dl.twrp.me Open in urlscan Pro
147.135.38.227 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img
Submission Tags: falconsandbox
Submission: On February 16 via api (February 16th 2022, 3:13:53 am UTC) from US — Scanned from DE

Summary HTTP 127 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 25 IPs in 7 countries across 15 domains to perform 127 HTTP transactions. The main IP is 147.135.38.227, located in Hillsboro, United States and belongs to OVH, FR. The main domain is dl.twrp.me.
TLS certificate: Issued by R3 on January 22nd 2022. Valid for: 3 months.

This is the only time dl.twrp.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	147.135.38.227 147.135.38.227	16276 (OVH) (OVH)
10	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.179.194 142.250.179.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	185.29.134.249 185.29.134.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
9	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638::18 2a02:2638::18	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
1	2.21.43.22 2.21.43.22	16625 (AKAMAI-AS) (AKAMAI-AS)
4	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
14	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
4	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
20	37.157.5.73 37.157.5.73	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:400e:800::2004	15169 (GOOGLE) (GOOGLE)
127	25

2 147.135.38.227 (Hillsboro, United States)

ASN16276 (OVH, FR)
PTR: mail.twrp.me

dl.twrp.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
twrp.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.179.194 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s42-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.249 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::18 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.43.22 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-43-22.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.69.70.9 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal900017.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.4.28 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:800::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	criteo.net static.criteo.net — Cisco Umbrella Rank: 638 pix.eu.criteo.net — Cisco Umbrella Rank: 7678 csm.eu.criteo.net — Cisco Umbrella Rank: 7893	1 MB
24	adform.net track.adform.net — Cisco Umbrella Rank: 3678 s1.adform.net — Cisco Umbrella Rank: 7462	196 KB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120	268 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 37	42 KB
6	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14241 ads.eu.criteo.com — Cisco Umbrella Rank: 7942 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 10187	106 KB
5	gstatic.com fonts.gstatic.com	207 KB
5	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 197	35 KB
5	redintelligence.net hal9000.redintelligence.net — Cisco Umbrella Rank: 31122 hal900017.redintelligence.net — Cisco Umbrella Rank: 250519	7 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 2834 pixel.mathtag.com — Cisco Umbrella Rank: 1050	3 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 ajax.googleapis.com — Cisco Umbrella Rank: 250	92 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	114 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 9027	914 B
2	twrp.me dl.twrp.me twrp.me	16 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 741	641 B
127	15

	Domain	Requested by
20	s1.adform.net	track.adform.net s1.adform.net dl.twrp.me
18	pix.eu.criteo.net	ads.eu.criteo.com
14	static.criteo.net	ads.eu.criteo.com
10	pagead2.googlesyndication.com	dl.twrp.me pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com
9	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net dl.twrp.me
5	fonts.gstatic.com	fonts.googleapis.com
5	cdnjs.cloudflare.com	ads.eu.criteo.com s1.adform.net
4	track.adform.net	hal900017.redintelligence.net s1.adform.net
4	csm.eu.criteo.net	ads.eu.criteo.com
4	hal900017.redintelligence.net	hal9000.redintelligence.net hal900017.redintelligence.net
3	www.googletagservices.com	googleads.g.doubleclick.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
2	fonts.googleapis.com	cdnjs.cloudflare.com
2	cat.fr.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net dl.twrp.me
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	www.google.com	tpc.googlesyndication.com
1	ajax.googleapis.com	hal900017.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	dl.twrp.me
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	twrp.me	dl.twrp.me
1	dl.twrp.me
127	26

This site contains links to these domains. Also see Links.

Domain
twrp.me
github.com

Subject Issuer	Validity	Valid
dl.twrp.me R3	`2022-01-22` - `2022-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-04`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img
Frame ID: 11E710E97D746E5EE497C9A6A6E64667
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20190131/zrt_lookup.html
Frame ID: 1C3B21202135C1485E41A59CA5F4A7C2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&adk=1812271804&adf=3025194257&lmt=1644979488&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228672&bpp=4&bdt=535&idt=82&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2173282224718&frm=20&pv=2&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=98
Frame ID: 9BA3DA996E41EA1E39FCABEA5CE13CB5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=280&slotname=9867902396&adk=1200773066&adf=854766408&pi=t.ma~as.9867902396&w=740&fwrn=4&fwrnh=100&lmt=1644979488&rafmt=1&psa=0&format=740x280&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228676&bpp=3&bdt=539&idt=98&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iJlytZqS7D&p=https%3A//dl.twrp.me&dtd=102
Frame ID: 79534AFAF40E92A8643BB75722A9DE3F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=250&slotname=3960969597&adk=530044031&adf=4283947098&pi=t.ma~as.3960969597&w=300&lmt=1644979488&psa=0&format=300x250&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228697&bpp=1&bdt=560&idt=83&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=834&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=I4POXZz4cu&p=https%3A//dl.twrp.me&dtd=85
Frame ID: FC32422E7964188C5599291BC907FE64
Requests: 13 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMfK0Iu-LoAAbQuwPWGKByp9suBsqXxQ&u=%7CCVPBgU1ZEkGnxAQJHhApEum1xqlV51nmkIyihBhlkI0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy3TczrOKFBNFZKBpck_LC_V_6I9bmLhq2Pgr_1n7I1YG2W7bg9I1FeJBOckC4OQMfC5kWgvP0mhIYNwsA2xJUcUfmFa-j2QPH-K6fDMMy3_AyOYEZf5gYr4kzFaQvHFfwhplwfIY2JNnaK4W0KqwqNAhqDcXWFD_1nUFJqPneQXM8fxh7AmgV3JwdzQqZyf_AMb7W7MoMy3YbEb2udO1T1k8J6M0Ow1wpvnLzQomPY89Cl-dohcUi5nsNAM0xzDqD1jaDPPbsdIF99K9b90AJXQQoK-e8rFG5PJRereYZpc0nfTiG_iOrDtARro6Zb8Kw16xvIvf3P7WQCu5oak93sv04KG6me9cNkjl8FZWBZNJrwRol4y9yKGc_7gv1u9ScJxrwXQSUfdZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCouKk7GsMYq35MejF7_UPu6GbmA7JntKxXJXJlPdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTcAU_QojZ9iWBJVqEBY4L6gNokH9mJ23SJZnKHQn9k4ftawA9_-jr6CutJKs75D4ETC9Zvc0aCpYfBB4BvurwFWliz7UbaCe90uL-CTlcN6_Dy_wkeEFKhh9jT1GVzuWRo5YJmRpUr8oxFshxOWpc69CUmrpX2yvac1Tr9ABpqOuH6lyBLJ9E8uBPfVv68l0NZTtZmHSlFqQpZwQBNpx1n9V7XnMSJ2tW3lqJr9Qph1-hFZq5WawjQyzE8U-SA8x7WghfZczpx4Z0slnsYUduuuQF8F5lPG49k3fl09N-ABu254_fxrPujjgGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_13-5n4zh49Us3Vpe9pLaXW6lhZ1A%26client%3Dca-pub-3594204119287048%26adurl%3D
Frame ID: 928E07D9159ADD83828EB27B8BE48E3A
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1
Frame ID: ECB07979C1FBE6B7A35C6B08F1C35A8F
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMgIgIu8eFAAkEp8aI5AfyCkWG0g_nig&u=%7CCVPBgU1ZEkEUcxUBu1np8O9hntY47FpRjEN%2Be91z98s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl3wwNPA5cJtVCMQ29Uq1ZISpZFlZUHobe80zvSHZrJ31ZeMXF3BUX5MTD6wv-AWmPgjmZ_3ronM8ly7Xa_yRzS-HSSIAAE2AJs4DUMGJjnd03lA2rso68IkzoP0sVsepIz0F36xBdxcVddF8Fl6VukLvWC_jgQHEYYxhNTun0CyidpXDi2_0YuxkN-7Do0iS1E3uC5rWun7aPcnftZUJmAbvBYRe5v_2J4d8F8kopJhXFk1SMY55GYO7KDLEmvTQwPBqWcLoWplMgJQLJb17NnIUoJvRE5Y9JEJBWuixYxemaYBhb-c_3QnrqANMkwImSXD4Zhy6DjxE16HkMQR8xiHP3wyCDDE81g9CeyFOOFJa0rbULvRIJV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqGKr7GsMYoiBMoWP7_UPp4mk8ALJntKxXM3hkvdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTdAU_Q7xmQOPFf2Mi-Bq8LodQ4wyRSiK9CBS_N-AWt8SALGekT-roVNNDV7B-EpklCFRtyZUfJXgJMiLhQkt6p12zlPQdDptZ5VfX2FNXCZrKGaA83fWr0pBRO_0n8uN6V9J_60lNXZHv4JFrlITdKS7uGMoklRm24Z5AtFpOeQGkh4vrzva_WDKMbLrtrpeK2X1K5_iv6R0enZyIKD2NIKctMOJHII8ulYROZHI5c5jQIvVxAJmLUF6k7Lu0SyN6O_ozEhEsf_pVfFkZ7VUITZr9gSELxOiZq--xIDNU4gAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1-NWW5rZQGdm3AOLl55BG4Z5fI9g%26client%3Dca-pub-3594204119287048%26adurl%3D
Frame ID: A3786568E2C6D22AC11463015EE3AD72
Requests: 28 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
Frame ID: 9E100BF8C2CA03F9E8D088B5A7E610F9
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2DFF5F06C5FB226ED0579482F7D9A7AD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8A5FD39F24036BB32D020B0467AF4446
Requests: 2 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10869626/10869626.js?ADFassetID=10869626&bv=259
Frame ID: 54C4F741C47FD16B50D13DD90A651519
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download twrp-3.5.2_9-0-dream2qlte.img

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

127
Requests

99 %
HTTPS

54 %
IPv6

15
Domains

26
Subdomains

25
IPs

7
Countries

2166 kB
Transfer

3352 kB
Size

6
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://twrp.me/
Title: TeamWin - TWRP

Search URL Search Domain Scan URL

URL: https://twrp.me/about/
Title: About

Search URL Search Domain Scan URL

URL: https://twrp.me/contactus/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://twrp.me/Devices/
Title: Devices

Search URL Search Domain Scan URL

URL: https://twrp.me/FAQ/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://twrp.me/terms/termsofservice.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://twrp.me/terms/cookiepolicy.html
Title: use of cookies

Search URL Search Domain Scan URL

URL: https://github.com/TeamWin
Title: TeamWin

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

127 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request twrp-3.5.2_9-0-dream2qlte.img Show response
dl.twrp.me/dream2qlte/ 7 KB
7 KB 667ms
298ms Document
text/html 147.135.38.227
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 147.135.38.227 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: mail.twrp.me
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: eac8f3e4fd537fe771fa2b3b07e7680b928a928154dd6f74644d46a0b60434d2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 16 Feb 2022 03:13:48 GMT
Content-Type: text/html
Content-Length: 6885
Connection: keep-alive
Last-Modified: Wed, 16 Feb 2022 02:44:48 GMT
ETag: "620c6520-1ae5"
Expires: Wed, 16 Feb 2022 03:13:46 GMT
Cache-Control: no-cache
Accept-Ranges: bytes

GET
H/1.1 200
OK main.css
twrp.me/css/ 8 KB
9 KB 513ms
163ms Stylesheet
text/css 147.135.38.227
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://twrp.me/css/main.css
Requested by: Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 147.135.38.227 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: mail.twrp.me
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: a8ee56c4e4dae37fc515d630419aa24a4eb77c44142a50a921b6043ee2108ec6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:48 GMT
Last-Modified: Tue, 15 Feb 2022 09:22:48 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "620b70e8-215c"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8540

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 151 KB
53 KB 79ms
37ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

127b93e67ecb62072da973c1edccab31936a0a72f925f7aa83d25d4e141f5a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53623
x-xss-protection: 0
server: cafe
etag: 11615728703340155424
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220214/r20190131/ Frame 1C3B 10 KB
5 KB 62ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220214/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Tue, 15 Feb 2022 21:01:30 GMT
expires: Tue, 01 Mar 2022 21:01:30 GMT
cache-control: public, max-age=1209600
age: 22338
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090101/ 290 KB
104 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3594204119287048&plah=dl.twrp.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34e8995f9c01da4e0e06cdb90e4f6ab6a0930035cb0d085bb8333418923e24d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106762
x-xss-protection: 0
server: cafe
etag: 11652735873008943650
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 211 B
641 B 74ms
26ms Script
text/javascript 142.250.179.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=dl.twrp.me&callback=_gfp_s_&client=ca-pub-3594204119287048

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3594204119287048&plah=dl.twrp.me

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s42-in-f2.1e100.net

Software

cafe /

Resource Hash

583fbe9711a1e0ffbb1caf14223321fbb34b815046f2711dae92cb5876b4b796

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 70ms
27ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dl.twrp.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 68ms
25ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dl.twrp.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9BA3 37 KB
13 KB 159ms
133ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&adk=1812271804&adf=3025194257&lmt=1644979488&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228672&bpp=4&bdt=535&idt=82&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2173282224718&frm=20&pv=2&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=98

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc33a9d2d9c8b7c4454e3745ac0eb567aa96809dc0db52cedb62836b4cb6d713

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Feb 2022 03:13:48 GMT
server: cafe
content-length: 12961
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 16 Feb 2022 03:13:48 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7953 23 KB
9 KB 164ms
146ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=280&slotname=9867902396&adk=1200773066&adf=854766408&pi=t.ma~as.9867902396&w=740&fwrn=4&fwrnh=100&lmt=1644979488&rafmt=1&psa=0&format=740x280&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228676&bpp=3&bdt=539&idt=98&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iJlytZqS7D&p=https%3A//dl.twrp.me&dtd=102

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f8053e56f2301888b88d9a03f4d3aaa7437392ab33b5b3aaae9b5f166dcf2c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Feb 2022 03:13:48 GMT
server: cafe
content-length: 9542
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 16 Feb 2022 03:13:48 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC32 23 KB
10 KB 156ms
144ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=250&slotname=3960969597&adk=530044031&adf=4283947098&pi=t.ma~as.3960969597&w=300&lmt=1644979488&psa=0&format=300x250&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228697&bpp=1&bdt=560&idt=83&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=834&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=I4POXZz4cu&p=https%3A//dl.twrp.me&dtd=85

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e158ca7240060de51fe9ffc1f9d5c3b474c451b75a3ce1c1a5015d552eef2664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Feb 2022 03:13:48 GMT
server: cafe
content-length: 10278
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 16 Feb 2022 03:13:48 GMT
cache-control: private

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090101/ 150 KB
53 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202090101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99dd208d147ec93cdc72ad266a77f2eea8cf8dae49f37217ab8f230adb36d200

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54544
x-xss-protection: 0
server: cafe
etag: 12592913498134722333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame FC32 3 KB
2 KB 87ms
25ms Script
application/x-javascript 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dNMVl6Wm1aRFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNTUyNzIxOTgxNjEzNTI1NzUvOTk2NjQ1Ni8xMDQ5NzQ2OS80LzBaN1BqYjYtSnkyVG9NTTNuN3dFQVlHVWxGbDZGOXdISm9oczlud18tazQvMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82MjU1MjcyMTk4MTYxMzUyNTc1L2Ftcy8wLzgwODIvMjMvOTk5LzI1OC8yMDAxOjFiNjA6MTAxMDo6LzAuMDAwLzE2NDQ5ODEyMjgvMTY0NDk5MzgyOC80L3B1Yi0zNTk0MjA0MTE5Mjg3MDQ4Lw/FlPiWXEYF6DJ-Usqfij_kxgWh40&nodeid=1606&group=cdg&auctionid=6255272198161352575&shardkey=6255272198161352575&sid=10497469&cid=9966456&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.168&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%26client%3Dca-pub-3594204119287048%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=250&slotname=3960969597&adk=530044031&adf=4283947098&pi=t.ma~as.3960969597&w=300&lmt=1644979488&psa=0&format=300x250&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228697&bpp=1&bdt=560&idt=83&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=834&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=I4POXZz4cu&p=https%3A//dl.twrp.me&dtd=85
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.300.1 /
Resource Hash: 6e7fd00bb8f6435869d107279bcd070878340a8f7174d23534bdb297f7ce882b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1644981228
Last-Modified: Wed, 16 Feb 2022 03:13:48 GMT
Server: MMBD/3.300.1
x-mm-latency: 1 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x87, cdg-bidder-x134
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame FC32 2 KB
1 KB 66ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=250&slotname=3960969597&adk=530044031&adf=4283947098&pi=t.ma~as.3960969597&w=300&lmt=1644979488&psa=0&format=300x250&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228697&bpp=1&bdt=560&idt=83&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=834&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=I4POXZz4cu&p=https%3A//dl.twrp.me&dtd=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:58:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FC32 124 KB
38 KB 71ms
26ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0407b706128e672e5373e3291c030e785a364e458162ea64bad0356c4069382a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38569
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644842073869169"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame FC32 15 KB
7 KB 62ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3975966229b1c0ceebf499c9785110a8142f42b5bddb0122e3eca5666707ae45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6405
x-xss-protection: 0
server: cafe
etag: 2993485572248006277
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:23:25 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame 7953 2 KB
1 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=280&slotname=9867902396&adk=1200773066&adf=854766408&pi=t.ma~as.9867902396&w=740&fwrn=4&fwrnh=100&lmt=1644979488&rafmt=1&psa=0&format=740x280&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228676&bpp=3&bdt=539&idt=98&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iJlytZqS7D&p=https%3A//dl.twrp.me&dtd=102

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:58:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7953 124 KB
38 KB 93ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0407b706128e672e5373e3291c030e785a364e458162ea64bad0356c4069382a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38569
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644842073869169"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame 7953 15 KB
6 KB 63ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3975966229b1c0ceebf499c9785110a8142f42b5bddb0122e3eca5666707ae45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6405
x-xss-protection: 0
server: cafe
etag: 2993485572248006277
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:23:25 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FC32 0
0 68ms
67ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CerBD7GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBNoBT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlivoSU4ElhR-VlgTf5NipHFmYQHLKixj4vR1olbdxXDRVSgMyd8OABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTM1OTQyMDQxMTkyODcwNDgYAA&sigh=5u2H4iC1npU&uach_m=[UACH]&cid=CAQSGwCNIrLM60zEKLRNWqWG4h7kQvShdVaJkEixORgB&tpd=AGWhJms8N_sGDcoN3GGwgTiE2Jha-NRjkBG1QiJU3zUBO4nwz4qhZTFBlCmNtP0sT3eR__BvC0D8hSYXski_ZsIz3oHZZHKVho36ijBfi3DNqRGs7-rD1vGIBpn7xeoxIux2YM11tkFUIlhta_J6zMmS_Bg6adJ-2sVx5LQIuA1AOMnWbw4QMlHVWsJRvWJoeUxPNl_hfctrVlCgX1TEWkeFJKXOIZyCfYGk_6afKnsecFBJTC5PvirNYTFnEmpMFljMPKG8T95rLVd35Haag_cQeqSzq3nLwgLnTZO2o-Wn3kUmCP5ChBBHlLZljxQ_XCZpONrbOPMdWVrwgvNbG6rihW-VXfvou-jKZzrwZDEVkPjqMepEYsAcTK45-h1uIn-cm6T7HuE3vElhSNSX7pk3PjhzbENOzYn_vvYBhDFe0yzxIXRyXOQwS7DiZiqJBKDx2r1cC2yeVnDp2pDWa4N9k47-qWoBhWuB2uUEG_Q4mujEUCOn2mjuLKQvuKXvX3eJRqs63DxcbQ9-7a49ydoRJkVAxQXu3-gE8XLdHuYCLbj6GIOcImOS6ZXxPniPBQlupU904gfOmNcnc5TpYud0oMqnY6tU-2MhNXSlYEQkmK0vRTy_rcEAlL_qcGQAt2McLPhQ4Ix5dV4o9iNdlXO_CPDchYwwQtawXVjxtO2PGKKFOFJx9yYhNnDdjFo9VLTtbXF_VC2yV8haDc4RNDgOcyFhQDimEjOrorqF3_hDivh_jjCVkqr3AGdUhgdyhA0S9Va-JR-U6u56Kk0iQgJUSCaFdlKRwHBxwSbHBfE-Y4RbCMeWBGURe1dyrjykfGnTitesakrW3snZI-HW8RcN0HQUKJ_HJXaBdNyGQM3ddwZXPR1-fjwOR3I2ekP0WZawIclD3uwB4Tnh8U_98_YK5Qnw-kS4NQMUBWshoqaK5BPn9cFA_AFcZ9r359E5I67KAEXHLPHyzHKpq3_xSapY70a8Ag30Kk5sUT9ca82hMM5BSiCC11E3FcGIxjGOpREtX0xO3SLQYoF_ECvfIFfS5xe1wg5PmcH7HNH-CWgdFsVWfyyX2jhGZftXfmbXX8_kFZnE1guYLedaT8vgY7A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=250&slotname=3960969597&adk=530044031&adf=4283947098&pi=t.ma~as.3960969597&w=300&lmt=1644979488&psa=0&format=300x250&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228697&bpp=1&bdt=560&idt=83&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C740x280&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=834&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=I4POXZz4cu&p=https%3A//dl.twrp.me&dtd=85
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 16 Feb 2022 03:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7953 0
0 60ms
60ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0CtE7GsMYq35MejF7_UPu6GbmA7JntKxXJXJlPdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTZAU_QojZ9iWBJVqEBY4L6gNokH9mJ23SJZnKHQn9k4ftawA9_-jr6CutJKs75D4ETC9Zvc0aCpYfBB4BvurwFWliz7UbaCe90uL-CTlcN6_Dy_wkeEFKhh9jT1GVzuWRo5YJmRpUr8oxFshxOWpc69CUmrpX2yvac1Tr9ABpqOuH6lyBLJ9E8uBPfVv68l0NZTtZmHSlFqQpZwQBNpx1n9V7XnMSJ2tW3lqJr9Qph1-hFZq5WKQrxWbazz_c_bwp1Uip_izNl6ysmuGOa5ROTH_PDCbVXniXgzkaABu254_fxrPujjgGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0zNTk0MjA0MTE5Mjg3MDQ4GAA&sigh=WLlDGqrus6A&uach_m=[UACH]&cid=CAQSGwCNIrLMoWEyI9NTGKB1QVEb6xmAprScNZ38PBgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3594204119287048&output=html&h=280&slotname=9867902396&adk=1200773066&adf=854766408&pi=t.ma~as.9867902396&w=740&fwrn=4&fwrnh=100&lmt=1644979488&rafmt=1&psa=0&format=740x280&url=https%3A%2F%2Fdl.twrp.me%2Fdream2qlte%2Ftwrp-3.5.2_9-0-dream2qlte.img&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644981228676&bpp=3&bdt=539&idt=98&shv=r20220214&mjsv=m202202090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2173282224718&frm=20&pv=1&ga_vid=642980180.1644981229&ga_sid=1644981229&ga_hid=289938259&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=430&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C44756896&oid=2&pvsid=291814835295483&pem=743&tmod=1120836132&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iJlytZqS7D&p=https%3A//dl.twrp.me&dtd=102
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 16 Feb 2022 03:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 7953 0
0 110ms
30ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6ROQFmAKdg2ICAgAAALp3AM8EZKN-EOxrDGKVbaIwZhJATV3vYwAS&wp=Ygxr7AAMfK0Iu-LoAAbQuwPWGKByp9suBsqXxQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
server: Kestrel
server-processing-duration-in-ticks: 317832
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 928E 178 KB
52 KB 187ms
121ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMfK0Iu-LoAAbQuwPWGKByp9suBsqXxQ&u=%7CCVPBgU1ZEkGnxAQJHhApEum1xqlV51nmkIyihBhlkI0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy3TczrOKFBNFZKBpck_LC_V_6I9bmLhq2Pgr_1n7I1YG2W7bg9I1FeJBOckC4OQMfC5kWgvP0mhIYNwsA2xJUcUfmFa-j2QPH-K6fDMMy3_AyOYEZf5gYr4kzFaQvHFfwhplwfIY2JNnaK4W0KqwqNAhqDcXWFD_1nUFJqPneQXM8fxh7AmgV3JwdzQqZyf_AMb7W7MoMy3YbEb2udO1T1k8J6M0Ow1wpvnLzQomPY89Cl-dohcUi5nsNAM0xzDqD1jaDPPbsdIF99K9b90AJXQQoK-e8rFG5PJRereYZpc0nfTiG_iOrDtARro6Zb8Kw16xvIvf3P7WQCu5oak93sv04KG6me9cNkjl8FZWBZNJrwRol4y9yKGc_7gv1u9ScJxrwXQSUfdZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCouKk7GsMYq35MejF7_UPu6GbmA7JntKxXJXJlPdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTcAU_QojZ9iWBJVqEBY4L6gNokH9mJ23SJZnKHQn9k4ftawA9_-jr6CutJKs75D4ETC9Zvc0aCpYfBB4BvurwFWliz7UbaCe90uL-CTlcN6_Dy_wkeEFKhh9jT1GVzuWRo5YJmRpUr8oxFshxOWpc69CUmrpX2yvac1Tr9ABpqOuH6lyBLJ9E8uBPfVv68l0NZTtZmHSlFqQpZwQBNpx1n9V7XnMSJ2tW3lqJr9Qph1-hFZq5WawjQyzE8U-SA8x7WghfZczpx4Z0slnsYUduuuQF8F5lPG49k3fl09N-ABu254_fxrPujjgGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_13-5n4zh49Us3Vpe9pLaXW6lhZ1A%26client%3Dca-pub-3594204119287048%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e8d48e0c8be44a676569ea4d345ee8d4d59730af5a021545ac09d3b0496d3f56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hFezd_l2LGRs5Rpg1tfOBm5mw5fsvgl39X7KY8Rpnu32E_SAgtRH0UHGZI8-3UJoNgaLrLa_bT8xIR6ebSpgu9d3R2i8_3oHKTUmUW5jGFxj735oR_aVSZGhV6ptnPOLswe9JCq1DVOosbfAjkYnw0X2tOo7a0kw0it4xhXMPJKEvRpXX9WRQ-lVV8K2PtEYQlNRWi5kFpXP5sl8KD02RmExUMmz4X5E1JsKeAedJMTXnpW_IYBLDPwVVUxgFH-mLtmBUQ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 96454834
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 52ms
25ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dl.twrp.me

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 53ms
27ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dl.twrp.me

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/ Frame ECB0 10 KB
5 KB 17ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Tue, 15 Feb 2022 22:53:11 GMT
expires: Tue, 01 Mar 2022 22:53:11 GMT
cache-control: public, max-age=1209600
age: 15638
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK ugoxy02bc9a4 Show response
hal9000.redintelligence.net/zone/ Frame FC32 10 KB
3 KB 83ms
28ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ugoxy02bc9a4?subid=&gdpr=1&gdpr_consent=li&rnd=6255272198161352575&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYgxr7AANWYQKe4KMNgzXpA%26mt_aid%3D6255272198161352575%26mt_id%3D9966456%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_cid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%2526client%253Dca-pub-3594204119287048%2526adurl%253D%26redirect%3D
Requested by: Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: c07f3eb19f917fb03158e7bc1a3600b23eac667ade22de87ff899d699c7cd82f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3333
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame FC32 49 B
330 B 75ms
26ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=6255272198161352575&node_id=1606&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dNMVl6Wm1aRFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNTUyNzIxOTgxNjEzNTI1NzUvOTk2NjQ1Ni8xMDQ5NzQ2OS80LzBaN1BqYjYtSnkyVG9NTTNuN3dFQVlHVWxGbDZGOXdISm9oczlud18tazQvMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82MjU1MjcyMTk4MTYxMzUyNTc1L2Ftcy8wLzgwODIvMjMvOTk5LzI1OC8yMDAxOjFiNjA6MTAxMDo6LzAuMDAwLzE2NDQ5ODEyMjgvMTY0NDk5MzgyOC80L3B1Yi0zNTk0MjA0MTE5Mjg3MDQ4Lw/FlPiWXEYF6DJ-Usqfij_kxgWh40&nodeid=1606&group=cdg&auctionid=6255272198161352575&shardkey=6255272198161352575&sid=10497469&cid=9966456&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.168&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%26client%3Dca-pub-3594204119287048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.300.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Server: MMBD/3.300.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x95, cdg-bidder-x134
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame FC32 43 B
405 B 168ms
120ms Image
image/gif 2.21.43.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=6255272198161352575&v3=1073227&v4=10497469&v5=9966456&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dNMVl6Wm1aRFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNTUyNzIxOTgxNjEzNTI1NzUvOTk2NjQ1Ni8xMDQ5NzQ2OS80LzBaN1BqYjYtSnkyVG9NTTNuN3dFQVlHVWxGbDZGOXdISm9oczlud18tazQvMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82MjU1MjcyMTk4MTYxMzUyNTc1L2Ftcy8wLzgwODIvMjMvOTk5LzI1OC8yMDAxOjFiNjA6MTAxMDo6LzAuMDAwLzE2NDQ5ODEyMjgvMTY0NDk5MzgyOC80L3B1Yi0zNTk0MjA0MTE5Mjg3MDQ4Lw/FlPiWXEYF6DJ-Usqfij_kxgWh40&nodeid=1606&group=cdg&auctionid=6255272198161352575&shardkey=6255272198161352575&sid=10497469&cid=9966456&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.168&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%26client%3Dca-pub-3594204119287048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.43.22 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-43-22.deploy.static.akamaitechnologies.com
Software: MT3 4133 baa842e master ord-pixel-x16 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Server: MT3 4133 baa842e master ord-pixel-x16 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame FC32 49 B
330 B 81ms
28ms Image
image/gif 185.29.134.249
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=6255272198161352575&st=10497469&time=1644981229&nodeid=1606
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT1dNMVl6Wm1aRFV0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYyNTUyNzIxOTgxNjEzNTI1NzUvOTk2NjQ1Ni8xMDQ5NzQ2OS80LzBaN1BqYjYtSnkyVG9NTTNuN3dFQVlHVWxGbDZGOXdISm9oczlud18tazQvMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC82MjU1MjcyMTk4MTYxMzUyNTc1L2Ftcy8wLzgwODIvMjMvOTk5LzI1OC8yMDAxOjFiNjA6MTAxMDo6LzAuMDAwLzE2NDQ5ODEyMjgvMTY0NDk5MzgyOC80L3B1Yi0zNTk0MjA0MTE5Mjg3MDQ4Lw/FlPiWXEYF6DJ-Usqfij_kxgWh40&nodeid=1606&group=cdg&auctionid=6255272198161352575&shardkey=6255272198161352575&sid=10497469&cid=9966456&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.168&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%26client%3Dca-pub-3594204119287048%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.249 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.300.1 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Server: MMBD/3.300.1
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x80, cdg-bidder-x134
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 16 Feb 2022 03:13:48 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame ECB0 0
0 59ms
59ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSscU7GsMYoiBMoWP7_UPp4mk8ALJntKxXM3hkvdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTaAU_Q7xmQOPFf2Mi-Bq8LodQ4wyRSiK9CBS_N-AWt8SALGekT-roVNNDV7B-EpklCFRtyZUfJXgJMiLhQkt6p12zlPQdDptZ5VfX2FNXCZrKGaA83fWr0pBRO_0n8uN6V9J_60lNXZHv4JFrlITdKS7uGMoklRm24Z5AtFpOeQGkh4vrzva_WDKMbLrtrpeK2X1K5_iv6R0enZyIKD2NIKctMOJHII8ulYROZHI5c5jQIvVxAJiDWNju8oXEBd0KaXVz5IrMW6p_pHGhj1_bbWxmS91zdIqPAf__3gAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMzU5NDIwNDExOTI4NzA0OBgA&sigh=EfM1sW0v0mY&uach_m=[UACH]&cid=CAQSGwCNIrLMJ9saOquxmK6hjvWmHjhGJa1L2ZZf_BgB

Requested by

Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 16 Feb 2022 03:13:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame ECB0 0
0 31ms
30ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RO0HfJ2DYgICAAAAQ-Dmz_dz69YQ62sMYqt6ntsoxFGKLGLEABI&wp=Ygxr7AAMgIgIu8eFAAkEp8aI5AfyCkWG0g_nig

Requested by

Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
server: Kestrel
server-processing-duration-in-ticks: 329293
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A378 174 KB
53 KB 128ms
127ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMgIgIu8eFAAkEp8aI5AfyCkWG0g_nig&u=%7CCVPBgU1ZEkEUcxUBu1np8O9hntY47FpRjEN%2Be91z98s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl3wwNPA5cJtVCMQ29Uq1ZISpZFlZUHobe80zvSHZrJ31ZeMXF3BUX5MTD6wv-AWmPgjmZ_3ronM8ly7Xa_yRzS-HSSIAAE2AJs4DUMGJjnd03lA2rso68IkzoP0sVsepIz0F36xBdxcVddF8Fl6VukLvWC_jgQHEYYxhNTun0CyidpXDi2_0YuxkN-7Do0iS1E3uC5rWun7aPcnftZUJmAbvBYRe5v_2J4d8F8kopJhXFk1SMY55GYO7KDLEmvTQwPBqWcLoWplMgJQLJb17NnIUoJvRE5Y9JEJBWuixYxemaYBhb-c_3QnrqANMkwImSXD4Zhy6DjxE16HkMQR8xiHP3wyCDDE81g9CeyFOOFJa0rbULvRIJV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqGKr7GsMYoiBMoWP7_UPp4mk8ALJntKxXM3hkvdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTdAU_Q7xmQOPFf2Mi-Bq8LodQ4wyRSiK9CBS_N-AWt8SALGekT-roVNNDV7B-EpklCFRtyZUfJXgJMiLhQkt6p12zlPQdDptZ5VfX2FNXCZrKGaA83fWr0pBRO_0n8uN6V9J_60lNXZHv4JFrlITdKS7uGMoklRm24Z5AtFpOeQGkh4vrzva_WDKMbLrtrpeK2X1K5_iv6R0enZyIKD2NIKctMOJHII8ulYROZHI5c5jQIvVxAJmLUF6k7Lu0SyN6O_ozEhEsf_pVfFkZ7VUITZr9gSELxOiZq--xIDNU4gAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1-NWW5rZQGdm3AOLl55BG4Z5fI9g%26client%3Dca-pub-3594204119287048%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0afb2893873d3fadbd5f8c967bdbfbd4106eee653d3fd12c469af52a091ce4ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ErqXi_l2LGRs5RpgmeU3rZ-MQjLYLXyqcBnnPknRGlDdPJYplk7ZhXK9r9NzsGiODW9BznnbdYuU5skni9aVL2RMl8W40xw6CzhmdL6KhMDZbDWnDUtKxxgucwYBc9VfNBhnRP8vJ4QwkG9gCpAhB-Psrb_RTZrMSaznDtDmgjX8TafyddpBtmbrp0VSFLZKpOJw5PTiocoemxxngjWsC0l6UoNLpDMkEadJqg6QPKj4fimUYK2PuVm04YcJNf-LdzWdcQ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 102389612
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame ECB0 2 KB
1 KB 45ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:58:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ECB0 124 KB
38 KB 54ms
30ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0407b706128e672e5373e3291c030e785a364e458162ea64bad0356c4069382a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38569
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644842073869169"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/ Frame ECB0 15 KB
6 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220214/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220214/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3975966229b1c0ceebf499c9785110a8142f42b5bddb0122e3eca5666707ae45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 02:23:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3024
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6405
x-xss-protection: 0
server: cafe
etag: 2993485572248006277
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 02:23:25 GMT

GET
DATA 200
OK truncated
/ Frame 7953 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 820bdcfa153a20cef8f8bf6b09f175ba9f3696d9eaf1390a2434c581ea12e819

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK request.php Show response
hal900017.redintelligence.net/ Frame FC32 613 B
773 B 126ms
70ms Script
application/x-javascript 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=ugoxy02bc9a4&nw=20&renderingType=javascript&namespace=5c7b3f7106&subid=&uid=fe7333b14b8d0378&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYgxr7AANWYQKe4KMNgzXpA%26mt_aid%3D6255272198161352575%26mt_id%3D9966456%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_cid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%2526client%253Dca-pub-3594204119287048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3594204119287048%26output%3Dhtml%26h%3D250%26slotname%3D3960969597%26adk%3D530044031%26adf%3D4283947098%26pi%3Dt.ma~as.3960969597%26w%3D300%26lmt%3D1644979488%26psa%3D0%26format%3D300x250%26url%3Dhttps%253A%252F%252Fdl.twrp.me%252Fdream2qlte%252Ftwrp-3.5.2_9-0-dream2qlte.img%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1644981228697%26bpp%3D1%26bdt%3D560%26idt%3D83%26shv%3Dr20220214%26mjsv%3Dm202202090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C740x280%26nras%3D1%26correlator%3D2173282224718%26frm%3D20%26pv%3D1%26ga_vid%3D642980180.1644981229%26ga_sid%3D1644981229%26ga_hid%3D289938259%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D430%26ady%3D834%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42531398%252C44750774%252C44756896%26oid%3D2%26pvsid%3D291814835295483%26pem%3D743%26tmod%3D1120836132%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26xpc%3DI4POXZz4cu%26p%3Dhttps%253A%2F%2Fdl.twrp.me%26dtd%3D85&ancestorOrigins=null&random=3573170524861&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ugoxy02bc9a4?subid=&gdpr=1&gdpr_consent=li&rnd=6255272198161352575&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYgxr7AANWYQKe4KMNgzXpA%26mt_aid%3D6255272198161352575%26mt_id%3D9966456%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_cid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%2526client%253Dca-pub-3594204119287048%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 4bac9ca237a07749753794ef60caf480abe51e005567afcbe52a1d13ffded0a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Feb 2022 03:13:49 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 54447400014173004189731011872017
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 330
Expires: Wed, 16 Feb 2022 03:13:49 +0100

GET
DATA 200
OK truncated
/ Frame ECB0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fef0eb8aa6f7f63aa8e4ffc667697aa44e8de99d5b956b4ba668b3719543495d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 928E 2 KB
1 KB 81ms
24ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMfK0Iu-LoAAbQuwPWGKByp9suBsqXxQ&u=%7CCVPBgU1ZEkGnxAQJHhApEum1xqlV51nmkIyihBhlkI0%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy3TczrOKFBNFZKBpck_LC_V_6I9bmLhq2Pgr_1n7I1YG2W7bg9I1FeJBOckC4OQMfC5kWgvP0mhIYNwsA2xJUcUfmFa-j2QPH-K6fDMMy3_AyOYEZf5gYr4kzFaQvHFfwhplwfIY2JNnaK4W0KqwqNAhqDcXWFD_1nUFJqPneQXM8fxh7AmgV3JwdzQqZyf_AMb7W7MoMy3YbEb2udO1T1k8J6M0Ow1wpvnLzQomPY89Cl-dohcUi5nsNAM0xzDqD1jaDPPbsdIF99K9b90AJXQQoK-e8rFG5PJRereYZpc0nfTiG_iOrDtARro6Zb8Kw16xvIvf3P7WQCu5oak93sv04KG6me9cNkjl8FZWBZNJrwRol4y9yKGc_7gv1u9ScJxrwXQSUfdZ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCouKk7GsMYq35MejF7_UPu6GbmA7JntKxXJXJlPdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTcAU_QojZ9iWBJVqEBY4L6gNokH9mJ23SJZnKHQn9k4ftawA9_-jr6CutJKs75D4ETC9Zvc0aCpYfBB4BvurwFWliz7UbaCe90uL-CTlcN6_Dy_wkeEFKhh9jT1GVzuWRo5YJmRpUr8oxFshxOWpc69CUmrpX2yvac1Tr9ABpqOuH6lyBLJ9E8uBPfVv68l0NZTtZmHSlFqQpZwQBNpx1n9V7XnMSJ2tW3lqJr9Qph1-hFZq5WawjQyzE8U-SA8x7WghfZczpx4Z0slnsYUduuuQF8F5lPG49k3fl09N-ABu254_fxrPujjgGgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_13-5n4zh49Us3Vpe9pLaXW6lhZ1A%26client%3Dca-pub-3594204119287048%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 928E 2 KB
1 KB 83ms
26ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 928E 308 B
636 B 80ms
25ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 928E 507 B
835 B 81ms
25ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame 928E 43 B
347 B 525ms
29ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=PyymYgHbIRnoGeKlU3uCLY8ITtNdNftZT9WL4UrmUNrzR8ehI1H1It7Eew0MneAt6wQYKhxaAJMmYXfxTqkPrhTJ7JtQDwCz9ubMEoC-RIDtkHfI9XXAjy9ybCgmg3W-cUJPPZD6AXRiv279wjz-hHal--RxBNYR9nnCNGhf4WkaU_QuIoL7Box5eVyXTB9YbyP6DUGIhq4MbSeTlcy9-WH5kRILXP8T5hKJdzAulSMkD02XTkArsRwg8t7zp1inUCCjhrpEVMuhn30ard10PK2oKh-NwFQC8AiUxcbwH3lFnu-5UHju0qdney37Qd5TCd6X4HwP_sxyh750Rgiic4M5jG9fpF-43Pvy4P78coI9-E9-hmfRXhvreNMZFLu65CZ038Ba0EPLuOT1xcPhKX4f5RmVgDvoBMJK91LukjqjiwLrntsW1ORHVRXStwdvuutXKA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:48 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3419816
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 928E 12 KB
5 KB 89ms
33ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1153284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RoDaoehrD5d%2F5rTiV3BwaE8gOGjoITfsFB4CGmjyFPjPqmJmBWOohu%2BRMNgfG%2BHFPYLq6kjaeiKEgfg4HhBimUHoSd7KvW6xmSAIEKv8aG6voYuQftCvCIU4COruUZTRV%2Fpfc91ZDhHPbfSYGKCsHWh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6de39a2aef6cf407-LHR
expires: Mon, 06 Feb 2023 03:13:49 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 928E 12 KB
6 KB 38ms
26ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 928E 11 KB
11 KB 146ms
23ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=7UdBWGvSb6EyXA76xB-t9sZc

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29107087
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 11345
expires: Thu, 19 Jan 2023 00:31:57 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 928E 130 KB
131 KB 207ms
85ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=800&s=KoUUKAWq2H4WAfcVueGNhS0k&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

eca5a3f7bc3e8f14b0fc9f0660aa55984d880333375404b9c2ff200c97990d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29416383
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 133290
expires: Sun, 22 Jan 2023 14:26:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 928E 64 KB
64 KB 221ms
99ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1180105-_x600-nocrop.jpg&v=3&w=800&s=L3TCLFoAl8Br5PlRzmR2_ETC&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c86d9c3443dd46c2665dc9cf13e336e8c451bd11f9bdf46dd3850729d01b388c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29429796
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 65534
expires: Sun, 22 Jan 2023 18:10:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 928E 70 KB
71 KB 170ms
48ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1185170-_x600-nocrop.jpg&v=3&w=800&s=CtdGJvcp5_NFxoH6kfKb35yH&b=800

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

891c508988e595c4bfe45b60eb810a3656d7270e27618a3fa5494eed3ac9406d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29379010
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 72000
expires: Sun, 22 Jan 2023 04:03:59 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 928E 0
127 B 94ms
25ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hFezd_l2LGRs5Rpg1tfOBm5mw5fsvgl39X7KY8Rpnu32E_SAgtRH0UHGZI8-3UJoNgaLrLa_bT8xIR6ebSpgu9d3R2i8_3oHKTUmUW5jGFxj735oR_aVSZGhV6ptnPOLswe9JCq1DVOosbfAjkYnw0X2tOo7a0kw0it4xhXMPJKEvRpXX9WRQ-lVV8K2PtEYQlNRWi5kFpXP5sl8KD02RmExUMmz4X5E1JsKeAedJMTXnpW_IYBLDPwVVUxgFH-mLtmBUQ&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 16 Feb 2022 03:13:48 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 928E 2 KB
1 KB 33ms
32ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 928E 2 KB
1 KB 33ms
33ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A378 2 KB
1 KB 27ms
26ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ygxr7AAMgIgIu8eFAAkEp8aI5AfyCkWG0g_nig&u=%7CCVPBgU1ZEkEUcxUBu1np8O9hntY47FpRjEN%2Be91z98s%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl3wwNPA5cJtVCMQ29Uq1ZISpZFlZUHobe80zvSHZrJ31ZeMXF3BUX5MTD6wv-AWmPgjmZ_3ronM8ly7Xa_yRzS-HSSIAAE2AJs4DUMGJjnd03lA2rso68IkzoP0sVsepIz0F36xBdxcVddF8Fl6VukLvWC_jgQHEYYxhNTun0CyidpXDi2_0YuxkN-7Do0iS1E3uC5rWun7aPcnftZUJmAbvBYRe5v_2J4d8F8kopJhXFk1SMY55GYO7KDLEmvTQwPBqWcLoWplMgJQLJb17NnIUoJvRE5Y9JEJBWuixYxemaYBhb-c_3QnrqANMkwImSXD4Zhy6DjxE16HkMQR8xiHP3wyCDDE81g9CeyFOOFJa0rbULvRIJV&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqGKr7GsMYoiBMoWP7_UPp4mk8ALJntKxXM3hkvdwwI23ARABIABglQKCARdjYS1wdWItMzU5NDIwNDExOTI4NzA0OKAB1bbS6gPIAQmpAgn9wzr7DrM-qAMBqgTdAU_Q7xmQOPFf2Mi-Bq8LodQ4wyRSiK9CBS_N-AWt8SALGekT-roVNNDV7B-EpklCFRtyZUfJXgJMiLhQkt6p12zlPQdDptZ5VfX2FNXCZrKGaA83fWr0pBRO_0n8uN6V9J_60lNXZHv4JFrlITdKS7uGMoklRm24Z5AtFpOeQGkh4vrzva_WDKMbLrtrpeK2X1K5_iv6R0enZyIKD2NIKctMOJHII8ulYROZHI5c5jQIvVxAJmLUF6k7Lu0SyN6O_ozEhEsf_pVfFkZ7VUITZr9gSELxOiZq--xIDNU4gAbtueP38az7o44BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1-NWW5rZQGdm3AOLl55BG4Z5fI9g%26client%3Dca-pub-3594204119287048%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A378 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A378 308 B
636 B 28ms
27ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame A378 507 B
835 B 26ms
25ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame A378 43 B
347 B 448ms
28ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=M73mMjqIuRg9IBP6gwNPNSoSd0UL7U3WiOy3RT9Fb_Eq2LUWX2w1buDdrZSmbfQ4dApXGgSf8xRUmoEwGtIQE8T0d7Hl_3A71PTYS8ifmrLV2XCfQjxbWSR2AbYiWrB_Fdp4Fl1xv-fn5zx2wkOhKHW89m3GvmGE9eKyg-PHjeOHoJ__dZDYl2pyjcEMprO_83jhf7X0xg09fHNegn2eji8rQQ9DoCi35MecjwkawkFyYoDy2cDAWqG_PsP0BQoLcdC4EwAunAT0u5E5f_oKVS1-uqh7lI9pf9zR6NDPfyCV1ZpGfuRLwTCGoSZH36O1BNgqTHNAa86o7zxfiOnFH84B7LSlo3C0IgjKKlZhTSJ7TiG1a0uQflpC-CDaVWPJtyOwAAxulzpW7MdpNrTxnzFyGqyMPVDS5wJlGUI572YM8LiGvZ41kf_UwtHEGFUSEGtlCA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:49 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3073089
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame A378 12 KB
5 KB 43ms
37ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1153284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6lT11KF6wjT4u16q7u2PJZ6hP5cXDfiGpJJ2KdxSDUEDqcnyV3puDXLzZ0m0VOp6yuqIVsash7RIrz0YX6MD4PqZLmZWXBoff%2FU5RnH03IOHCP71hrT2FUcx5uAjDlbVdaku5BnjXCogpnUtKNJn98kR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6de39a2aef6df407-LHR
expires: Mon, 06 Feb 2023 03:13:49 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame A378 12 KB
6 KB 28ms
27ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 11 KB
11 KB 116ms
56ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=244&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=Y8QTAylViRXd_YhTvIqILQK5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29107087
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 11345
expires: Thu, 19 Jan 2023 00:31:57 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 56 KB
56 KB 164ms
104ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1217284-_x600-nocrop.jpg&v=3&w=400&s=RxEHBfpp8zwlWjkOH9r1PP-Y&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1354022eed343fcd7baecc7e45fae0413194e071806c1472ecb12b0592f62429

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29400830
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 57248
expires: Sun, 22 Jan 2023 10:07:39 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 38 KB
38 KB 151ms
91ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1755300-_x600-nocrop.jpg&v=3&w=400&s=XULV5VYxtWFzONVwW3SfjO1T&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8fbdb6a9a29815bccfd7694ee15e05557ff43a917a3835cfb36428d1ff64d9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29404305
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 38750
expires: Sun, 22 Jan 2023 11:05:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 66 KB
66 KB 158ms
98ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=400&s=BSa_CYNiehYpKpTcNn2jt3hT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29416383
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 67290
expires: Sun, 22 Jan 2023 14:26:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 35 KB
35 KB 176ms
117ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1185170-_x600-nocrop.jpg&v=3&w=400&s=mU4lbVxGsHK56nG3xzQDShCx&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

18175281dd4a8f377e4f51d4f455b8e41afae0a739c7a9f280f44b507afcf6fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29379010
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 35336
expires: Sun, 22 Jan 2023 04:03:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 69 KB
69 KB 176ms
117ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1165318-_x600-nocrop.jpg&v=3&w=400&s=U50QBZteurZUBwwnN0OH3RYn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

260152ce49fdbda7b0f1e2f69d61ce39ba49de9a161971192cdf63af15207dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29393256
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 70472
expires: Sun, 22 Jan 2023 08:01:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 47 KB
47 KB 84ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167098-_x600-nocrop.jpg&v=3&w=400&s=j4d1yhuztEmB2TJJ_kEGp4_F&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

906fb7b92424006a950354b306a845cad76b8ca9165266ff2f12e5aba812b5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29442988
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 48332
expires: Sun, 22 Jan 2023 21:50:17 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 93 KB
93 KB 84ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1183391-_x600-nocrop.jpg&v=3&w=400&s=5q7O1xlMswQDQhrB9oXO-ch9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

50fa7a5ba737bb599d788942e453b99b7af8869a26c3ee376d8c50de856b3569

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29393304
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 94984
expires: Sun, 22 Jan 2023 08:02:13 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 36 KB
36 KB 85ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1177705-_x600-nocrop.jpg&v=3&w=400&s=Rrizq4PWyD5doWc_fQ2Q8hqh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f70428f4fbf084f41fc0072c0b3e5faedfbfc6cb339f5745717aa1707c40945e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29544617
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 36444
expires: Tue, 24 Jan 2023 02:04:06 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 51 KB
51 KB 85ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1426500-_x600-nocrop.jpg&v=3&w=400&s=wnIBsdZJq834rFXeUmx07Nyl&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

806c8fa947d40a1705d499ad8a38f5b1e47eb0d068d177d6094187daae94cf02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29460686
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 51814
expires: Mon, 23 Jan 2023 02:45:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 47 KB
47 KB 85ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F2144317-_x600-nocrop.jpg&v=3&w=400&s=QweREwwMTTrsWXWbHagGF5PY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

90c5668f3b7037a319a593efc966d8818a8820e04b158731b9add77bb2b53605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30011310
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 48092
expires: Sun, 29 Jan 2023 11:42:18 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 40 KB
40 KB 92ms
92ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1412637-_x600-nocrop.jpg&v=3&w=400&s=ZkNfb_ifQbQOD_YGp1ptKa7O&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

78286f56a00e19213f7d7db5a444bc0d22dfec315d24e1273a52194acaae1937

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:48 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29507561
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 40602
expires: Mon, 23 Jan 2023 15:46:30 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A378 54 KB
55 KB 85ms
84ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1855525-_x600-nocrop.jpg&v=3&w=400&s=eiFMaHX5oAurEq4mABT4eSMc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9f7c2fef43ad7edc97dc7dad098b57f8139114d84bf4fbc01d2447f4b2015a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29412485
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 55784
expires: Sun, 22 Jan 2023 13:21:54 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A378 0
127 B 30ms
25ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ErqXi_l2LGRs5RpgmeU3rZ-MQjLYLXyqcBnnPknRGlDdPJYplk7ZhXK9r9NzsGiODW9BznnbdYuU5skni9aVL2RMl8W40xw6CzhmdL6KhMDZbDWnDUtKxxgucwYBc9VfNBhnRP8vJ4QwkG9gCpAhB-Psrb_RTZrMSaznDtDmgjX8TafyddpBtmbrp0VSFLZKpOJw5PTiocoemxxngjWsC0l6UoNLpDMkEadJqg6QPKj4fimUYK2PuVm04YcJNf-LdzWdcQ&sds=2&rev=unknown&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 16 Feb 2022 03:13:49 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A378 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A378 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 11 Feb 2023 03:13:49 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 9E10 7 KB
3 KB 65ms
22ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=ugoxy02bc9a4&nw=20&renderingType=javascript&namespace=5c7b3f7106&subid=&uid=fe7333b14b8d0378&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYgxr7AANWYQKe4KMNgzXpA%26mt_aid%3D6255272198161352575%26mt_id%3D9966456%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_cid%3Dc8f3620c-6bed-4d01-b02d-1ec2cfd399bc%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC8BF57GsMYv2EMqPM7_UPlpW5uA7Ph46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTM1OTQyMDQxMTkyODcwNDjIAQmoAwGqBN0BT9BXlU-rixdLDQonEY2l5PIvABsAXkXEpnBanL49sZPthTJuzDf00wijNeqvK64pBmFJG_E4qeA2QlXLJM2w1YvHD9UWgSaqOrtkIdmAJbN_Rdoz8n2QGeCxiEF4DKFlgSxZ6R4nSyDSqil63vv5Zp8b3Is-WzDixuma_WqCoU5erJ5hS4SEYPc7Pm7O9jFXhHldUZ3yzcQCTCqo6dtQg_b56sZ6dl0UU-eIjw6mpvgyDLGlyPgzwS2ZIRgYMkx0PJgG7ESMSs7ApQAZAN0oOk3QQhhN5JqOcE75czqABr2b2sDngcuWEqAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_11PaX2wO2KnO9HsO8oARQerKtYHg%2526client%253Dca-pub-3594204119287048%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3594204119287048%26output%3Dhtml%26h%3D250%26slotname%3D3960969597%26adk%3D530044031%26adf%3D4283947098%26pi%3Dt.ma~as.3960969597%26w%3D300%26lmt%3D1644979488%26psa%3D0%26format%3D300x250%26url%3Dhttps%253A%252F%252Fdl.twrp.me%252Fdream2qlte%252Ftwrp-3.5.2_9-0-dream2qlte.img%26flash%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1644981228697%26bpp%3D1%26bdt%3D560%26idt%3D83%26shv%3Dr20220214%26mjsv%3Dm202202090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C740x280%26nras%3D1%26correlator%3D2173282224718%26frm%3D20%26pv%3D1%26ga_vid%3D642980180.1644981229%26ga_sid%3D1644981229%26ga_hid%3D289938259%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D430%26ady%3D834%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42531398%252C44750774%252C44756896%26oid%3D2%26pvsid%3D291814835295483%26pem%3D743%26tmod%3D1120836132%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26xpc%3DI4POXZz4cu%26p%3Dhttps%253A%2F%2Fdl.twrp.me%26dtd%3D85&ancestorOrigins=null&random=3573170524861&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 790da5dc041821dfd1fb91c8f9ee35ec11293c1cf533e7c7f8c46024755ffe76

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 16 Feb 2022 03:13:49 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2304
Connection: close
Content-Type: text/html; charset=utf-8

GET
H2 200 css
fonts.googleapis.com/ Frame 928E 2 KB
1009 B 70ms
26ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Feb 2022 02:54:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Feb 2022 03:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A378 2 KB
580 B 74ms
35ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Feb 2022 02:56:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Feb 2022 03:13:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Feb 2022 03:13:49 GMT

GET
DATA 200
OK truncated
/ Frame FC32 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9874b27f711d935a8df5e253c9445ed901ea01df5116b5d0dc7a9fd51b2ebe2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 9E10 89 KB
90 KB 288ms
17ms Script
text/javascript 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 10 Feb 2022 15:13:29 GMT
x-content-type-options: nosniff
age: 475220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91556
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Feb 2023 15:13:29 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 9E10 747 B
942 B 310ms
39ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=53084577;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpp9h776uua6ea9g%3Ftprde%3D

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

bf215fa808b1327d6ef7c4677a94e622b53aee0335199936430f2942fc86fee9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:49 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 549
expires: -1

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame 928E 44 KB
45 KB 283ms
18ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 19:41:16 GMT
x-content-type-options: nosniff
age: 545553
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Feb 2023 19:41:16 GMT

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame 928E 46 KB
46 KB 311ms
46ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 19:41:16 GMT
x-content-type-options: nosniff
age: 545553
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47048
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Feb 2023 19:41:16 GMT

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame A378 44 KB
44 KB 293ms
35ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 19:41:16 GMT
x-content-type-options: nosniff
age: 545553
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Feb 2023 19:41:16 GMT

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame A378 46 KB
46 KB 315ms
58ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 19:41:16 GMT
x-content-type-options: nosniff
age: 545553
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47048
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Feb 2023 19:41:16 GMT

GET
H2 200 jizaRExUiTo99u79D0yExdGM.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame 928E 26 KB
26 KB 237ms
63ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0yExdGM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65022d5f76d6e8ca21971c6b00bd7af6533c705aedfbae57a94d44a9f4839e3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 21:27:15 GMT
x-content-type-options: nosniff
age: 539194
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26460
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Feb 2023 21:27:15 GMT

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 9E10 0
150 B 67ms
22ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=54447400014173004189731011872017&a=cc9b71a4&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 9E10 33 KB
16 KB 316ms
38ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=53084577;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpp9h776uua6ea9g%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 17 Feb 2022 06:44:45 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 9E10 4 KB
2 KB 40ms
40ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=53084577;click=https%3A%2F%2Fhal900017.redintelligence.net%2Fc%2Fpp9h776uua6ea9g%3Ftprde%3D;js=1;adfxid=1x;8380;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fdl.twrp.me

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7c7baeb5a063fed10e7496d21d6012ad5cc054299f5bb781a0f5156620a70842

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1982
expires: -1

GET
DATA 200
OK truncated
/ Frame 9E10 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
10 KB 57ms
31ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220214&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19da013ac12e09a5a9857ebcb002a44d99cb16bba6638c4ca1595d884102f2e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9724
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7953 42 B
64 B 74ms
51ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsswRzwuBkBa3jkBeyjE6S5H4JNgfKQhPwcp6uHijcRniw6JbSt69yD540MO4MErAftWBqhSDo9PrKfoMmbNELC9&sig=Cg0ArKJSzJf0rXoQuhKuEAE&id=lidar2&mcvt=1001&p=0,0,280,740&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220214&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1200773066&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644981228778&rpt=323&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 9E10 90 KB
39 KB 55ms
55ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 17 Feb 2022 06:44:49 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 03:13:50 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2DFF 13 KB
5 KB 18ms
17ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Feb 2022 22:50:31 GMT
expires: Wed, 15 Feb 2023 22:50:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 15799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8A5F 783 B
1 KB 81ms
31ms Document
text/html 2a00:1450:400e:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:800::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b4f71cab8d03e87c5191d6a613fe10cfe910c90dc8ae5fdf4842b04f3fcfdd8b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Go7acy4fWoZ60Wa3KaTLWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 16 Feb 2022 03:13:50 GMT
date: Wed, 16 Feb 2022 03:13:50 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Go7acy4fWoZ60Wa3KaTLWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 -KWncqjjGzUwfkE9Iz7kKrmGQUyasx7mQMa73T4tfiM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2DFF 35 KB
13 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-KWncqjjGzUwfkE9Iz7kKrmGQUyasx7mQMa73T4tfiM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8a5a772a8e31b35307e413d233ee42ab986414c9ab31ee640c6bbdd3e2d7e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 17:03:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36642
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13554
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 17:03:08 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 9E10 35 B
478 B 40ms
40ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=53084577&csi=iG9vl2dcjmBUAm8cnZRsWmsi1KGKCx5mvQ5DEPxSDrjrygPkIxxfk6Qy2EgK_x8pyPW_HrJPT91KxHlVJ2ebnd6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900017.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900017.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 all
csm.eu.criteo.net/ Frame 928E 0
127 B 24ms
24ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 16 Feb 2022 03:13:50 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 10869626.js Show response
s1.adform.net/Banners/Elements/Files/160090/10869626/ Frame 54C4 4 KB
1 KB 37ms
37ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/10869626.js?ADFassetID=10869626&bv=259

Requested by

Host: dl.twrp.me
URL: https://dl.twrp.me/dream2qlte/twrp-3.5.2_9-0-dream2qlte.img

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1b728cac220852bc76e9f0e5fe4a5b2ac4faadc96cdd091766b2b088844cad21

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: W/"62026354-e20"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8A5F 0
0 33ms
33ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220214&jk=291814835295483&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 1 KB
905 B 38ms
37ms Stylesheet
text/css 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3f95deb0fb3f290cd173a75a6b1b39beb065821dd009451ac2cd847f638dffd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: W/"62026353-5ef"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 54C4 30 KB
13 KB 41ms
40ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 117 B
413 B 42ms
41ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: "62026354-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 7 KB
7 KB 43ms
42ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3c53a2f3b2fb1faf91e5f2c476e0a9ec89ed38dc8666a469923b09b9721173e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1cbe"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7358

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 16 KB
16 KB 49ms
47ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c609515abbf7b754b26ca2f25751186159da54269e7bbbda89db6355652dbb07

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-3e07"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 15879

GET
H2 200 b1.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 7 KB
7 KB 51ms
49ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/b1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d9c2d3d15c40d77b0e466603aff3b13540e6fec4cb9d106b98a12db93f16f366

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1bf3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7155

GET
H2 200 b2.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 8 KB
8 KB 54ms
52ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/b2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

620877d80966782d88b31255132304930531edd5d3792854f8dfc4816416dbf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: "62026354-1e99"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7833

GET
H2 200 b3.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 8 KB
8 KB 57ms
54ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/b3.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7d59162941ab2c89197f8db7a428e791b24517825fe8b9de25c11a7699d2ea4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1fd2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 8146

GET
H2 200 b4.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 8 KB
8 KB 73ms
70ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/b4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f1a7c99a269bc09772a3aea64343e714ee4b8db6c7a5c9494e7b1aa2d115d64e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1ec3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7875

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 3 KB
3 KB 73ms
71ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a7f660360f986830418098d593c35845d576cf1d16de89151f8c77266ee3164f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: "62026354-b36"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2870

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 2 KB
2 KB 74ms
71ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8c5b28b6a34e7a768e0658ce1230677d79a109c9578c62c98c5961020c77f119

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: "62026354-779"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1913

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 2 KB
2 KB 75ms
72ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2f44a459ede8be3dd24268f27949c06880929fc876716e3787b8f6a4ae0928eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-78d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1933

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 7 KB
7 KB 77ms
75ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5f5cc14425f252a51538edf4a3e8eb842fc5f640a90e0e3a2b9856007aff50ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1b03"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 6915

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 4 KB
4 KB 79ms
76ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

94aea0bf6407c556d6403f2390af417fed122850cd2382a966b0bff02b839150

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-1084"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4228

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 39 KB
39 KB 84ms
82ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

bb6e08a8dc465aad8a234c6dfccd200a3dea506db71950bf63314cbcda13dc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:27 GMT
server: nginx
etag: "62026353-9a68"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 39528

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 7 KB
7 KB 95ms
93ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2fec46d6c6cea091c5555a2d620711cf4729fadf608d437ad96d60ffccff9d29

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: "62026354-1bee"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 7150

GET
H3 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 54C4 38 KB
14 KB 68ms
34ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1734314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UzR26tuSdwhsQYwk8sY7IW%2BzZxT1DxL3m%2BYPdw4AlzK3758%2FHaOwLKsresuxyIipEGsz27rqyIfE7gcCMnaKOh%2BOKtEwuJ1FJVied55bVPKBfk%2F3w6ztWZJ143%2FHHFfu%2BM7D0j7Uy3G%2BS%2FNaBdcaYJxm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6de39a31de5c76e1-LHR
expires: Mon, 06 Feb 2023 03:13:50 GMT

GET
H3 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 54C4 5 KB
2 KB 95ms
62ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2969068
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rJmrx9JW10aQcjqK45uPFo5A50w96Jh5KPaSdEVHsgEzBp%2ByIwsPfVcmyDfoAveupvOdPQwS%2F1Q9i3aTf25VyKlS6jBnJyudL%2Bnwvt3JjFW%2B2fmlKM9wejnQ%2FoEN5bD7SAoFKT0egxRqAetCNVKZVTS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6de39a31de5b76e1-LHR
expires: Mon, 06 Feb 2023 03:13:50 GMT

GET
H3 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 54C4 26 KB
9 KB 66ms
33ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3573294
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8578
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2FxgeQ367a352qYT%2ByBchdLx9uAhaKx4XctjBf7I8hIh4GqEl12TU%2FrPIypHRDCyRGik4akD2gCowt8PJw1875BbKzr1SdUYhbAfSn9528C0jAJoaXWe9diJppiIK%2BRaK9kHHRG8NKx6CatM4OCC85ZV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6de39a31de5a76e1-LHR
expires: Mon, 06 Feb 2023 03:13:50 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/ Frame 54C4 8 KB
2 KB 94ms
93ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10869626/bvpath_259/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5a48114c3cbaa77fab95d9ce5e3e5ab0dbd1cc9e4caf700106dc4aa9beb904bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 12:34:28 GMT
server: nginx
etag: W/"62026354-21d1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2DFF 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?c7euiw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FC32 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgDOgPkUwNp4Eou7YDOWL4ejVz_bc9QR4BrTVvJfV2QLaCyly4vsCV5cQWK7JEMHzqrVwxpxxOT_WqIZIDCRZApw&sig=Cg0ArKJSzJ07GH5HUNAKEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220214&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=530044031&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644981228783&rpt=559&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220214&jk=291814835295483&bg=!fH-lfzvNAAbAtJCDwLQ7ACkAdvg8WkGRfFC60ABIL4YW2v5X3vj4kU-3Ae6kwN1BH_dvP8I5DCDD7AIAAABmUgAAAAJoAQcKACq3rRQ_VH7CyU-hkzI7IVo3y_hQEtrMEE9DQeXBM2Eu5ANr3DkxLosOSiuZAsAScBcNGm2ev1fZveCyrWLZzs1sKTIvoWRq4X1-7CdjNQYi27-6rgHJgwCN0oqX7mOzGQxSV2QfDhs2ihXZOih7fhIIf2YOQaGfnmXuAkCLqFbTwPoCL9UMAcMp24UliLe_y8IpOSnHSJ8dKVv8eTh_Sf0KgGjlRzXL3TAmg3OZr6Y9Z6nY_qBvy7USZAcNKUNh_dSYOA6BbY-3sAck8FBazvEX5b3AxlG3bIckpWXNCmpvH2peUaezI0B0iTaDGsLRcUBE308dwEhA1tNuiQIhFIoM0fXqkjZ9aDQuVQn8OyDqdtYS00XSwb8YW6JbB0qElUIURAKny84GA-Retzm9XKG3Q_V4VfvrX0T6Q9vca2S_8XAvDHxFAyn6hGNqPq1uwoINvZ2xxvtEybOtS5sCUKew9VDdK1-WLPNEMP5Gw48Aq_mlbAwcigZwxkZA17sEZkE5n-GjlWhFoXpoMu4GRtFWUl5I-_JhU9NXlnd6tjdnKGq6sv286lH4JRKHQyYnYQ5wKaOss-jPTjmqcQIZuKGM8MXTFL-qsy-EoWTfp33wal9KerSuIkexIc-wfTWLRIdxiK3EY6T2XwdFuMRV89hckMZwktwsxUBKGR_e0JywZ7ah7yZ4_r1ReGqwIXx46SW8Cre-GnRNVflbBUSTQZAIPhxU2JyRYXAs2TePOUgRjyWxgLK7U1zA4VuUc6-rDszBaJEenSrQFXGARzDK7UWpYY7qeOkpwhJyS1Cr-VuKkV-vDNBRos22p_bybG0Sg1EdsJfwww0KOZskJLfleHwBfzwdvmdVhIbpita19apKDYTKbRXxhL8frps1mHJnGEDZra_lKCKQ3nie88Sd69Gein5fnZYFr1_QaWcz26N1jodFEmMMH4qwk8K8MKvjSa2dTK19d5Q4VzJr1-k7OaDoGMTkemPhC9ZN3OSLdw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dl.twrp.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ECB0 42 B
64 B 52ms
51ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssvpXSVh80fAFEswgTIWLzlEAcRAlQhWgCkLOmdwKQ8Iq6_r2qRpBSUsxpI5A0NkzNUbQenbaYtmAWt_P037etx&sig=Cg0ArKJSzI0vI8WRqUgWEAE&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=91,776,1001,1103,1268&tos=91,685,225,102,165&v=20220214&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644981229030&rpt=119&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A378 0
127 B 25ms
24ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 16 Feb 2022 03:13:49 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 9E10 0
150 B 62ms
21ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=54447400014173004189731011872017&a=cc9b71a4&vb=v
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=54447400014173004189731011872017&a=50b6a415
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 16 Feb 2022 03:13:50 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/serving/unload/ Frame 9E10 35 B
478 B 40ms
40ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=882830404662323162@@53084577,743947084876937809,100|1200|0|0|0|0|0|0|0||47|1|||||1|0|0|osxw0ynbtVpcPlakbYq96YwtpP63G3tUGvfJaJ9WsJrV45Q1NqWavom3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900017.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 16 Feb 2022 03:13:51 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal900017.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 928E 130 KB
131 KB 24ms
23ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=800&s=KoUUKAWq2H4WAfcVueGNhS0k&b=800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

eca5a3f7bc3e8f14b0fc9f0660aa55984d880333375404b9c2ff200c97990d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 03:13:52 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29416380
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 133290
expires: Sun, 22 Jan 2023 14:26:52 GMT

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.twrp.me/	1970-01-20 10:17:57	Name: __gads Value: ID=4eebd357b6ee393e-2213f44340cd0043:T=1644981228:RT=1644981228:S=ALNI_MagqaGQnsNqXl71vN0FVOeQLbnydg
.doubleclick.net/	1970-01-20 10:17:57	Name: IDE Value: AHWqTUl1xuU-VNNzwbzkZWIvGHrqbRhgb7SWA2H5OlEkjAtZBdY7pcaPNiGorzyzJic
.mathtag.com/	1970-01-20 09:41:57	Name: uuid Value: c8f3620c-6bed-4d01-b02d-1ec2cfd399bc
.adform.net/	1970-01-20 01:36:40	Name: C Value: 1
.adform.net/	1970-01-20 02:22:41	Name: uid Value: 882830404662323162
.adform.net/	1970-01-20 01:06:26	Name: TPC Value: 1644981230059

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
cat.fr.eu.criteo.com
cdnjs.cloudflare.com
csm.eu.criteo.net
dl.twrp.me
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900017.redintelligence.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.mathtag.com
rtb.fr.eu.criteo.com
s1.adform.net
static.criteo.net
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
twrp.me
www.google.com
www.googletagservices.com
142.250.179.194
147.135.38.227
159.69.70.9
178.250.0.160
178.250.0.162
178.250.2.135
185.29.134.249
2.21.43.22
2606:4700::6810:135e
2a00:1450:4001:803::2003
2a00:1450:4001:803::200a
2a00:1450:4001:810::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400e:800::2004
2a02:2638::18
2a02:2638::2
2a02:2638::3
37.157.4.28
37.157.5.73
46.4.10.47
0407b706128e672e5373e3291c030e785a364e458162ea64bad0356c4069382a
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0afb2893873d3fadbd5f8c967bdbfbd4106eee653d3fd12c469af52a091ce4ad
0f8053e56f2301888b88d9a03f4d3aaa7437392ab33b5b3aaae9b5f166dcf2c9
127b93e67ecb62072da973c1edccab31936a0a72f925f7aa83d25d4e141f5a5c
1354022eed343fcd7baecc7e45fae0413194e071806c1472ecb12b0592f62429
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
18175281dd4a8f377e4f51d4f455b8e41afae0a739c7a9f280f44b507afcf6fe
19da013ac12e09a5a9857ebcb002a44d99cb16bba6638c4ca1595d884102f2e1
1b728cac220852bc76e9f0e5fe4a5b2ac4faadc96cdd091766b2b088844cad21
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
260152ce49fdbda7b0f1e2f69d61ce39ba49de9a161971192cdf63af15207dbf
2f44a459ede8be3dd24268f27949c06880929fc876716e3787b8f6a4ae0928eb
2fec46d6c6cea091c5555a2d620711cf4729fadf608d437ad96d60ffccff9d29
34e8995f9c01da4e0e06cdb90e4f6ab6a0930035cb0d085bb8333418923e24d6
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
3975966229b1c0ceebf499c9785110a8142f42b5bddb0122e3eca5666707ae45
3c53a2f3b2fb1faf91e5f2c476e0a9ec89ed38dc8666a469923b09b9721173e8
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3f95deb0fb3f290cd173a75a6b1b39beb065821dd009451ac2cd847f638dffd6
4bac9ca237a07749753794ef60caf480abe51e005567afcbe52a1d13ffded0a4
4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923
50fa7a5ba737bb599d788942e453b99b7af8869a26c3ee376d8c50de856b3569
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
583fbe9711a1e0ffbb1caf14223321fbb34b815046f2711dae92cb5876b4b796
5a48114c3cbaa77fab95d9ce5e3e5ab0dbd1cc9e4caf700106dc4aa9beb904bb
5f5cc14425f252a51538edf4a3e8eb842fc5f640a90e0e3a2b9856007aff50ef
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
620877d80966782d88b31255132304930531edd5d3792854f8dfc4816416dbf6
65022d5f76d6e8ca21971c6b00bd7af6533c705aedfbae57a94d44a9f4839e3c
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6e7fd00bb8f6435869d107279bcd070878340a8f7174d23534bdb297f7ce882b
78286f56a00e19213f7d7db5a444bc0d22dfec315d24e1273a52194acaae1937
790da5dc041821dfd1fb91c8f9ee35ec11293c1cf533e7c7f8c46024755ffe76
7c7baeb5a063fed10e7496d21d6012ad5cc054299f5bb781a0f5156620a70842
7d59162941ab2c89197f8db7a428e791b24517825fe8b9de25c11a7699d2ea4e
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
806c8fa947d40a1705d499ad8a38f5b1e47eb0d068d177d6094187daae94cf02
820bdcfa153a20cef8f8bf6b09f175ba9f3696d9eaf1390a2434c581ea12e819
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
891c508988e595c4bfe45b60eb810a3656d7270e27618a3fa5494eed3ac9406d
8c5b28b6a34e7a768e0658ce1230677d79a109c9578c62c98c5961020c77f119
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
8fbdb6a9a29815bccfd7694ee15e05557ff43a917a3835cfb36428d1ff64d9f6
906fb7b92424006a950354b306a845cad76b8ca9165266ff2f12e5aba812b5b6
90c5668f3b7037a319a593efc966d8818a8820e04b158731b9add77bb2b53605
94aea0bf6407c556d6403f2390af417fed122850cd2382a966b0bff02b839150
99dd208d147ec93cdc72ad266a77f2eea8cf8dae49f37217ab8f230adb36d200
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
9f7c2fef43ad7edc97dc7dad098b57f8139114d84bf4fbc01d2447f4b2015a55
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7f660360f986830418098d593c35845d576cf1d16de89151f8c77266ee3164f
a8ee56c4e4dae37fc515d630419aa24a4eb77c44142a50a921b6043ee2108ec6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4f71cab8d03e87c5191d6a613fe10cfe910c90dc8ae5fdf4842b04f3fcfdd8b
bb6e08a8dc465aad8a234c6dfccd200a3dea506db71950bf63314cbcda13dc3d
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bf215fa808b1327d6ef7c4677a94e622b53aee0335199936430f2942fc86fee9
c07f3eb19f917fb03158e7bc1a3600b23eac667ade22de87ff899d699c7cd82f
c609515abbf7b754b26ca2f25751186159da54269e7bbbda89db6355652dbb07
c86d9c3443dd46c2665dc9cf13e336e8c451bd11f9bdf46dd3850729d01b388c
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cc33a9d2d9c8b7c4454e3745ac0eb567aa96809dc0db52cedb62836b4cb6d713
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d9c2d3d15c40d77b0e466603aff3b13540e6fec4cb9d106b98a12db93f16f366
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e158ca7240060de51fe9ffc1f9d5c3b474c451b75a3ce1c1a5015d552eef2664
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d48e0c8be44a676569ea4d345ee8d4d59730af5a021545ac09d3b0496d3f56
e9874b27f711d935a8df5e253c9445ed901ea01df5116b5d0dc7a9fd51b2ebe2
eac8f3e4fd537fe771fa2b3b07e7680b928a928154dd6f74644d46a0b60434d2
eca5a3f7bc3e8f14b0fc9f0660aa55984d880333375404b9c2ff200c97990d54
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a7c99a269bc09772a3aea64343e714ee4b8db6c7a5c9494e7b1aa2d115d64e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f70428f4fbf084f41fc0072c0b3e5faedfbfc6cb339f5745717aa1707c40945e
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f8a5a772a8e31b35307e413d233ee42ab986414c9ab31ee640c6bbdd3e2d7e23
fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1
fef0eb8aa6f7f63aa8e4ffc667697aa44e8de99d5b956b4ba668b3719543495d

dl.twrp.me Open in urlscan Pro 147.135.38.227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

127 Requests

99 %HTTPS

54 %IPv6

15 Domains

26 Subdomains

25 IPs

7 Countries

2166 kBTransfer

3352 kBSize

6 Cookies

8 Outgoing links

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

dl.twrp.me Open in urlscan Pro
147.135.38.227 Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

99 %
HTTPS

54 %
IPv6

15
Domains

26
Subdomains

25
IPs

7
Countries

2166 kB
Transfer

3352 kB
Size

6
Cookies

127 HTTP transactions
3 data transactions