNFGiBftF2T7BXqtuFyPvGQYApQ0gPp-aAHus0uHbUY4-38fdq2DBHtD7NvMIjZXxIyJsvE5dWDoUPQyxthBEovZFGS-SURivD7A0cPo0nEB4Zm8LgsAwGjALXqWVRTF4XSWz0fRmT-YEpwYgPLY0DuaQPOkktv51AgQYfQ2kX3ME89qf0NYQ4xYzNoOodv0iwVxi1zBPS2Eo6hWNE-GHJLky1HBLxKKUQv8vV3nkuIIFrCQ2SrFxmZVLJJYiyXXt5XkUaiqEZruonKlOJx8_zu1RJHrjuB5b3SjJ3klvW7T7W_eTFZLzWYom8NlFofmY2KSc3vfyzKlEFGStYHaVOhnYA0a8M8Npjh15FxtpQ3HTnj3SlJvq5JxFD255VjpAzWtHITMQrw8PMt6JZuurKXLN2T0EC6ssWIGYjh_MkR-QqLnpIwH2mjbW7p5UEHqAOnl9UH9muBZ_6B5vAY5q6_nVyqeBgbGDe9tDRVS8xwsC7HA1ywDz6N3fR9xJOSeC4pR8GChVLXsnZuNFbDG4lfzR8y93Z_YQ9jSlo_2UEXC70xKgwgDtBSvfH5XvjWBHANEr60m_ImUZOEWGPJfuG44_pXUxm6HhdAAWhBFgbzEKHFj4d9B6y1B21zwWH4DgplvIR_65S2A3kPt5mSzQXFZwNLhB7YQEUfBrd6Jo43qgW46w4UCn7A4JBWU6lDDJzDV0iTVnU3U8QfRZYYhBvILneBBwv8fyv-tMSCjSr-1JGBth83YDY3lgsra-XVLAFlcfxeeTu-UzHUCKPMOEqw24_42iKebAiz-T0eTRWjmElMPKZYzss83dc7r42H1eBxv4zBi8gcylm-IBNiK5y8JXtXV9_2SAJ7UeZDAuP-AVfzSqGLeO8i4APxEtYRGS8tFUqYc5rN9R3p6GQrghJBCxNrjp_i8bCUw_FL1ERyxwWlyiWcJYkcqLWhqMtB4Bm08gPSyNh7OV1sQg7dA0kAKFJkQiD5oIfTAZVGcwzSnH33sjcQKMPzTohVrkHidKcjEEuXiZ0gXew8ThEGSysudb9aKXqUQEhfLA1Q5vWgDl7xOv6qmnDVy3VIqrKZamdezAxibGCxE_PeMnFHwVXp58PSlxi9IGlqklpS8MlFQbz8793agebkFORw4vVKC8n7PUBan3uDMr6wPEZiJFibruGpUu0EwjCRkkG47v8-hqHegWkSIPuF8-yOFDUvACPgDExobDx2UyMS9_UFUUc4khIZVBpor-Ku3bKyF6VyDGcWNJmJBsOxUYpT95ZyZNfnJldIoX4gmI3JfCk8PG5363Y5xdPIWaKf7J2VCiTvPYV9w1BAv0OlUz0F2VfEpEVSMwvI8E1OCPu9-MhhxNV8wh6TofnCHB3uMNPcjxC32tJ4QJe_Ad_weng-AmirRf3BOmQjiNneU1b5R1jDjqz9GRLsf9nRoX619NDCRAW2Mym9kmL56TaYtNdPhLhOYuwfYb23obvv9PXi1l1BUnDC9PHSBC27V-Xv4WQIlToiXwPSC-_H8v7S06EJ0StNCvgfctBTC2hFdINmwZ7UmjFYr2h89D9yIEXa0MYEfcqfC3cZC14rxstghr-q0QOrQDTEApsVKzNSqaKVVEWzSaPwLzcuF99oPrKM2Zoe3Fe7ZxkURei5kzjFnQWJHRwj9NY-aovLnPFFrh1GpBeD4JkxLMG1kcb11vdt280OhM8p0YHhyKI9wXTp8DzO9va5f6jdIbhyGkGv0s-p-bypbDpFNyrmMPneasF7inL-x7o9P73dF2v3uaUPfBcDi2v63IAJHmYRuaGNAlcTtz9qsutgIPKI1sv7rq6YciGakIXBTU12lRwEkfAQcYK9s7lHSOsXr9AHRUA5p7cCPGLOA7mxkKJ96ygk4uq69MtyR9XWlzgDaz5O-g2EgrS4Lqbz3Tj1Ek1VHbYrLupX3oaLHGp15osLFM5SC2mmwmWJrRaGlQt-5coP06ASsUis5YAHgSqY4eI_zHBv5ucUqZ1QZNjqxe8D9LNK6JcChiVakfvvA1xATxWnDN0fnXx6atxgeJt2jMIk3WHLRf2vRJMPjt0WiVfKYZNt5htHAvn4-BlRI6HJFfBtfnjGhCo8_tbaBnCXtk4vFfvbcPX0WHGflg0uovBNT6j-tlCwnsRV9Gv1X--Ysd25eEapsGjGu9voyhG1Gm_ooTgJDaNZJoAyq8lzQF41OMwLb8Zcsd_LK0YVoLqQaiXGj8zbMmX-awPKEr_KcFgRuN_38fjWSVPLs-MvVyEFLGOSLBOi5wvXsEDbV-LyyzPgKizuLDLj9ARE1ZtaJZGTwaDraQkHFf82EwbXVvBeD_d9wB_5iNF1VOJww69r3ca2N4iXS_fI5j1lZCsjSCs9wBOelTvScyecJN0BBMtqiWJ1OAP9PMzCBMGvN_railxeBWisf0vItY-6DEcG96Xwcnum_tu9C76LQPoQFgAsjb_0aHea1g3gjOG6Zzqhy58uw&cid=CAASFeRoJeDqR0Zi8YmhEKWfmtF-Cd5yMA&rfl=1%2Chttps%253A%252F%252Fholdtoreset.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

203faa4328f0bcf6453d89bddb8a13561eaec599ec4a6301f4018f24ab96da69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 09:50:57 GMT
x-content-type-options: nosniff
age: 558153
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81785
x-xss-protection: 0
last-modified: Wed, 10 Feb 2021 17:12:37 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 09:50:57 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/ Frame C3B3 23 KB
9 KB 23ms
21ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

574d0f8eeef6741771d3cef0cc4869634263181bbf42de1e93ca22dcae36d8e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:47:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9215
x-xss-protection: 0
server: cafe
etag: 10665788317172091938
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:47:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/ Frame C3B3 8 KB
3 KB 28ms
26ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210913/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 15:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18475
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 15:45:35 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C3B3 0
61 B 41ms
32ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstaCqFQW0khwLBZhwmuOhofdhq6Qm2XfVNSvDjiOoQ0KBhYr3v9Tck7T2YwMsVfis_27u8jXjQ3WGZPiOskCg5ttyS-hHFG4otoUIrGkldE3O3QyZ3Hk1sHARpI-itS3ePwIfqKHRTSXECSLnpK5d_eovk6nhlYmVVgNljpzVo71SzgGexV9qlJtr2-TPkxhzdt-NWLQYsLOLUWMnRoCxjD7bChXZ5Z_1ZefQMBNxtT8oNSrBpBjuPELyB4x7XTOej1pJJnWWsYZFFD8cZHCWkccN2Sm6wzm7q8wEOP839YHi-Du7gtvozTTJtNyLq1xpBAZpzoYw9U-Id2HHsyWhjgk4qpITET5u2b2Tkqba3WlaIxT7P5Y4Y0qCosydD9M0XuhtIVAqAYWrJ_UyBhfErCnFdm1GXm2cugGoXGbCF7bmtbKXKBYekhZbomh3QMyrF4kHCGTKxpk2Qj8VrL9tOJsasOui8akbHBgOOJ9fT1eQoCykmNAw3aen082xtHF7k6FiOMMUh-c--boyYLYIvhYakx8lVEi5EnRPA6yK5AEpzjNOVhzzXnafHT_q8ejixHYDkOz7z0NWJYDqZqO5w-TWkjC3hOMC2ENhPxcc0WAsJD8vNG3vKlf9Meik8uBpMMuKSbaR_hryIQ-Sqd1UEULvi_xXpRbD9SXlECmFpzO8eHnFJ9M8zSFFQcjJyFGncs_nNEE-xvzZkgfH9nMrdCtIwJVvGYxSbGi5Bm24eTuCfVTeLqgDex6_Jg4pGmtt4r2vB6bkDo28rwtlZ7cLFDW1iGH-53h4O01eG6OA3VtSJOQphJ9y1kgJPisi9OlYZyffNLkX7ElAk95-G4Dsy69T55_BbzoEoM7nYW66Pfbsm_JsSW55_nFs-CWBIX9NfYdPoI9zdCWY4x00ITDz_DoNZtbE3Hk4sDxtHakQELUesePd3hHpfAaoB35J8-lgsHugTM4SxDffSVJDfeFYcOa7HWBUkt5esovbnkuX__pYCwYl9J3ljTytTCheZm3L85_jegld_veoXjb6Rb1DHZ2frXsc7_ux6gdEcoUVumcRMqAavHUfnlFN3BkGkhPBisRBZVgZuVPskgSLdxcEpd7ctqDY_YkTCK_bo5r9dn9cHgD6MkDII9A6JW0q89dyjXzExCH2CWUtgR5qtjOvWFU79vIcGD3K4wbRlvZJW3KxzXxWE&sai=AMfl-YQ2MW81yvNiCc3gzaKJea6qCHcK1lm_7bkTFVif0bHatGHbf3SPiocZjTiVJulRK19LhjnaA-x3AYIzzp2rxnzKpj05JVf8g_uk188kJpeW090NVBLiOEEUDBACV5nl-k1043NRbzcpjjOxN_DBUVlvXvsKjHQdgn0tG10&sig=Cg0ArKJSzOUcdhMESJO_EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210913.32985&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 15 Sep 2021 20:53:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C3B3 41 KB
15 KB 28ms
22ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:10:50 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5730
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

40ms
22ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:30 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5730
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

18ms
18ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5730
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

170 B
189 B

43ms
41ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYi-bbrQEwAQ&v=APEucNVTAzpQVdwU24HDWEuSsHGd4--atV6PvaLW5j9jDH3N-Gjd-Elj8jYX5zB1-Lvb9Pnp4EFsCKGbgN-qqCoL73vAEallw5oC9hUW8A6tOYH8C5TVX8Jha8PSNlNvUDaSEs47nhs4atkRaf9bicyuKp4wTrx5j16NneQz1LP3pq3kMWTy7II

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5730
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

170 B
189 B

30ms
29ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/ Frame E4CC 5 KB
2 KB 44ms
31ms Document
text/html 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

f10db5ca926522b5afa9f275367f169096c4ae5a1daaa6109b161e7db3d9359a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1642
date: Thu, 09 Sep 2021 08:59:36 GMT
expires: Fri, 09 Sep 2022 08:59:36 GMT
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 561234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CC01 0
24 B 49ms
48ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstgxKYc8kWMnObkNqrZQnWeWbynwKLV11GRABmZhKQQwoq0qEbPc4AQQCF9F_MrSpckWcIwWGCSU5K__KrubEZBaIVTut8dgZkr8ZpoKyc-G6dJw1ihPJ4ipSg_JR0NF0AE7yV9zRER9SYn-O7R4c3rgSsvDh0T89rVXNGa6iq1eKfnlwR9pJFM7PtfhkWMAHifT6SdfcPrz1j0HtFgtzEzgj_A5j4qMpoy7ed2kyGhltAQl1KKChxUjXi0FY356AqLYUNP25KZ8KEfCyS9N6pU1rpsE7UUFKcNZEgcK_Jh4RH6MgK1oKv-RIK3gctlmoVQxzhG3B6aY28-SBO0SgeiqbF0HIUgouWEuSUjXeFI_Z-R5gw7AxDpW3DCqPsjORcz7rJKER0pAfxHUZq6UB9HInI6DEX4RfJ7lmH-NrMyTbaO2aMZtKzFiRmmkxSITEBEDwlK9-mV8jpAuUmzh8OCmfveFFFNt-vuE07GqhFGTPSpe0wbSkfQA_DpRO6q6rbhMMHms7Xv3ECg5N3XNytRoK8wwlPNAp9xThXEjrRTMGGV0qUBqEkHMR60uUDCJ7WHL-YgiLC6tqlMIHYL31y4SZLH1Zvm84bKwM6dK4OVqQBo-hDH1KQVKOh8LCiiJMZKz4_I-5roczD9C4QxFkhLkCA1aklk23jATpSH7b3BZjBAxlONuqE9Vtos7-vs4M0YzXG15Crn9ySZp-UPYvA8HSnsIbJNlunsVxCBvz0sXJrSw8f0xSrRGXbuhhu9MzkdYDXt_fil_K9QpccgH8pNjdfcrgvNhRQoSu2LxBB-zLq8ZVjzyoG1hEirnjPxJ1vcqf0N0Pk1sJAjFx2ebumERlOlUvQIWCEW0esyXcgGR7hZzY3jkYQy432X0O3AROcqukrxppR_U0-qBF3Rf6eXdzWR3-shzgncXSepZaV7rW1tyRfuu2X12y_hfKWH4ZI7zB1be_a0C58VLVWn3jv9sQBNi8w18VcIsk6nCw1jZNw0TdwsHLlQHYOr8ivDuPIwOgVrydLKFAK_RrhI2krdYAZ9Ro-2JcohYTcW84Ztr9pWI9bQWp9lu5RBRJkIpslzsTmQIA1qNdH2peub8hemDvgSgVYVuaR6m8PoY5bSxO9c7mv0tLGQeRuAHrbiSThRDeLPg0rGDWHy1VtUg1UEzcJaY2OuBTISQYrS0Mqzq9rfKqesgWSkN1eQzQ&sai=AMfl-YQ_Qjsqxsyww3PKSFXLPyyHPZ3Q1zAcJYitaU3DkhHvT4b0iBJqC3B7L4iR2LGJku4gMfqXoCuKuZiMkB6b8eRykgg6iHit0tT7OKWoNUybL7VKG_urTVdqSI690L0Qz0DMsF9Cst_GPkRdQjI2maJeUQ4AcV8L8_wO-OZczvkxGEu8W761r-7Zxf8Ss33MlHiSqactOfFcRn8jmcn40Jnt8CZYS-xg009BN1luOJPANb46ZdIb6Yy_roDnxFyQpKciKXLHBlyRwLCLDfirPY3DUVf1MTxfbQQU9UxL_Zs8RVeBEF8ACzaFLYoHxTWjTmE1hf3bLhMDbOMI2UNXlOw3Zc5n2WqIxP5PyLQrqp25rqV__-CZ23qf4qBnikZiBA&sig=Cg0ArKJSzHN0AJqKdOawEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=346&cbvp=1&cstd=340&cisv=r20210914.33748&adurl=

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 15 Sep 2021 20:53:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5C52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

29ms
20ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:30 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5C52
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

20ms
20ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5C52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

170 B
189 B

54ms
53ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPOG9AIQlvDKnQIY5NDbswEwAQ&v=APEucNUuphB_5RpaWUDwgg03WjM8qg0vnRySB8mZ5rMj8GZywGfr4S_rbPlH11nsSkkCLeuzrAOFuzBDVrdeJdwLub3TbX4BM3TB_9V53IydLsydn2a5UTycShjXOI0akhe0x68ynOUzh9pRTJe_W2Lop9JNfEi-G3_rZ4NwrKz7S8EhNV0f4PI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5C52
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

170 B
189 B

30ms
29ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A2A9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

32ms
22ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:30 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A2A9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

24ms
23ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A2A9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

170 B
189 B

33ms
28ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNUgm_oraVnFFQ3ci7pjX7dueqiSrUWnNQKXgG8pmKCarZbm-TgC8tVJoON6xhCU5wvMyPF70Soa21VgqH5txNHcBKbjZyTMEREe8EOcO0Mu4p7nklwWh9UMtohA8WHpw36vq1LxjTHyaF5iAaWw33W1lUqnYvy60yt-zEuZLx342bc_1KI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A2A9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

170 B
189 B

39ms
31ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 545A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

59ms
56ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:30 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 545A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

22ms
19ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 545A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

170 B
189 B

38ms
36ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKL5zcYCEOmXj-cCGKWV2rIBMAE&v=APEucNUM4n4GcT4Fa_yQtcAwbfBgkswm7DnefLXZrK0i3kAWQRm-U4GocXZtMNAUhKmUsy1G0MggUHHq16axlyyK95OKTQ3s7XU9II3jviKqS-4NKU6QZRbmIJC8LAtlILNNj4IafHzpaWCalntmiXO176grPBIzIkbbR5LQym_UuLhQwN5-_yM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 545A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

170 B
189 B

35ms
32ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CC01 41 KB
15 KB 38ms
27ms Script
text/javascript 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 124960
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:10:50 GMT

GET
DATA 200
OK truncated
/ Frame CC01 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 116e99ef1498c2ff29347fbaa56c3f3b97a98212023b0723adb8fc7c527304f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E1B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

33ms
31ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:30 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9E1B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAA&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3

43 B
315 B

21ms
20ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:31 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=3
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 287
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E1B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

170 B
189 B

28ms
27ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDKjAEQzcuzowIYy4ermwEwAQ&v=APEucNXl7FFwQ624PIZfdXcAgHLHO8ASFbTAqVE37rHHHCJg0hJCaOUUdF2Gz5PAyGgEhadhFGae15cF1aNIY5CYx5V47kDAsHqcmTnE2TNmnZtWDlxz3vx6T5cTPtcwOnGPYc30PQoDuhhpgQ0CK7ANla1m6GPvlSSMiWaX7Cep8rCBf6MYW-U

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 297
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E1B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

170 B
189 B

30ms
28ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njc3MTQzODczODk2NDc5NTQ0Ng%3D%3D&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 impl_v79.js Show response
www.googletagservices.com/dcm/ Frame 1238 37 KB
16 KB 25ms
23ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v79.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

sffe /

Resource Hash

44abe3410418a547f3412ba93a94ffdfd1dbadf9c785418af8ef15d7877fa2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 03:24:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15928
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 19:19:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Thu, 15 Sep 2022 03:24:14 GMT

GET
DATA 200
OK truncated
/ Frame 41B6 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6453eb90368dbd0bd62a66e0a3d9b2ea74bbf0bb8ef86578ed1f4c240f611941

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D6DE 0
23 B 34ms
33ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 41B6 0
23 B 37ms
36ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0DDC 0
0 49ms
49ms Image
text/html 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021091001&jk=1809388195768560&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.27.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ra-in-f154.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ABBA 22 KB
8 KB 24ms
23ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F96B 22 KB
8 KB 26ms
23ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C3B3 0
23 B 36ms
35ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 07DD 22 KB
8 KB 38ms
29ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D6DE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cdbef6b80103265ea466484480d7b93d810b1750e9e0c3700d8270bbccda386

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DEE4 22 KB
8 KB 23ms
23ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C3B3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0a2090d5bb787607ebc9e64af37a55bdea59ba85e0a273f4479ae3ff89c678af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pre.min.js Show response
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/ Frame E4CC 665 B
377 B 23ms
22ms Script
application/x-javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/pre.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

7a488b6eec146cd55817197d2524099ba4a7280fddcc9277418a7bb17ecd537a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:30:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 350
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:30:18 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 186 KB
186 KB 24ms
23ms Image
image/jpeg 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

7f9e6df264d357f7e7d701d7b3bd2dfe77c6be771bbd75fdd3ad7c82488dd4fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:20:44 GMT
x-content-type-options: nosniff
age: 588767
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190021
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 01:20:44 GMT

GET
H3 200 overlay.svg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 567 B
421 B 26ms
24ms Image
image/svg+xml 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/overlay.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

e1123f0dbae7dcd9fa76d9b4a3e863bdf057d3a0eff034ec05f864d34732a30b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:30:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 394
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:30:18 GMT

GET
H3 200 stoerer.svg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 7 KB
2 KB 26ms
24ms Image
image/svg+xml 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/stoerer.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

238ab816ef823114ea7f39e129ed13094d6ea90e8c3b445b91465c994fb29d2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 05:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 575270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2274
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 05:05:41 GMT

GET
H3 200 headline.svg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 28 KB
7 KB 27ms
26ms Image
image/svg+xml 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/headline.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

97176844c8aab48cbf7e8485a744243378c94de38b5cebb2df46d1d7d0e7d321

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 11:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 553992
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6758
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 11:00:19 GMT

GET
H3 200 cta.svg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 6 KB
2 KB 28ms
26ms Image
image/svg+xml 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/cta.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

20dc67abd0ba83bdd896645cf1622b4caa1fab80494baed8bbf4d01d2e980ae6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 05:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 575270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2177
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 05:05:41 GMT

GET
H3 200 siegel-1.png
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 11 KB
11 KB 28ms
27ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/siegel-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

20496d6c3e73bb34805560d37802d8585d0718dca6c8367492f22c454ba4221b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 09:37:27 GMT
x-content-type-options: nosniff
age: 558964
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10893
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 09:37:27 GMT

GET
H3 200 siegel-2.png
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 8 KB
8 KB 29ms
27ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/siegel-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

f779672e098b6e885a6e5ef13d56bd65955c817fd5cea1a96ffb937a361eefe9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 05:05:41 GMT
x-content-type-options: nosniff
age: 575270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8188
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 05:05:41 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/ Frame E4CC 1 KB
558 B 29ms
28ms Image
image/svg+xml 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/images/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

60576232472f68d95df1af2c82ccb71bd4a30e26d6ce0202d3df5449d9a1727b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 13 Sep 2021 14:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 531
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 14:14:37 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2720 22 KB
8 KB 23ms
22ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 B26390879.312883664;dc_ver=79.229;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=250412562;ord=46buz8;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOxvzSV1CYYajGtnl-gaHraXgA... Show response
ad.doubleclick.net/ddm/adj/N870.4065588DV360ASUSGLOBALPTELT/ Frame 1238 57 KB
24 KB 260ms
61ms Script
text/javascript 142.250.27.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N870.4065588DV360ASUSGLOBALPTELT/B26390879.312883664;dc_ver=79.229;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=250412562;ord=46buz8;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOxvzSV1CYYajGtnl-gaHraXgAu-2toplipO7rb4Oyc793wUQASCwyMAhYJXikIKgB8gBCakCAAzMp5jQsz6oAwGqBNYBT9A_1mXthdEHfI6nHHPrxY_2sKQ4kFgxhkE_xUD9hi7gBNZ73-_oN9_-_1NsNaDkbhY6Rba0Er-hBxapUkKyYZEcq1dpl7z6v0PuuVMLGQc90xAznHlb0zfHiOQbd7w1gOzX-firC_C4Pmof8Dvz6rZ_2WRjK69a96rjC-jXmT-4VpjeHDRU1KjrbrMvjQ7UinTLRvkiKSanZ4N1DKn0rs4lI-PkRRMVAJomsnjtgNKs5M4GVJByJIWxViH5i87YHaHElMjhkGWNyKpFB3ER2oTSri5Z28AEhqX738oD4AQDkAYBoAZNgAf_9aKdAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02NTY0MTY2ODI5OTExNzQzgAoDmAsByAsBgAwBsBOvsMsM0BMA2BMK2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRokfveaQIIBFaWZJnoE_TO0XcFbg%26sig%3DAOD64_1kIP7LQKuIbk60jBmx1J86QgPZwg%26client%3Dca-pub-2697679518515886%26dbm_c%3DAKAmf-CGcTbxd4x0uv5aQmYJa9JqY0srkZHxaoMCu7AIyAnbHcLsGkrTVwptbBKOylfXGJ_rO7mhs02TZdw1okTjy4tqVintE4MdVgsKDm26I-GIOMgXUfdrUGeYNXvWL7igI5FpX_-7UHMV552DtKvbpVjkarNaZA%26cry%3D1%26dbm_d%3DAKAmf-Bf--OPJqw84pK7d6v56nFDX717yIkJQanwlnlpzoFD3qwgr8pPe-IjWK8FQOlRjeAGSGT6fg2L7Sc-O-jL8Bzjw1Xo2yd9wWJ5fyguh2DI0tbvnMYSHJDri1LZYrWQiIhfnom1kXMG7XvwLIg57wb8siiRCsXySKq-XT4XF7XPwAqIS4mvNlxF5WlcSimbnzBuEjn9ATyS4AyiwRQ5nOxtd3b7pD1LAj8Y2mygFaFe86J7KJomH27w--CtGkU9wHzP4Tarxy0844YLdEBaPERIm3xMQ-wBZL2Jj-A1rWCCpmQljHYoNgfyMvSe2vkOyU_OwodJB5N5kiHVJm5z0ddalfAWWGKGB6KB4Satbe46nCdUaK-yskH0njymaUFEjX08X4Gx4gtAEy_VWdb6Z-Xbz8zwJnj0HEN51fyh2Cl-ZH9p2W3iCAM-FS8LJrOJ9zGCcWDCoGSFxkqA0ajmkFBmtyxR9fpUM_W0iHK3XofKbnHSer_vJKOh1IbNCaBLGNFKwZJnfX1EJDNxUQhkho10mjgRkA%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fholdtoreset.com%2F$0;xdt=1;crlt=HHT6YNJtrj;osda=2;sttr=287;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v79.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.27.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f149.1e100.net

Software

cafe /

Resource Hash

2b7667e615da83c56fc992c057025fe48bac63b0e2c59e5039256d85390175d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24096
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response
pagead2.googlesyndication.com/bg/ Frame 8141 35 KB
13 KB 24ms
23ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13196
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Sep 2022 03:29:52 GMT

GET
H3 200 main.css
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/css/ Frame E4CC 4 KB
1 KB 22ms
21ms Stylesheet
text/css 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/css/main.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/pre.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

abbe6ef7758de9bb497995416167a14b08fb4dbc9f178176824abf4bc3e9201a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 10:41:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555129
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1491
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 10:41:22 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E4CC 60 KB
24 KB 26ms
25ms Script
text/javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/pre.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Sep 2021 20:53:31 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CC01 0
27 B 32ms
31ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/ Frame E4CC 5 KB
2 KB 23ms
23ms Script
application/x-javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/assets/js/pre.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

897eaf2610e2e1ee4091aaf5906f50315216a7492a6b1a0730dbac9d43b56812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5116723813012973680/02_Think_Phase_HAPA_Banner_Schneller/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:16:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254241
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1761
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 18:45:23 GMT
server: sffe
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 22:16:10 GMT

GET
H3 200 N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response
pagead2.googlesyndication.com/bg/ Frame ABBA 35 KB
13 KB 23ms
23ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13196
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Sep 2022 03:29:52 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame D6DE 56 KB
21 KB 24ms
23ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2696
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

GET
H3 200 N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response
pagead2.googlesyndication.com/bg/ Frame F96B 35 KB
13 KB 41ms
39ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13196
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Sep 2022 03:29:52 GMT

GET
H3 200 0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js Show response
pagead2.googlesyndication.com/bg/ Frame 07DD 35 KB
13 KB 37ms
35ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 05:56:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 15 Sep 2022 05:56:48 GMT

GET
H3 200 N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response
pagead2.googlesyndication.com/bg/ Frame DEE4 35 KB
13 KB 34ms
33ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13196
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Sep 2022 03:29:52 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame CC01 56 KB
21 KB 29ms
28ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2696
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

GET
H3 200 N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js Show response
pagead2.googlesyndication.com/bg/ Frame 2720 35 KB
13 KB 42ms
40ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/N5eGun79KMNogHl3JXLjLo7C-VgSu6qtVH-zZQh4z98.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 581019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13196
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Sep 2022 03:29:52 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 41B6 56 KB
21 KB 30ms
29ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2696
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame C3B3 56 KB
21 KB 39ms
39ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2696
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 1238 114 KB
39 KB 63ms
22ms Script
text/javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Origin: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 06:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50188
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Sep 2021 06:57:03 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210908/r20110914/elements/html/ Frame 1238 8 KB
3 KB 40ms
39ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210908/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N870.4065588DV360ASUSGLOBALPTELT/B26390879.312883664;dc_ver=79.229;dc_eid=40004000;sz=728x90;u_sd=1;dc_adk=250412562;ord=46buz8;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCOxvzSV1CYYajGtnl-gaHraXgAu-2toplipO7rb4Oyc793wUQASCwyMAhYJXikIKgB8gBCakCAAzMp5jQsz6oAwGqBNYBT9A_1mXthdEHfI6nHHPrxY_2sKQ4kFgxhkE_xUD9hi7gBNZ73-_oN9_-_1NsNaDkbhY6Rba0Er-hBxapUkKyYZEcq1dpl7z6v0PuuVMLGQc90xAznHlb0zfHiOQbd7w1gOzX-firC_C4Pmof8Dvz6rZ_2WRjK69a96rjC-jXmT-4VpjeHDRU1KjrbrMvjQ7UinTLRvkiKSanZ4N1DKn0rs4lI-PkRRMVAJomsnjtgNKs5M4GVJByJIWxViH5i87YHaHElMjhkGWNyKpFB3ER2oTSri5Z28AEhqX738oD4AQDkAYBoAZNgAf_9aKdAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02NTY0MTY2ODI5OTExNzQzgAoDmAsByAsBgAwBsBOvsMsM0BMA2BMK2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRokfveaQIIBFaWZJnoE_TO0XcFbg%26sig%3DAOD64_1kIP7LQKuIbk60jBmx1J86QgPZwg%26client%3Dca-pub-2697679518515886%26dbm_c%3DAKAmf-CGcTbxd4x0uv5aQmYJa9JqY0srkZHxaoMCu7AIyAnbHcLsGkrTVwptbBKOylfXGJ_rO7mhs02TZdw1okTjy4tqVintE4MdVgsKDm26I-GIOMgXUfdrUGeYNXvWL7igI5FpX_-7UHMV552DtKvbpVjkarNaZA%26cry%3D1%26dbm_d%3DAKAmf-Bf--OPJqw84pK7d6v56nFDX717yIkJQanwlnlpzoFD3qwgr8pPe-IjWK8FQOlRjeAGSGT6fg2L7Sc-O-jL8Bzjw1Xo2yd9wWJ5fyguh2DI0tbvnMYSHJDri1LZYrWQiIhfnom1kXMG7XvwLIg57wb8siiRCsXySKq-XT4XF7XPwAqIS4mvNlxF5WlcSimbnzBuEjn9ATyS4AyiwRQ5nOxtd3b7pD1LAj8Y2mygFaFe86J7KJomH27w--CtGkU9wHzP4Tarxy0844YLdEBaPERIm3xMQ-wBZL2Jj-A1rWCCpmQljHYoNgfyMvSe2vkOyU_OwodJB5N5kiHVJm5z0ddalfAWWGKGB6KB4Satbe46nCdUaK-yskH0njymaUFEjX08X4Gx4gtAEy_VWdb6Z-Xbz8zwJnj0HEN51fyh2Cl-ZH9p2W3iCAM-FS8LJrOJ9zGCcWDCoGSFxkqA0ajmkFBmtyxR9fpUM_W0iHK3XofKbnHSer_vJKOh1IbNCaBLGNFKwZJnfX1EJDNxUQhkho10mjgRkA%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fholdtoreset.com%2F$0;xdt=1;crlt=HHT6YNJtrj;osda=2;sttr=287;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 16:22:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Sep 2021 16:22:26 GMT

GET
DATA 200
OK truncated
/ Frame 1238 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6347b51c63fbe0de68f79e584272eea54af337de7ebbd681f0cd81ae5e83e7a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0DCE 22 KB
8 KB 27ms
27ms Document
text/html 142.250.102.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f132.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 12 Sep 2021 02:50:29 GMT
expires: Mon, 12 Sep 2022 02:50:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 324182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 204 csi
csi.gstatic.com/ Frame D6DE 0
17 B 77ms
33ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ktlze9lu&chm=1&c=1809388195768560&ctx=2&qqid=CMfrxp_ugfMCFdmy3godh1YJLA&met.4=fb.6i~lb.ql~ol.11t~idt.-3p~dt.-hd&met.3=374.sd~735.us_1~734.vo~740.vs_1~734.yk~113.17o_8~112.17o_9&met.1=1.ktlze8e6~6.0~7.1~8.1~9.1~10.c~11.1~12.c~13.1d~14.1f~15.2f~16.ql~17.ql~18.ql~19.11s~20.11s~21.11t~22.gt~23.gt&met.7=CBsQCBgBMDM40QpQAVgMYAFoDHAxeNAagAGkGIgBzi-wAQG4AQM~CCgQBRgBIOwBKOwBMLQCOEhokgJwswJ4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIO0BKO0BMPcCOIkBaI4CcPMCeK_JAYABg8cBiAHSqAOwAQG4AQM~CBwQBhgBIO4BKO4BMMUCOFdokgJwvAJ41gKAASqIASqwAQG4AQM~CB4QChgBIO8BKO8BMK4COD9okgJwqwJ45wyAAbsKiAHhE7ABAbgBAw~CCoQChgBIO8BKO8BMOoCOHs~CBwQChgBIO8BKO8BMMICOFNokgJwrgJ47zKAAcMwiAGDcLABAbgBAw~CAkQChgBINAEKNAEMO8EOB9o0QRw5wR4q0qAAf9HiAHYuQGwAQG4AQM~CBwQChgBINEEKNEEMPEEOCBo0QRw7QR44BqAAbQYiAGVPrABAbgBAw~CCIQARgBINQEKNQEMP0EOClo1wRw_AR4rAKwAQG4AQM~CCcQChgBINUEKNUEMPQEOB9o2ARw7wR4k3mAAed2iAGKxQKwAQG4AQM~CCkQBhgBINUEKNUEMLkFOGNQ2ARY4ARg2ARo4gRw-QR4lccHgAHpxAeIAenEB7ABAbgBAw~CCIQARgBIOMGKOMGMIYHOCNo4wZwhQd4rAKwAQG4AQM~CCcQBRgBIPsGKPsGMJkHOB9o_QZwlAd490OAActBiAHqsgGwAQG4AQM~CCgQChgBIOgKKOgKMIELOBpo6Apw_wp48qwBgAHGqgGIAarCA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 5 KB
2 KB 23ms
23ms Document
text/html 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

79401eb4d01514d0e5019173e52db70f3ad069e56b567d03c0d89783c783c976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9029837/1630662982339/728x90%20Pferd/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 1693
date: Tue, 14 Sep 2021 23:34:14 GMT
expires: Wed, 15 Sep 2021 23:34:14 GMT
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 76757
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1238 0
27 B 31ms
31ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst4PPeLiBaH0JSDvctRuslgiGLiWc2ZtiPjuYDo7yU29QSgoM4sDnu7SnkMdtO1o7fpXZpODPVEUq2fwtLms1mjvyO1IIEa6S1kOy_iHqUiejBA9_4OCPECpB1BazK2yXG6PZPxhp1-KeDDyd10B4N0&sig=Cg0ArKJSzMuX1N5q2NA1EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=346&cbvp=1&cstd=342&cisv=r20210908.29406&adurl=

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 204 csi
csi.gstatic.com/ Frame 41B6 0
17 B 40ms
34ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ktlze9on&chm=1&c=1809388195768560&ctx=2&qqid=CMXrxp_ugfMCFdmy3godh1YJLA&met.4=fb.73~lb.oc~ol.12p~idt.-3c~dt.-h0&met.3=735.rd_1~734.uj~740.ul~374.v5~734.xc~113.1av_3~112.1au_4&met.1=1.ktlze8dt~6.0~7.0~8.0~9.0~10.0~12.p~13.1r~14.1t~15.3a~16.oc~17.oc~18.oc~19.12o~20.12o~21.12o&met.7=CBsQCBgBKAEwQTjxCmgacEB40BqAAaQYiAHOL7ABAbgBAw~CCgQBRgBIIICKIICMMMCOEFooAJwwgJ4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIIMCKIMCMIADOH1ooAJw8gJ46sgBgAG-xgGIAZeoA7ABAbgBAw~CBwQBhgBIIQCKIQCMNMCOE9ooAJwygJ41gKAASqIASqwAQG4AQM~CB4QChgBIIQCKIQCMNACOExooQJwxgJ45wyAAbsKiAHhE7ABAbgBAw~CCoQChgBIIUCKIUCMIwDOIcB~CBwQChgBIIUCKIUCMMMCOD5ooQJwuQJ47zKAAcMwiAGDcLABAbgBAw~CBsQBhgBIIUCKIUCMJQDOI8B~CAkQChgBINIEKNIEMOsEOBpo0gRw5wR4q0qAAf9HiAHYuQGwAQG4AQM~CBwQChgBINMEKNMEMO4EOBxo0wRw7AR44BqAAbQYiAGVPrABAbgBAw~CCIQARgBINUEKNUEMIMFOC5o3QRwgwV4rAKwAQG4AQM~CCcQChgBINYEKNYEMPcEOCFo1wRw7gR4k3mAAed2iAGKxQKwAQG4AQM~CCkQBhgBINYEKNYEMMAFOGlo7wRwiQV4pYEFgAH5_gSIAfn-BLABAbgBAw~CCIQARgBIPUGKPUGMJwHOCZo9wZwmwd4rAKwAQG4AQM~CCcQBRgBINgHKNgHMPMHOBpo2wdw8gd490OAActBiAHqsgGwAQG4AQM~CCgQChgBIJALKJALMMgLODdokgtwrwt48qwBgAHGqgGIAarCA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame CC01 0
17 B 36ms
36ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ktlze9pw&chm=1&c=1809388195768560&ctx=2&qqid=CMjrxp_ugfMCFdmy3godh1YJLA&met.4=fb.5x~lb.jn~ol.118~idt.-4r~dt.-if&met.3=735.l1_1~740.lf_1~374.rg~113.1ao_3~112.1ao_3&met.1=1.ktlze8f8~6.1~7.1~8.1~9.1~10.1~12.2~13.v~14.x~15.2c~16.jn~17.jn~18.jo~19.117~20.118~21.118~22.k2~23.k2&met.7=CBsQCBgBKAEwITi8CmgCcB940BqAAaQYiAHOL7ABAbgBAw~CCgQBRgBIOMBKOMBMKYCOENo7QFwowJ4wASAAZQCiAHwBLABAbgBAw~CCkQChgBIPgBKPgBMK4DOLUBQPsBSJUCUJUCWNMCYKsCaOsCcIsDeKW8AoAB-bkCiAHSjAewAQG4AQM~CBwQChgBIPsBKPsBMMICOEdo_wFwqAJ47xaAAcMUiAHTMbABAbgBAw~CAkQChgBIIYCKIYCMNkCOFJonAJwxAJ46D2AAbw7iAHMkQGwAQG4AQM~CBwQBhgBIIoCKIoCMO0COGRoswJw3QJ41gKAASqIASqwAQG4AQM~CB4QChgBIIoCKIoCMOICOFhotwJw2gJ45wyAAbsKiAHhE7ABAbgBAw~CCoQChgBIIwCKIwCMPUCOGk~CBwQChgBIJECKJECMPMCOGJozwJw7wJ47zKAAcMwiAGDcLABAbgBAw~CB8QBRgBINkEKNkEMJYFOD1o8QRwkAV4lg-AAeoMiAGLJLABAbgBAw~CCIQARgBINwEKNwEMI8FODNo3QRwjgV4rAKwAQG4AQM~CCcQChgBIOsEKOsEMJ4FODJo_ARwlwV4k3mAAed2iAGKxQKwAQG4AQM~CCcQBRgBIN0GKN0GMIsHOC5o6QZwhwd490OAActBiAHqsgGwAQG4AQM~CCIQARgBIJAJKJAJMLEJOCFokglwsQl4rAKwAQG4AQM~CCgQChgBINsKKNsKMIULOCpo3Qpw-Qp48qwBgAHGqgGIAarCA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C3B3 0
17 B 34ms
34ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ktlze9q0&chm=1&c=1809388195768560&ctx=2&qqid=CMnrxp_ugfMCFdmy3godh1YJLA&met.4=fb.7p~lb.qq~ol.110~idt.-52~dt.-iq&met.3=374.ua~735.ue_1~734.ur~740.uw~734.xk~113.1ai_3~112.1ah_3&met.1=1.ktlze8fj~6.0~7.0~8.0~9.0~10.0~12.4~13.p~14.r~15.2r~16.qq~17.qq~18.qr~19.10z~20.10z~21.110~22.gr~23.gr&met.7=CBsQCBgBMBs4tApoBHAaeNAagAGkGIgBzi-wAQG4AQM~CCgQBRgBIJkCKJkCMPMCOFlo0QJw8AJ4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIJsCKJsCMJcDOHxo2AJwlgN47cgBgAHBxgGIAf-nA7ABAbgBAw~CBwQBhgBIJwCKJwCMPwCOF9o2QJw9wJ41gKAASqIASqwAQG4AQM~CB4QChgBIJ0CKJ0CMPMCOFdo2QJw8QJ45wyAAbsKiAHhE7ABAbgBAw~CCoQChgBIJ0CKJ0CMIIDOGU~CBwQChgBIJ0CKJ0CMPMCOFZo2gJw8gJ47zKAAcMwiAGDcLABAbgBAw~CBsQBhgBIJ4CKJ4CMP0COF8~CCkQBhgBIK8EKK8EMJQFOGVoswRwigV4pYEFgAH5_gSIAfn-BLABAbgBAw~CAkQChgBILAEKLAEMM8EOB9otARwyQR4q0qAAf9HiAHYuQGwAQG4AQM~CBwQChgBILEEKLEEMNAEOB9otARwzgR44BqAAbQYiAGVPrABAbgBAw~CCIQARgBILQEKLQEMN8EOCtouARw3gR4rAKwAQG4AQM~CCcQChgBILQEKLQEMOMEOC5ovgRw1AR4k3mAAed2iAGKxQKwAQG4AQM~CCIQARgBIM4GKM4GMPQGOCZo0AZw8wZ4rAKwAQG4AQM~CCcQBRgBINEHKNEHMOwHOBto0wdw6gd490OAActBiAHqsgGwAQG4AQM~CCgQChgBINMKKNMKMIoLODdo1Apw-gp48qwBgAHGqgGIAarCA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CC01 42 B
64 B 30ms
30ms Fetch
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsss7rp0xjinZteD5D81DpkULKchvwuYJeXpTMvaeioU1Y0O7phH7esHwPxyxiwCkO8SZ0OoOBIAdp6_UNwXMM-To5_9EBBj8ooinJjqgHuebbBkcB0q_A&sai=AMfl-YR7FTsXQhEXqTbLSUOHs0NVsvXULTYPnPRlQiuzZ1O39VbhHiB_1l15970WU1Tr8ojVyn9N3mZsvuHBpDuNn9F6FlVjMxmhALyZDDYjbGvpBh5R737txt9ScTShfsE&sig=Cg0ArKJSzJYkn7SNcsuuEAE&cid=CAASFeRo3hFV8Dk0H3Hd-BtYnmKF4vhADA&id=lidar2&mcvt=1115&p=395,1040,995,1340&asp=395,1040,995,1340&mtos=1115,1115,1115,1115,1115&tos=1115,0,0,0,0&v=20210913&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3576368608&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631739210020&rpt=697&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D6DE 42 B
64 B 32ms
31ms Fetch
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrKSbKPWx9UAZeL2Np0w1wyvt5QcVB2Kvyqx9Ff1g9wqxgbND7gKS17NxeJpV-3d0RcxtxSi3KN2zbpsfYdoRkFX1w6JssWigIU8MWrvrKPexzT9GVJQ&sai=AMfl-YS-f2GywDkWDMPjbLGH1Hxwy9ZHJ5pB3Tx_YOUfVLM_f_yiqrqYq8CJbxQuThdVXT5TkdB2tZKLlDENabC0_TWym9IJAvC5juEuX7RIlNXmyUUa7h_Mw3oaRy08muU&sig=Cg0ArKJSzJI-jFrt1tN0EAE&cid=CAASFeRotITCfi5wpbnv8BYR8qNqI7-GSg&id=lidar2&mcvt=1066&p=105,1040,359,1340&asp=105,1040,359,1340&mtos=0,1066,1066,1066,1066&tos=0,1066,0,0,0&v=20210913&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=377359326&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631739209982&rpt=951&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 style.css
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 3 KB
851 B 23ms
23ms Stylesheet
text/css 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

3b4e4189008f834ba932e2faa7f14aa98f82f40d41554cc2763d494b3b066c3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 823
x-xss-protection: 0
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 51D2 60 KB
24 KB 27ms
26ms Script
text/javascript 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Sep 2021 20:53:32 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C3B3 42 B
64 B 31ms
31ms Fetch
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuDyB_qUSZCSynTnMNUf1DLzz1f4e_dvISpo9sN0jdRuPse0l0UJSxyGksq7VIw0goVZJEVTBFI4RlfkVnTwMuK4XY3hbvFwds9KuSEUoUjV26JG4-ytg&sai=AMfl-YTgTrMsqJobHSC6EYXG6060J3_B9qIziDUDtiy5hppxEziFiLi_3e_cdWsLJzDygch8d_Q0I46vIRV10T3eCw09MPYRDzYOA6kngTIohRuTD9xHMtF7IoGNjU7BpLU&sig=Cg0ArKJSzNCkyU9BPSIQEAE&cid=CAASFeRoJeDqR0Zi8YmhEKWfmtF-Cd5yMA&id=lidar2&mcvt=1055&p=1109,436,1203,1164&asp=1109,436,1203,1164&mtos=0,1055,1055,1055,1055&tos=0,1055,0,0,0&v=20210913&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=323234422&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631739210031&rpt=957&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DCE 35 KB
13 KB 21ms
21ms Script
text/javascript 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

sffe /

Resource Hash

d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 05:56:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 15 Sep 2022 05:56:48 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 12 KB
12 KB 22ms
22ms Image
image/jpeg 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/visual.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

677247355d707661c2f09df518a4440796f509855322b031aa7c9ebc9ac7c4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
age: 183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11842
x-xss-protection: 0
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 slidervisual.jpg
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 23 KB
23 KB 23ms
22ms Image
image/jpeg 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/slidervisual.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

ccad2b5c103035dffac2eac578cbfd349e9cc7758ed8f0e88bcbc688a27c5171

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 183
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23787
x-xss-protection: 0
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 txt_lcd.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 5 KB
5 KB 25ms
24ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/txt_lcd.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

b12dbd4236d8618829e238cc724bfdd6ed098774a5ddcb0ccaed35b06ad03243

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 183
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4817
x-xss-protection: 0
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 txt_oled.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 5 KB
5 KB 26ms
25ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/txt_oled.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

2f163551cd4c05a951f651b257151420f86e30cabc6d1ad0b6dcfc9b302ab22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 23:34:14 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 76758
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5405
x-xss-protection: 0
expires: Wed, 15 Sep 2021 23:34:14 GMT

GET
H3 200 visual.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 16 KB
16 KB 26ms
26ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/visual.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

8f517bde65aa37bd16bb06f8456783290c587420f8619e96402c4897de03d816

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:35:12 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 47900
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16009
x-xss-protection: 0
expires: Thu, 16 Sep 2021 07:35:12 GMT

GET
H3 200 hl.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 3 KB
3 KB 28ms
27ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/hl.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

d2a99ae2f346ac2d5aa3452aaead7b35e6fc2163afc0f496952747218e53a325

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 06:01:24 GMT
x-content-type-options: nosniff
age: 53528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3483
x-xss-protection: 0
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Sep 2021 06:01:24 GMT

GET
H3 200 oled_circle.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 5 KB
5 KB 29ms
28ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/oled_circle.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

a617e7a5640ead6a7e32007967e5ecc30f2d3edb354b6a3c82bb1cbb7b8c5e96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:35:12 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 47900
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4666
x-xss-protection: 0
expires: Thu, 16 Sep 2021 07:35:12 GMT

GET
H3 200 oled_circle_txt.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 1 KB
2 KB 30ms
29ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/oled_circle_txt.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

bce321f3760f288b582d673755239fd50b6270c363178075ebf6d436892d00b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 183
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1519
x-xss-protection: 0
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 cta.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 4 KB
4 KB 32ms
31ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

8ccf8a0ca70f205118cc5dde1157444a1f8e94391f87bd566cca36ed020d4729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
age: 183
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3890
x-xss-protection: 0
expires: Thu, 16 Sep 2021 20:50:29 GMT

GET
H3 200 logo.png
s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/ Frame 51D2 10 KB
10 KB 31ms
31ms Image
image/png 142.250.27.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f148.1e100.net

Software

sffe /

Resource Hash

5427dba02f3b746fdf620f411991aba47524b744d31a14a0b51893187ba2fa70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9029837/1630662982339/728x90%20Pferd/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:50:29 GMT
x-content-type-options: nosniff
age: 183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9741
x-xss-protection: 0
last-modified: Fri, 03 Sep 2021 09:56:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Sep 2021 20:50:29 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1238 0
27 B 31ms
30ms Ping
image/gif 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: holdtoreset.com
URL: https://holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 15 Sep 2021 20:53:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 1238 56 KB
21 KB 22ms
22ms Script
text/javascript 142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
URL: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

cafe /

Resource Hash

5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2697
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21830
x-xss-protection: 0
server: cafe
etag: 12271523009236095090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 21:08:35 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 00C4 52 KB
17 KB 206ms
8ms Document
text/html 95.101.184.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.184.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-184-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://holdtoreset.com/
Accept-Encoding: gzip, deflate, br
Cookie: icu=ChgIopJxEAoYASABKAEwybqJigY4AUABSAEQybqJigYYAA..; uuid2=6771438738964795446
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Content-Type: text/html
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 16 Sep 2021 20:53:34 GMT
Date: Wed, 15 Sep 2021 20:53:32 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C7CE 281 B
554 B 69ms
8ms Document
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://holdtoreset.com/
Accept-Encoding: gzip, deflate, br
Cookie: rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVYgwYaQOmrhQqqbYrKIj4/MQh6lvVOnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6oEKFbU6PjSqi3MjDFVf/xlH9h; ses15=; vis15=342942^1; ses10=; vis10=342942^1; ses2=; vis2=342942^1; khaos=KTLZE7P4-Y-SWT; audit=1|hLZGFuTafB2DeJfr/rFdupu8NglgtZMXsoPVz05fOg6pppqiFqcTwa98d9PlGKKwIlukOfI2q0Qx+FptCLf6SosJP1ROpmaY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 15 Sep 2021 20:53:32 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 0751 668 B
731 B 44ms
37ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.0 /
Resource Hash: db1cd82152051a3014829695d28469f5d08513a16493d9e02b34b7a0b6e34cf4

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://holdtoreset.com/
accept-encoding: gzip, deflate, br
cookie: i=50306e21-7430-05ef-33e9-45ddb9ae4c58|1631739209
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=50306e21-7430-05ef-33e9-45ddb9ae4c58|1631739209; Version=1; Expires=Thu, 15-Sep-2022 20:53:32 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1631739212|gekin0vNiygu; Version=1; Expires=Thu, 30-Sep-2021 20:53:32 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.216.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 15 Sep 2021 20:53:32 GMT
content-type: text/html
content-length: 420
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 27E5 2 KB
1 KB 42ms
9ms Document
text/html 95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: biddr.brealtime.com
URL: https://biddr.brealtime.com/76130950-1579.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://holdtoreset.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Wed, 15 Sep 2021 20:53:32 GMT
Connection: keep-alive

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1238 42 B
64 B 30ms
29ms Fetch
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvFsV5ZTFKdmzVajn3EFgxnGk71msgnbGvAULbZABrmFa4K_f4xlRf171ozHliM8CaoZVOAGpDkbNjUX3NcHX4RcqlAeNzEvNdx3Wb3&sai=AMfl-YSclr_WxaAQF3UcI-lmoEI3jJl5M_Hy7MF9WHDbmeMkPj7q9dh8un0PbbPzziCuBFWvANFmP8rtocL473avbISyE0kFshk-R8y8DZhB0RV6GJ6i0J5yEvQ6TClXpaI&sig=Cg0ArKJSzOit60BGLM2jEAE&cid=CAASFeRokfveaQIIBFaWZJnoE_TO0XcFbg&id=lidar2&mcvt=1091&p=501,270,591,998&asp=501,270,591,998&mtos=786,1091,1091,1091,1091&tos=786,305,0,0,0&v=20210913&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=18150794&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631739209976&rpt=1490&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 1238 0
17 B 34ms
34ms Ping
image/gif 74.125.193.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ktlzeag0&chm=1&c=1809388195768560&ctx=2&qqid=CMbrxp_ugfMCFdmy3godh1YJLA&met.4=fb.6g~lb.15k~ol.1t5~idt.-3j~dt.-h7&met.3=374.sj~735.16t_1~374.175~740.178_1~749.1gw~735.1gx~735.1gx~743.1g7_u~733.1h0~742.1g7_u~736.1hj~735.1ic~735.1ic_1~734.1lk~734.1pc~734.1ug~734.204~734.20b_2~113.221_3~112.220_4&met.1=1.ktlze8e0~6.0~7.0~8.0~9.0~10.0~12.i~13.1h~14.1l~15.2d~16.15k~17.15k~18.15l~19.1t4~20.1t5~21.1t5~22.gz~23.gz&met.7=CBsQCBgBMDk4qRJoEnA1eNAagAGkGIgBzi-wAQG4AQM~CCgQBRgBIOoBKOoBMLsCOFBolAJwugJ4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIO0BKO0BMNQCOGholAJw0gJ462eAAb9liAHHxAGwAQG4AQM~CBwQBhgBIO4BKO4BMMoCOF1Q9gFYjwJg9wFolAJwwQJ41gKAASqIASqwAQG4AQM~CCUQChgBIO4BKO4BMKQCODY~CB4QChgBIO4BKO4BMKQCODZoigJwowJ45wyAAbsKiAHhE7ABAbgBAw~CCoQChgBIO4BKO4BMK4COD8~CBwQChgBIO4BKO4BMKQCODZoiwJwowJ47zKAAcMwiAGDcLABAbgBAw~CBsQBhgBIO8BKO8BMIYDOJgB~CAkQChgBIMMEKMMEMNwEOBloxARw2gR4q0qAAf9HiAHYuQGwAQG4AQM~CCcQChgBIMQEKMQEMN4EOBpoxgRw3AR4k3mAAed2iAGKxQKwAQG4AQM~CCYQChgBILYGKLYGMNMGOB0~CCcQBRgBIIQHKIQHMKcHOCNoiAdwoAd490OAActBiAHqsgGwAQG4AQM~CBsQChgBINgIKNgIMPQKOJwCQNkISPEIUPEIWJ8KYIoJaJ8KcNwKeMy-AYABoLwBiAHAxAOwAQG4AQM~CCkQChgBIJQLKJQLMOULOFJQlgtYrgtglwtovgtw1Qt4pbwCgAH5uQKIAdKMB7ABAbgBAw~CBwQChgBIJULKJULMMILOC1omAtwvwt44BqAAbQYiAGVPrABAbgBAw~CCcQBRgBIOsLKOsLMIgMOB5o7QtwiAx490OAActBiAHqsgGwAQG4AQM~CCkQBRgBIPENKPENMIoOOBk~CCIQARgBIPMNKPMNMJMOOCBo8w1wkg54rAKwAQG4AQM~CCIQARgBIKcSKKcSMMYSOB9oqBJwxhJ4rAKwAQG4AQM~CCgQChgBIOUSKOUSMP0SOBho5hJw_BJ48qwBgAHGqgGIAarCA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.193.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: di-in-f94.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame CD24 2 KB
3 KB 65ms
28ms Document
text/html 95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c0354bd11d5f912be39029b223a96590ffbb2aa05ed4e80d65c7aa2627cd3060

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMPS=3217; CMID=YUJdSkAsZF8KF4A5RqiL1gAA; CMPRO=1197; CMST=YUJdSmFCXUoA; CMRUM3=2d61425d4a2760
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|39|241|46|5|195|8|31
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1616
Expires: Wed, 15 Sep 2021 20:53:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:32 GMT
Connection: keep-alive
Set-Cookie: CMID=YUJdSkAsZF8KF4A5RqiL1gAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 15 Sep 2022 20:53:32 GMT CMPS=3217;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 14 Dec 2021 20:53:32 GMT CMPRO=1197;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 14 Dec 2021 20:53:32 GMT CMST=YUJdSmFCXUwA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 16 Sep 2021 20:53:32 GMT CMRUM3=1f61425d4c05a00&f161425d4c05a0&c361425d4c05a00&0861425d4c05a00&0561425d4c05a0&2e61425d4c05a0&2d61425d4a2760&e661425d4c2760&2761425d4c0b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 15 Sep 2022 20:53:32 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 0751
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1e3c6142-5d4c-4000-b808-dd9c1154b286

43 B
122 B

36ms
35ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1e3c6142-5d4c-4000-b808-dd9c1154b286
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
via: 1.1 google
server: OXGW/16.216.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 15 Sep 2021 20:53:32 GMT
Server: MT3 3944 2bcb57b master cdg-pixel-x24 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1e3c6142-5d4c-4000-b808-dd9c1154b286
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 15 Sep 2021 20:53:31 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0751
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=ixiGQohNhhOQSopC3xmfFttK0EmQSIQTjhmo_Xn2

43 B
106 B

61ms
36ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=ixiGQohNhhOQSopC3xmfFttK0EmQSIQTjhmo_Xn2
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
via: 1.1 google
server: OXGW/16.216.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=ixiGQohNhhOQSopC3xmfFttK0EmQSIQTjhmo_Xn2
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 0751
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5462359321968612908

43 B
106 B

35ms
35ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5462359321968612908
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.216.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
via: 1.1 google
server: OXGW/16.216.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5462359321968612908
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 0751 70 B
265 B 117ms
36ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=839c5178-ddb7-3a18-693f-8d35dd897fa5&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0751
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1&google_tc=

170 B
191 B

29ms
29ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1&google_tc=

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWZmMzgyYjItMTRjMC02NGJjLTdjZGYtZDc4YzE3NmJiMWM1&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0751
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=

170 B
191 B

29ms
29ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=7b29ee0a-2977-49bf-8a29-7873dec987b7&gdpr=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 293
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C7CE 31 KB
10 KB 16ms
16ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 0b6441c42d8b0e14d012e92c083744974ebda9d9a807da88d424d764a7ddbaa5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 20:53:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Aug 2021 22:28:27 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=26377
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9360
Expires: Thu, 16 Sep 2021 04:13:09 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 00C4 0
578 B 10ms
10ms Script
text/html 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:32 GMT
X-Proxy-Origin: 216.131.111.10; 216.131.111.10; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 3be5e32a-7f98-4fd5-be4c-6c87503e24bf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1238 42 B
64 B 28ms
28ms Fetch
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsttCEO8rHqMxPpnBG8fRHYMZriQPYBjktYVBeSTsLKVHgoVufL2B0bzpcy83JpVGhkUwOcskMj0XbULXeD_niVEKyGydtOp&sig=Cg0ArKJSzEqW4kY-93WuEAE&id=lidar2&mcvt=1109&p=0,0,90,728&mtos=1109,1109,1109,1109,1109&tos=1109,0,0,0,0&v=20210913&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=34&adk=250412562&rs=6&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&eosm=0&rst=1631739209976&rpt=1904&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 31ms
30ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021091001&jk=1809388195768560&bg=!1Nel15PNAAYT0U73E9E7ACkAdvg8WvEhstJ2ZArTt9pyV_U_Ixma346oAVx7QtsqqI2x2GYOmOhiLgIAAAVCUgAAANtoAQeZAoGADqQsTNY43-SQr2XITT4BpgoBVcH18Pf5AifpSluieI-iEz_QSf0TTPi4J0yZwLrvfO9zoIVR2NU69qeKk3yrEWeFcK7ZXYAL6QrHjhlE_YlQBylzI7b3ebPsSqAbTXyWV6LISsvBEJ96IyPd7qIRmLvDzxg8qRCcblNcA_5Y6LOCgEnIt9jqDH4hpgyW8TUikMv24Ndd0GRA-BDfNYz1DzG5-MaE6jolZdRXK0eNpdPzZ-ytEoQSRaGkre8v3EeYQCxZHVQ1wknF-kx-CetnjsMxPQjipePCWfCXdn-QjuU7konJc1OtzazSiDpqpaV-CpAhYE-Xc_UilK8QDtwUfNbpI0NCO1CZsAxUDyGDQufw1B97on2bIhjui4FQXmYofS0Qc3tUuIxxWYE0I8SoF_FKiiRZ_jvyky5-VL-PVWCua_dD65yBXFnWWO2MlcmXHKSRxz6r_q67mO8LaEPlRyU4uL32Cuab2lOp9dwHcDCAt7GvYXVIFD86eTqfZtOP4gHaZdBn_MOwL8-oSd1D4gEj7Nc0Qxcy9YuO2t-XaE3XbCHBit32sCBTKHxJSh9uCAwYSh47xrPcN9IodMnpVmKGTDO0dIJIwEOY_Lnb41WlDVRx3iEhbFI0FTe_39gOiRj9x-IT-6Bnzs-evqQ-_X37Ufd2WAEtmRSdYTgLhCyEuA3DH6cCOAD25nayE1v_-Kyb73AFE1QA8GJPGcGWJOmJcCWdvrCWMvWUzVhtDcwOPAQ2M2D3gk-lAinWcEEKeK1LsNeIjTSdz4un6nMRbHKMLgn_Ey0gJ8SLF2u3XNUZpwUrOW4B3eIWgzfhKgNsjd_PdOG7ZluY2q8Bde1WQw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://holdtoreset.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD24
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=

170 B
191 B

28ms
28ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 370
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame CD24 70 B
264 B 31ms
30ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame CD24
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&dcc=t

43 B
645 B

98ms
98ms

Image
image/gif

209.54.178.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.178.82 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:33 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: CW8MG31C6PPH9JVEW2JE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:33 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GAWW3MR98WGZX7QMRQJK
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUJdSkAsZF8KF4A5RqiL1gAABK0AAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame CD24 0
0 45ms
17ms Image
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 ix
ad4m.at/ad/sim/ Frame CD24 0
0 160ms
65ms Image
text/html 104.21.192.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.192.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame CD24
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5e497b71-ac8e-45d3-a0f8-ecffcc729d6c

43 B
1 KB

19ms
18ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5e497b71-ac8e-45d3-a0f8-ecffcc729d6c
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:33 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-5e497b71-ac8e-45d3-a0f8-ecffcc729d6c
date: Wed, 15 Sep 2021 20:53:33 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame CD24
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=1459bd2b-28f8-42a2-833e-6e6e3e3e8d14&expiration=1663275213

43 B
1 KB

24ms
24ms

Image
image/gif

95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=1459bd2b-28f8-42a2-833e-6e6e3e3e8d14&expiration=1663275213
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 15 Sep 2021 20:53:33 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=1459bd2b-28f8-42a2-833e-6e6e3e3e8d14&expiration=1663275213
date: Wed, 15 Sep 2021 20:53:33 GMT
server: Kestrel
content-length: 0

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame CD24
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6850256131040810176&uid=Q6850256131040810176&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

38ms
38ms

Image
image/gif

88.221.62.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.62.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-62-154.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 20:53:33 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Wed, 15 Sep 2021 20:53:33 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame CD24 43 B
425 B 8ms
8ms Image
image/gif 95.101.185.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YUJdSkAsZF8KF4A5RqiL1gAA%261197
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://holdtoreset.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 20:53:33 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "761e21-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3587
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 15 Sep 2021 21:53:20 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame C7CE 70 B
264 B 40ms
34ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C7CE
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ&google_tc=

170 B
191 B

28ms
28ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ&google_tc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZTI0ZGE4NGZlZjg1MjU2N2ZlODI0YmYzOTliMDUzNmJlN2E0NzljYQ&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C7CE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YUJdTQABy-weXwA6
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUJdTQABy-weXwA6&_test=YUJdTQABy-weXwA6

0
239 B

10ms
10ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUJdTQABy-weXwA6&_test=YUJdTQABy-weXwA6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1631739213.279283,VS0,VE0
x-served-by: cache-hhn4034-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUJdTQABy-weXwA6&_test=YUJdTQABy-weXwA6
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C7CE
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q=
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q=&google_tc=

170 B
191 B

27ms
27ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q=&google_tc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RMWkU3UDQtWS1TV1Q=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame C7CE 0
0 108ms
31ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C7CE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=1e3c6142-5d4c-4000-b808-dd9c1154b286&expires=28

0
239 B

55ms
8ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=1e3c6142-5d4c-4000-b808-dd9c1154b286&expires=28
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

Redirect headers

Date: Wed, 15 Sep 2021 20:53:33 GMT
Server: MT3 3944 2bcb57b master cdg-pixel-x11 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=1e3c6142-5d4c-4000-b808-dd9c1154b286&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 15 Sep 2021 20:53:32 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame C7CE
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTLZE7P4-Y-SWT&sigv=1&esig=2~728c4f9d067818f3279d58244d5c8b2d5c0d5d5a

0
447 B

205ms
20ms

Image
text/plain

188.125.89.204
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTLZE7P4-Y-SWT&sigv=1&esig=2~728c4f9d067818f3279d58244d5c8b2d5c0d5d5a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.125.89.204 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

e1-ha.ycpi.via.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 20:53:33 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTLZE7P4-Y-SWT&sigv=1&esig=2~728c4f9d067818f3279d58244d5c8b2d5c0d5d5a
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C7CE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=

170 B
191 B

34ms
33ms

Image
image/png

142.250.102.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.102.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

rb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ABBA 0
20 B 49ms
41ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBq4wSl1CYYezEcaBjuwP28uJoAcAAAAAOAHgBAI&bg=!lJell9PNAAYT0U73E9E7ACkAdvg8WsKLJWyc3D_MOn97opo4JwnDfD6aGCvdyh2TVO9ygIcSyuJG8QIAAAUmUgAAAGBoAQeZAscJup4y4Zj3hDDM08tJ02qm7QiBxSsiMliNZDBA6UUrG4f0CWjK7njvHsJq8k_BreNlAHYkYI9lBwajO09F7IFU7Jkxw825Rdt2BjqL2N2V9YYmnkNJKEhIzcJGA5Lu_bnSLdz_j8-6wZdOdK3wn7BQhhunWOWyKDHzfxATSe339LPqiPGIpdHcQOrWnD7NtgnOqEF2NaUJGqAOKfzorOrACHYQflg9NeKq5OWCB5l08C0z60cy73hoEfBRG8eoQKsnrk0JY2uJXxh6YPnV4YzGMniO2YL5vg7Vx-wx33R7GFcBd3lPzs1gCwzQhWG6JxkYRPSY1AgFxLENlmOcqndG4P0CZoFAg9tu65t5bw5XMsaVOzm0xYe-CoF4tQkNtFkddfTSpLqWo1_ZrtIlEr8K5JcFM5_hSJsikjxoxcCuSqtYPrW8NlN-edMatRoHAPjBb1f4Eqx6sOW85gGAp-6BOyGQDaPcZ7dF6Gfo_9Eo1SnJML2AD7Dc9j6mDWj0sQnEFE-D5sboqUB1xOydyfJo9DQY0qpye2zlRLkrbgQ7_ZZ-_2_5JE_7FSp3fil_JM-Rrgn_2wX1YacsRN8aMDwZfNGnawMCFg0iosHN2bnJR6gPs9BkliyEiLev611wOfr4RiGMObW8UDM1JEpa7OMWWcX6FF0ZjUObZnX67s9FDXF2fRYgOkCsGTNyog9CW38v2pTJO975axv3m1rIpBn3LRnaZ1HUDH4HMH2EQGbT4eUJ2hd424qJLMOo8ud6LtOFlyE600QLWrLn_TQGT1IorS9ujNMFlV-pGlAt17pTxYmD-_b_Elj1XK7kP-HrDLbu38TaeJl-bYljJ_bufjt7XKYl_lbtTuz-5BLDEBd8S_pMpl_0YUapOdq-fXzm5XGqRqDVn1YX2sHldniijD2gX28PMuWY-8rQA96qVlX-v2Y00H7qChM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEE4 0
20 B 49ms
41ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwZj4Sl1CYer7EbGorATj4ojwBQAAAAA4AeAEAg&bg=!29il2JzNAAYT0U73E9E7ACkAdvg8WtHyGU6bBVYxyGU4D58fbJhcy4rNbHejgCA8HvDDOwkWN-15FgIAAAUTUgAAAF9oAQcKAIbsExW83O9s_dl83oi9MshzilbOgT4hdfK_5zFrah2GNm4w3HdrafgGVLMOfP7S8-F3gmKI0q2jcFABZfOVOUhcfrfUhcQtLC70LCgGLgsPYEn5F-Uka3wR9J-zKQ2kj3ahnthUlrEDeTxkvYpQw3zfBq4RHPsq25ViNPcG3ZP6-HMeHyBKYZkC0Kfl-nY2svy28UN31U3MIrhk3iLuqeSWFShpv1Z_EiT0e3_vQZrPlpp-_-DnCbbHXn9u0icDkbfRl8iVx_Gb_xuH2epQhLPoFcvOPSto9Pj7LzFr5mB8uzCgbVnw83SyQvDwSGMkrHrFfwxX5bHa5k8w6gd_ks8vsVcCrwAyZLXnOdPXr4os0i02qSdhYaw-BK8kP_m2LZSp0ylqm0Elz4Evy5V3yNTfgdwzS8afP1PPzYKWNs7FDixhL9yV1bP006xCwVpg69siR-0UGaOivd631CLSYAV4MyA9TlDJQZGo5NF5JmKQGRXYLvXtCgR3iHqwlTcMou5JOtoAJmACJwuaL0KOlcVKi3EYh1CBDCuiHd14t5w1x268PD_nvHS1Vsz0Ib6q5dyO6dGqjPRu4NFcL9rrCX_3k-EdrrkTqxcZ0rKGFAPqv0GOpQtsp0xApSYEZK9sI0eEW4w5TJvJAj6HVFeJBWa1WAnoFUjpLtLjoH22fRxbYQuaguhBNWAuFwWhj6kOW62ukjw5u_Bi3-11Xwyjl8wvz8OimfFSLuc-T8HKPmr92W3iB1U-pmatKdPfUqRo11_J3txHnQ7F50TXngAr1B0l8LjDjeg2J_Cdrnsx9j12GbT76i3gUlX4gZl1UQt1yoZ6j4HjOnyV2JD5nvKX_viWknIY98UIr1e-cC2xEGMwsGuwzeN04VXgXhSYy26yLc4rErooBis0sq9gBN2YFY1DeMbQeqtIWD7EQ2eSOqkq7Om9fr2kH66boG0DiDhx-7yOzci6Aa4d3L6rEAjEUabyfNyyRhF_y77gkgZ-Mfufr3BHOF9--km28BCbJW3UKpY2-UdVAvg_hUdjhSxTrB0WFe1AwO7Qkm0wDyZbx3W7DXje_r1BS9kMcPBljdy8B34PupM80GudDdCOaycVB3vODQLlBB9DF6ohliGPsEdQcL40bsKjepACwg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F96B 0
20 B 39ms
39ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7AmWSl1CYYjdEMb83wO-v7ZIAAAAADgB4AQC&bg=!ODulO3_NAAYT0U73E9E7ACkAdvg8Wn0ovOj3dOkSoeI_z-nUhq3zpyi0UbiWrMlvyAnl9PfCp0hYiAIAAAVdUgAAAENoAQcKAMzBNcg01UvkSnQKeIaP9gATzp9QgelMBnZoueQjJtCSqZyT_AN2k8oYw8wX6M6ku6GGXZ_keyngaGxjrK-FFZHAUXgMajPCBHE1Ymc1LbsMjyXj7rwI6xA5djWmsG7urI99Ze7T7tyqJRy7xQH-bnf8af5T4uvjfCZ7Uj60LyeNUmybkv0_bbxqkdiVKf2hMl-2rjjEJ8h18HSEuYMPJWZCfScPZcpozKtRW7KB6mCnP2uMOobm0NSc_p23lQKy0eGhLa0_qKAfrYRCryuZAsNLuB1FO8M_47fT6V0Hyowubbw07e-ZHrM-5NPFuuzYJptjWGUlqDX0QPPmk28EbfEYVFdQJ8zuJaajzMS6wTdl3WUIpcOgQN3fzF12q-LrIRYGSw4nfXZ--faHlN2uFrErvXO6ZiAJy8YPePUj3uDesAUm9B_vzCL_85YRmG76mbMplkMmmdJS-mVp_SnnLnuc0FrUMyDbSZkaY2kZbHYrp77qXgn8g4j33rvw-MDoVVVfMCU01g6C2kH273rj2njWWIz_47se8ZIK3GY4vU8Xu2lDYtIGtcpscFiuPcn0c4qDRYYhqTUq2Mqjqv_nRt94YMjxPuvHtk0PGWLrox1LsoEUc5KlPE1ttwAED_Q-QwFtjkYhpTkGEa6uY8XG0qiEsyY9aaGIPP4gglaAasJMkf2BilvLPUHXocMq-ehr3DR9D9RE5vmUhKWKJ6NqIzkq5IDFuiTmE5o6j_qDQlPiIPDDI6fWeKPIkXd_wo8mZWZOGuUJbM-0XtRGuRazm6oi67DXmIXUYibCcez36K3t1bsb0z6FhBGo4Rn7HPU8y4u5Z3fZjtzFTVdVTxX01PeI-y0Y38OYx-9ukTmkQLxPhIjaUDYvRCWGdKuPbuw-WnLhlM6C0wx1oHKKY2j-1hMEXktOpHCSngNEr3rB2rriPaK8jXN1eNCkuPPtjGKp52Tvwu_YR1CeXANfag4_1mUZJvz0jXWyPXCq1R9WJJ2coHQo5hqA98RVHfu-dzr6Aj4IygUj7K5c-EFtGYJGemVu5OoTuI7vB4JHCiFU5pZ-9PMHhJMO24XtPPmypSf_fsf4hU8ADuAI9GwbdZP-MstNGfHthLL3fRoc-5EWwGDkQ9bhbw4zsNvGXDxdhgGYwbFdr_cQxOL0pFwr5go5-29lzqEGrDFwQp7DtIil2cMg19OWABm4rR3JacR0XiEZvqVKrQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 07DD 0
20 B 35ms
34ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOFEySV1CYYijGtnl-gaHraXgAgAAAAA4AeAEAg&bg=!urmluf3NAAaUnz4elJ87ACkAdvg8WoIeSNI_8aTx6tFMjBQd4jqGLLUIORTk9169zXwjw_u1fum6xwIAAATQUgAAADtoAQeZAsME8JJCTokD2iBOiXMipHb1c9qRJWYDavnwc09VSMsd7EDHiATITkQRi6BtWdyuIS4PYqNO_2vYJKkvmrLHf7Es80WdIPhvkK0dmM_7sc8FrG_Akn5Dmf7X-a_2O47yvGFps3YpwRNoYDzUuS1QowCEjFhZi-nBGmxEl19LDqQ3MPDhchBD4wJutsmyzVxHquo1mmLB7rCoDn_AHJLw-TYwH-h2E7a85BNXdAtccfCe-b0Jgxv3nVcRbkK4TetkzrR3_d_cG0v0nUZrrU1siX9Yb6jUMvt6NkeIjCjYPbH8kmgkSp_I3HoDTM9yEWzKnlkFN2lEAOgep0viFRP5GZddrakUKuvFKI_iSIihcF0LgBdK8yExTCR1OokdVIU5YEHoUoOaRcXt9fKkoQH4bppP_TZXJuEy8NZ-uCNqXjthY2Ci0jPSpVgGxEGLx6rNMHKozJKxirfChfLkJjUGf3hmVdrwqrjbOhGq76o1zez-aHrtezuzdY1KRgV0He7u3pK9Okxp8Bl_gFfWb7sfSimxAv0U8TawCO2wTiZxVDUx4dS7n_LBY2SrLITDojL0ZmARWj-QsPAx9bGROX47GJCcY-I4nQ_tylrs1ydwgJl3bbQqB3p-1XAZMeBw4YbRMNknGwM4rB7UPpgk3eQOLszCxQ7LRyV8dtFQCWiv61pbz7-EUKHgGSeT8UuijsktyhOEs1_Yrmo35nT_1BMNDkvz0WrsiU7jAxR4Rcf7-hVyoFMN7tb3t-NcQI452ufraMrOdeWCnBl2sTsGMdbCMmlNrIowIivEOL8DzAI-jn226IdZZYjp_j_LhuCepr_3q9_whXVlS8hvA5bI3MJmYuQGXjx4-qutyIhE92vldoGWtTlXIKNlXDluyiKhSbGxuXBtJE9zABkn1pf2pfQRvRVgevZudVX8jYtV6tiTQJRH2ya4jg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2720 0
20 B 33ms
29ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzVx0Sl1CYYL4F4SU3gPBjb3YDQAAAAA4AeAEAg&bg=!V1SlVBDNAAYT0U73E9E7ACkAdvg8WpeBjO9zp3FRBW_MFZTFRw9Rt-K39CCrh5DBzzxm4XMxNo2WggIAAAVsUgAAADVoAQcKAJ2ai0uydWL-ws-oUWk3YtFtQBeF_d5JDMBQTrbANsmPGUSJV8b-RCx_sBDxSBHssOic_pwwlBAWFURqAsVWe0a3bxYicLvoDd2Xn-U-vJavgjaPEOztCGfkktJs89BV8SDxrdZq-vpLoqUltQy4anveMSWZSMFzbdY9k1hBvrAx0hUY5VPnrMvG4-3F6zgquU1CCNBp0Mcg5-KLkb42mQLSY4rnaPus7VxAerrCN2WNOsOTaYcvGc1W2ubX4oCTvJgWdGnRoEL2F2mJM6OlhQNcHtsKy4N2or8FoOBK__cNEN5JVwkiVd4nJ8mYwJ7exGb4e5GZa614NI1CG-gsIJYC5YaeUO_59sDeCk_QuDyp8dpTpQPAUOk0XEEQrSZBKRm_Yn6cAOl_dsODf8c6B8UqIO1-MQkPgeMxW5Jld1DL8bDU0liNGKPQ1WBNGNr25rsCWvIz-v5HWGA8vA_Ke346V1W3ND642agTeiNMAQ4J0DqE_NYRkFQQdtTNeRK-OcnSlkMPjVxJJ3X1JI7hvoD5GO-guImQIJHATj7yUb17APZdJFKG9pmVFmAsdwys8aljeilTLoDgsKDfTsrVgD9S4tuExYRw8laR1XR-IqzmDqM1nbmTVYo92_a5J-IxsEwkSU92RWn6oMNSbJ_4ysRzLrTn7gjxL3EUvkhbMmOzQDdRf9qaCIrKi03xgAlFVRP-xm6hddO17mPUxboE57nkbwBL302wkYv2hbOOBWLVjsbcgwKPQ2UqLr6NU87mXjI5pLprNh8FR6GTA-a-Stv3VQHJLrxMMPVAa_V8JvEVl-dHtDcyCAVnSm7Fixl3nAZ66I9lpyiKu5_RfwMaUxxZ_TPtUFORkWcNStp6aF35Av-fkFrUPYu3wMvuQKfcaiJYS0bLQ33toPx_41ELecb-rW7ULNFMdCNYy5f_mY5X9ADa81Cb0J4JFQrBcPIWmpBojrnPy0Lm5rbVyJwwSG7ODYDOFoon2BiNl8jI3hKdbPMwd7Xxd6JFAnYBWnvqFtt2UbCUU7qJJKdZ1FoJn4sb8H4qW7myyXoH4g1VhiXnvyPWh-s9xj0rG2PVOzAFLSwTrolZV5sxyGMWOnYuUkpFkfD7eiqgIW7UPyDM314lGBTeGH63WOWvspsYrwYtpx2ybe_teWagX1c_O-T9wNlSQuc

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DCE 0
20 B 30ms
29ms Image
image/gif 142.250.27.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYjNaS11CYYHBEuKBjuwPjfyruAYAAAAAOAHgBAI&bg=!p6SlpODNAAaUnz4elJ87ACkAdvg8WiUDY0hbhRVfobsoeZ-TgG4mFzCnhLmvdrdFCfOzBB0Q7NoWaQIAAAOpUgAAAEJoAQeZAsywPozNLXdPTRcdKd_QXip2t9Q7k32ouQgU2mjSo-AnW8zzUe9943co9nRHfSS4BZJEeBKFL7BszfOcbu6AChHvrwF0d4TOHDgBeUMVNVauAMphstzs4TwfDfzCvEipozoC1nq_ms3Y3Ez1rvQnI-4VM2-KVnF_Z6-PMMoHVLe_Gy_OaivycGCtSj_jboTeQU9p0P29IP-jjTLJrL1JAcNYmKBSVMdaLygp6HrmeHq-vpL7t8dX_8vwzE95PM7k6wkfFBlfu1YMx93MWCyU2ec5hi5qJdKvYAX8CL9SaoFgJnzdj3lGIGIVShxA2b17plEa-g-KN3gBxRRP7Cbfg5dcvJtOH_3o2VZJVF9bmPDvpNuItclGWfpvREJRl-pTPTR_vTq3vp7IQnOABnQ7hY1l6Z4In1Qozr0g8i7xJpZniglsR5WRD8q0qkr74z8jzJ6dbfJLU9IUiHlD2KurAFBQAKmp0CPmSbWM1wY7IQDgJAlLCYr1b_KSKfto3yZexAlmcKeWmzAUU5zhJUcyCc72xRpqV2IB8eSqUX9TmB90cvRICSJChV5YiaccGaQp5wzaSVl5yWRFUPKSwxV6ZxAA8bm81Ow-5Ru3kSCr0VzXZYOEPwQxEvMF5RBlTVXdv-X_JolHE_LtZFLQkE38O6_TTyj6huxeeZfNlnndKExU_ggZZvS3eFZK2JJP7yozo1bgpC1V2hCQ1GC3jzKKVjwzpmL8UNL_SmnrYid1GYu3KeATxeyRl9K3RaLzSMn4PI25ybgoikDVNH3IOSAgOlXBcCLur4gsqQQ6IUiNGR4n5BGtE7COe53aTSu4hZANKRt4-rNQ9_yQdR9zL2uOgf1Q57fucpxcst9Aq1CSgGZkUzXOEVQdLnbeSoqF48825a7v70q18lvg4ElgfCL0-lWUqJJVYKhj8y4bLq_8MFY0fqlBm1bBCkp1xbbXEA

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.27.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ra-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 20:53:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 00C4 0
578 B 20ms
19ms Script
text/html 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 20:53:33 GMT
X-Proxy-Origin: 216.131.111.10; 216.131.111.10; 537.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: c2d06050-3a98-4216-9f3f-777b1076cb5d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
holdtoreset.com/ori-and-the-will-of-the-wisps-the-lost-compass-guide	1969-12-31 23:59:59	Name: dt Value: 2021-09-15T20:53:28.938Z
.holdtoreset.com/	1970-01-20 14:46:51	Name: _ga Value: GA1.2.640643907.1631739209
.holdtoreset.com/	1970-01-19 21:17:05	Name: _gid Value: GA1.2.2084910429.1631739209
.holdtoreset.com/	1970-01-19 21:15:39	Name: _gat_gtag_UA_72398024_1 Value: 1
.lijit.com/	1970-01-20 06:01:15	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.openx.net/	1970-01-20 06:01:15	Name: i Value: 50306e21-7430-05ef-33e9-45ddb9ae4c58\|1631739209
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVYgwYaQOmrhQqqbYrKIj4/MQh6lvVOnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6oEKFbU6PjSqi3MjDFVf/xlH9h
.rubiconproject.com/	1970-01-19 21:16:11	Name: ses15 Value:
.rubiconproject.com/	1970-01-19 21:16:11	Name: vis15 Value: 342942^1
.adnxs.com/	1970-01-19 23:25:15	Name: icu Value: ChgIopJxEAoYASABKAEwybqJigY4AUABSAEQybqJigYYAA..
.adnxs.com/	1970-01-19 23:25:15	Name: uuid2 Value: 6771438738964795446
.rubiconproject.com/	1970-01-19 21:16:11	Name: ses10 Value:
.rubiconproject.com/	1970-01-19 21:16:11	Name: vis10 Value: 342942^1
.rubiconproject.com/	1970-01-19 21:16:11	Name: ses2 Value:
.rubiconproject.com/	1970-01-19 21:16:11	Name: vis2 Value: 342942^1
.rubiconproject.com/	1970-01-20 06:01:15	Name: khaos Value: KTLZE7P4-Y-SWT
.rubiconproject.com/	1970-01-20 06:01:15	Name: audit Value: 1\|hLZGFuTafB2DeJfr/rFdupu8NglgtZMXsoPVz05fOg6pppqiFqcTwa98d9PlGKKwIlukOfI2q0Qx+FptCLf6SosJP1ROpmaY
.holdtoreset.com/	1970-01-20 06:37:15	Name: __gads Value: ID=5195f2a6ffe808e8-22c3dc222fc900b1:T=1631739209:S=ALNI_MZD9XeqAkVvWK9Bm0cmzofc0yiPQw
.doubleclick.net/	1970-01-20 06:37:15	Name: IDE Value: AHWqTUnQGoDTR1EH4b2CHyna5hpInhnOV7qhW-YFBSp8wVd9OLC5WXYL9JKNF6pk24A
.casalemedia.com/	1970-01-19 23:25:15	Name: CMPS Value: 3217
.casalemedia.com/	1970-01-20 06:01:15	Name: CMID Value: YUJdSkAsZF8KF4A5RqiL1gAA
.casalemedia.com/	1970-01-19 23:25:15	Name: CMPRO Value: 1197
.openx.net/	1970-01-19 21:37:15	Name: pd Value: v2\|1631739212\|gekin0vNiygu
.quantserve.com/	1970-01-19 23:25:15	Name: d Value: EI4BDAGgJIqsMA
.quantserve.com/	1970-01-20 06:45:53	Name: mc Value: 61425d4c-c82b0-ffcb9-a6c30
.mathtag.com/	1970-01-20 06:41:34	Name: uuid Value: 1e3c6142-5d4c-4000-b808-dd9c1154b286
.adform.net/	1970-01-19 21:58:51	Name: C Value: 1
eus.rubiconproject.com/	1970-01-19 23:25:15	Name: pux Value: 1512%3D102620%262249%3D102620%262307%3D102620%263778%3D102620%262249-DV360-Hosted%3D102620%26goog%3D102620%26idl%3D102620%26brx%3D102620%26
.adform.net/	1970-01-19 22:42:03	Name: uid Value: 5462359321968612908
.mathtag.com/	1970-01-19 21:58:51	Name: mt_mop Value: 9:1631739213
.everesttech.net/	1970-01-20 06:01:15	Name: everest_g_v2 Value: g_surferid~YUJdTQABy-weXwA6
.yahoo.com/	1970-01-20 06:01:36	Name: A3 Value: d=AQABBE1dQmECEBoSYiTIRGxpLFgCJWNifZ0FEgEBAQGuQ2FMYQAAAAAA_eMAAA&S=AQAAAo0EzCd5pIu7iFdTl4_F7Ew
.owneriq.net/	1970-01-20 14:46:51	Name: si Value: Q6850256131040810176
.owneriq.net/	1970-01-19 21:30:03	Name: p2 Value: cc
beacon.lynx.cognitivlabs.com/	1970-01-20 06:01:15	Name: UID Value: 1459bd2b-28f8-42a2-833e-6e6e3e3e8d14
beacon.lynx.cognitivlabs.com/	1970-01-20 06:01:15	Name: ss Value: oK2jgvb7FM%2BTFFFg98kbvcUlrcAupnmdf1Bi%2BAtDJP0sfeArGjJA1H2rzCDHOunZEIqTewK69sj8btQ7oyys%2Fg%3D%3D
.casalemedia.com/	1970-01-19 21:17:05	Name: CMST Value: YUJdSmFCXU0A
.casalemedia.com/	1970-01-20 06:01:15	Name: CMRUM3 Value: 1f61425d4c05a00&f161425d4c05a0&c361425d4c05a00&0861425d4d27601459bd2b-28f8-42a2-833e-6e6e3e3e8d14&0561425d4c05a0&2d61425d4a2760&2e61425d4c05a0&e661425d4c2760&2761425d4c0b40

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://biddr.brealtime.com/check.js?nnn=1631739208672 Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

541e952a3fd239b89d6dfb8c3ac988ef.safeframe.googlesyndication.com
acdn.adnxs.com
ad.doubleclick.net
ad4m.at
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
beacon.lynx.cognitivlabs.com
biddr.brealtime.com
c1.adform.net
cdn.holdtoreset.com
cm.g.doubleclick.net
csi.gstatic.com
dsum-sec.casalemedia.com
e1.emxdgt.com
emxhb.emxdgt.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
holdtoreset.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
js-sec.indexww.com
match.adsrvr.org
nep.advangelists.com
okodigital-d.openx.net
pagead2.googlesyndication.com
pixel.quantserve.com
pixel.rubiconproject.com
prebid.a-mo.net
px.owneriq.net
s.amazon-adsystem.com
s0.2mdn.net
secure.adnxs.com
secure.gravatar.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
104.17.120.107
104.21.192.41
104.21.61.110
142.250.102.104
142.250.102.132
142.250.102.155
142.250.102.157
142.250.27.148
142.250.27.149
142.250.27.154
142.250.27.155
142.250.27.94
142.251.36.46
142.251.36.8
147.75.38.124
151.101.114.49
18.195.155.181
185.29.134.244
188.125.89.204
192.0.73.2
209.54.178.82
23.37.38.181
23.37.42.132
34.197.43.243
35.244.159.8
35.244.174.68
37.157.2.237
37.252.172.37
37.252.173.38
52.87.113.235
54.90.144.255
69.173.144.138
69.173.144.141
69.173.144.165
72.251.249.14
74.125.193.94
76.223.111.131
88.221.62.154
91.228.74.134
95.101.184.231
95.101.185.51
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
07403ef15ac28d21e46c504f0bae8973338e2690b01167fffb251470b5da0025
0a2090d5bb787607ebc9e64af37a55bdea59ba85e0a273f4479ae3ff89c678af
0b6441c42d8b0e14d012e92c083744974ebda9d9a807da88d424d764a7ddbaa5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
116e99ef1498c2ff29347fbaa56c3f3b97a98212023b0723adb8fc7c527304f8
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
14c87234cfd4636d189b748cedc1baca54e206b98f8ce54f58ede804649c3ae7
16e83d24f27002ae0b526b0d064fdc2763e3cae7045c7f88f251e8f38515dd04
1d1714057127e8cd32d3d493eae000981b88d6b1906b4592b96f3776b4f077ba
1e3e48a3467dbe47c72c636766b850ca9dca274716d8fe354a1afec4b370231a
203faa4328f0bcf6453d89bddb8a13561eaec599ec4a6301f4018f24ab96da69
20496d6c3e73bb34805560d37802d8585d0718dca6c8367492f22c454ba4221b
20dc67abd0ba83bdd896645cf1622b4caa1fab80494baed8bbf4d01d2e980ae6
2324ee0b166029690fa1fec5dca5a3afa08baffd9c68e6aa58a0ec55351bd326
238ab816ef823114ea7f39e129ed13094d6ea90e8c3b445b91465c994fb29d2c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2b7667e615da83c56fc992c057025fe48bac63b0e2c59e5039256d85390175d3
2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2f163551cd4c05a951f651b257151420f86e30cabc6d1ad0b6dcfc9b302ab22a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
378f58a27ec49cb523ece26c87b0a8f06501bb98ad63d9eae87c8cd396f616e4
378f79bc8e52dc7c86332d048c8b8f57ad672c3c917ca54b08630bb487b99d3f
379786ba7efd28c3688079772572e32e8ec2f95812bbaaad547fb3650878cfdf
38c2f3e5fc93b003e3631107b6080f0be39c3c3da4706e2baac19d6f15102059
398f165fb90ea53788cd1a05817c7d5c093ea3b2f4aee44a4e823ed48c8a555a
3b4e4189008f834ba932e2faa7f14aa98f82f40d41554cc2763d494b3b066c3c
3c8ba982e1a7629cb5be1c6e7ac909bb494b895a63affce2f6306e5cd244505a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44abe3410418a547f3412ba93a94ffdfd1dbadf9c785418af8ef15d7877fa2c8
4583afde7981cdf42215109b7baf7bee2bdbd6f45d22b4fb4f1e7e687dcf7665
4a0eea6626fa96be69a1d48df3f8493661e2c2ea0fa8b5caa949f765a66abea4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
517f4d36e0b879aadb5202a4dc6447c7af6e25e64a21403029ddcb8e20e2d95b
5257f9ca13e924a41ca83bdec64768c6b1eaaa16fbb0e9a0fe22873f0c6efa7c
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794
5427dba02f3b746fdf620f411991aba47524b744d31a14a0b51893187ba2fa70
574d0f8eeef6741771d3cef0cc4869634263181bbf42de1e93ca22dcae36d8e3
59e295740351e5c2a8af723bd89bc70cc295d6e0eefe352c8b44398013a2e0c6
5b3bbf200573e1d5b176a4b4fd08536ce3f8e39fc8295462231dc58a62445144
5bddb0ce048b80cc54fb4dac134b835c13575e06cd0cf83f7bd1d008f4a44360
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60576232472f68d95df1af2c82ccb71bd4a30e26d6ce0202d3df5449d9a1727b
6347b51c63fbe0de68f79e584272eea54af337de7ebbd681f0cd81ae5e83e7a5
6453eb90368dbd0bd62a66e0a3d9b2ea74bbf0bb8ef86578ed1f4c240f611941
676be3c5f7c8dfa88261eff3c6b333ee72b5c2019e0dfec2636a19e4fb38f3ec
677247355d707661c2f09df518a4440796f509855322b031aa7c9ebc9ac7c4da
6b34064dd651e7de17800e610fb0e39682afc550b4c94a427269d7153599c7e9
6c76cae4aabc1d4236da2fecf8fcae818a2cf95406446774ccf9db5ca14d4b59
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9
6df968e65ed4801aeaf8c0633eeeea07d7639f9048302b29d87359730e76c869
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
724c2f6418710695d43b86863a1afb6fad49a65681130bb4af73650d3f7eb0be
7345db8b8745d32b70fbbb0867ab8488760e99ce94aa40a78e73ad7fcba15866
74a25ed30a2bde7ab590636a95daad501c8cd4f3984446270bd1925188785475
7829ed90578e36b00d0963d4fb11cf6907508e68453f5460c2e0af0386bdf353
79401eb4d01514d0e5019173e52db70f3ad069e56b567d03c0d89783c783c976
7a488b6eec146cd55817197d2524099ba4a7280fddcc9277418a7bb17ecd537a
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7f9e6df264d357f7e7d701d7b3bd2dfe77c6be771bbd75fdd3ad7c82488dd4fc
82d605aea1281c1020c7462aeba6f1b8b336a107701adb721cb08ffd56ce70e6
8348fe66b515449f719cb7b8278e1c84009bdaa96e18981641bc1e77d9e4cf1a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
897eaf2610e2e1ee4091aaf5906f50315216a7492a6b1a0730dbac9d43b56812
8c0f86778ab02fce43b703692fc3f99ec4bfda152f733c57da8c59d64e7dd7db
8ccf8a0ca70f205118cc5dde1157444a1f8e94391f87bd566cca36ed020d4729
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f517bde65aa37bd16bb06f8456783290c587420f8619e96402c4897de03d816
926d1ab3abf48cf01377caf6adbed8c8a5e9dd1726e174c945af41137661404d
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
97176844c8aab48cbf7e8485a744243378c94de38b5cebb2df46d1d7d0e7d321
985888bf8717d6bcc8e0db5945c3035b644d064bd541b2552d2252861860ab8e
9cdbef6b80103265ea466484480d7b93d810b1750e9e0c3700d8270bbccda386
9dff9c5d8bb8ff3117fe17757c275af96ca695dc60d7fb811331cb38815a91a6
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2f0eccf2a467c2e14ccf9ef1067aefe602b4eba6e02317985b32ca3ab5864b7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a617e7a5640ead6a7e32007967e5ecc30f2d3edb354b6a3c82bb1cbb7b8c5e96
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
abbe6ef7758de9bb497995416167a14b08fb4dbc9f178176824abf4bc3e9201a
aefe9f31909799252840c143110e10be71d8515345f8b54473b819ac1376b9a4
b12dbd4236d8618829e238cc724bfdd6ed098774a5ddcb0ccaed35b06ad03243
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b8b0818c560c40c73866a81c2eccafb3139266b22c01be2a9d7bf8a2be4565e5
b90d8b27a09bf18da02894fbb680ee8deda43c871723a70e88b40a7549c1c113
bce321f3760f288b582d673755239fd50b6270c363178075ebf6d436892d00b0
bd9e1f6390136b9c83e656c6434f5007b910f584a7df35527fcdb1e883991282
c0354bd11d5f912be39029b223a96590ffbb2aa05ed4e80d65c7aa2627cd3060
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2d72a577cee8bf989e7c2f4dcc0450d14e349889855b9973839052358cd8758
c2d8d4301e5ed9786fd7a2ece804cd3375f0cc75a65adce60bb17abac7e98f3a
caa24495ce080d5f76cfee7bd1821829450124b00572ed9d9275556b4fb4ad93
cacbe8d075be5b96af1d81fa4753efcb5fdf25ae5acfbf8b6fe16fba1197eace
ccad2b5c103035dffac2eac578cbfd349e9cc7758ed8f0e88bcbc688a27c5171
d1f5b98b33b416eff8b46de22aa601f5cea827305010b7a977ade6aa53804676
d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60
d2a99ae2f346ac2d5aa3452aaead7b35e6fc2163afc0f496952747218e53a325
d34ea16129e77c49c444f4b002a797e3105c4791199d085a02d7df1ef9358aa7
d74392e183eda284402b1b677afa14ce439654d46b1fdb45bbb0f4a72d9c95bc
d7bee1a8c8ded1d0e61fb3f21eed3c367a6bc94d2295a562bd5067c3f1243348
db1cd82152051a3014829695d28469f5d08513a16493d9e02b34b7a0b6e34cf4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e05c92727e9892dad43d0d90d9cc376c27431042968b573be284035300456ac1
e1123f0dbae7dcd9fa76d9b4a3e863bdf057d3a0eff034ec05f864d34732a30b
e21d0e97db8221de788cba8ede1bcfcc20d1546f8303ae2d008f8e23db7464dc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea72ca708f32dfad93ded61c686e21db592c2fdaf537ea33c87f39dc66fb4816
edff2795b5d4724f0ba6d07f9b2522f82a8abc254e7086be90461277b32b027c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef84c2db59f8487061b457275c4e0956cae815397a1e6d73c2f0c2d71dbf1022
f10db5ca926522b5afa9f275367f169096c4ae5a1daaa6109b161e7db3d9359a
f4fcf19981dfc07f2a86835a35058ab48ecc08b36de09f50f6be890c4fcec5fe
f779672e098b6e885a6e5ef13d56bd65955c817fd5cea1a96ffb937a361eefe9
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

holdtoreset.com Open in urlscan Pro 104.21.61.110 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

253 Requests

100 %HTTPS

0 %IPv6

32 Domains

52 Subdomains

35 IPs

6 Countries

2598 kBTransfer

5395 kBSize

38 Cookies

7 Outgoing links

Redirected requests

253 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

holdtoreset.com Open in urlscan Pro
104.21.61.110 Public Scan

Screenshot
Live screenshot

Full Image

253
Requests

100 %
HTTPS

0 %
IPv6

32
Domains

52
Subdomains

35
IPs

6
Countries

2598 kB
Transfer

5395 kB
Size

38
Cookies

253 HTTP transactions
5 data transactions