ultrasurfing.com Open in urlscan Pro
2606:4700:e2::ac40:8103 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ultrasurfing.com/
Submission: On January 16 via manual (January 16th 2024, 10:50:42 pm UTC) from MX — Scanned from DE

Summary HTTP 521 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 81 IPs in 10 countries across 44 domains to perform 521 HTTP transactions. The main IP is 2606:4700:e2::ac40:8103, located in United States and belongs to CLOUDFLARENET, US. The main domain is ultrasurfing.com. The Cisco Umbrella rank of the primary domain is 400964.

This is the only time ultrasurfing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	2606:4700:e2:... 2606:4700:e2::ac40:8103	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	152.199.21.70 152.199.21.70	15133 (EDGECAST) (EDGECAST)
6	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
3	2600:1901:0:8... 2600:1901:0:8a8e::	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1 5	108.138.37.209 108.138.37.209	16509 (AMAZON-02) (AMAZON-02)
16	23.97.225.52 23.97.225.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2	108.138.36.78 108.138.36.78	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:9000:223... 2600:9000:223c:2800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:d000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
2	108.138.36.27 108.138.36.27	16509 (AMAZON-02) (AMAZON-02)
3	23.67.137.210 23.67.137.210	16625 (AKAMAI-AS) (AKAMAI-AS)
2	54.76.97.196 54.76.97.196	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1460	41041 (VCLK-EU-SE) (VCLK-EU-SE)
7	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
74	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
3	18.173.159.32 18.173.159.32	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
9	2600:1f18:24e... 2600:1f18:24e6:b902:1c91:2b33:bb06:776e	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
23	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
50	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
7	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
29	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2 4	54.73.100.143 54.73.100.143	16509 (AMAZON-02) (AMAZON-02)
2	54.74.69.97 54.74.69.97	16509 (AMAZON-02) (AMAZON-02)
3	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 12	142.250.181.230 142.250.181.230	15169 (GOOGLE) (GOOGLE)
12 16	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
6 14	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7 12	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	37.157.5.132 37.157.5.132	198622 (ADFORM) (ADFORM)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
6	2600:9000:20a... 2600:9000:20ab:7800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
3	2a05:d018:d29... 2a05:d018:d29:3605:da2e:7cf5:bf7c:fec	16509 (AMAZON-02) (AMAZON-02)
3	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
2	104.119.110.47 104.119.110.47	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.230.112.10 54.230.112.10	16509 (AMAZON-02) (AMAZON-02)
1	37.157.2.249 37.157.2.249	198622 (ADFORM) (ADFORM)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
9	2600:1f18:1ac... 2600:1f18:1aca:4280:bc94:ac10:ec71:5975	14618 (AMAZON-AES) (AMAZON-AES)
2	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff18	201011 (CORE-BACK...) (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK)
2	130.211.44.5 130.211.44.5	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	52.19.77.216 52.19.77.216	16509 (AMAZON-02) (AMAZON-02)
3	212.36.83.245 212.36.83.245	15699 (AS_ADAM A...) (AS_ADAM Adam Datacenter)
1	2a04:4e42:600... 2a04:4e42:600::300	54113 (FASTLY) (FASTLY)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
4	2a00:1450:400... 2a00:1450:4007:80d::2003	15169 (GOOGLE) (GOOGLE)
1	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
1 3	23.197.128.137 23.197.128.137	16625 (AKAMAI-AS) (AKAMAI-AS)
3	95.101.148.38 95.101.148.38	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.250.108.164 34.250.108.164	16509 (AMAZON-02) (AMAZON-02)
3	130.211.115.4 130.211.115.4	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	52.57.12.140 52.57.12.140	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
1 1	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
1	18.158.157.189 18.158.157.189	16509 (AMAZON-02) (AMAZON-02)
2	34.117.132.248 34.117.132.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.149.70.130 34.149.70.130	() ()
521	81

15 2606:4700:e2::ac40:8103 (United States)

ASN13335 (CLOUDFLARENET, US)

ultrasurfing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 152.199.21.70 (United States)

ASN15133 (EDGECAST, US)

cdn.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
delivery.adrecover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:8a8e:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

http-intake.logs.us5.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.37.209 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-37-209.muc50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.97.225.52 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e3.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-78.muc50.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:2800:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:d000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-27.muc50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.67.137.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-67-137-210.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.97.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-97-196.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)

proc.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

74 151.101.193.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
videos.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.159.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-159-32.muc50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f18:24e6:b902:1c91:2b33:bb06:776e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

video.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstatb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.73.100.143 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-100-143.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.74.69.97 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-69-97.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.14.248.91 (Neukirchen-Vluyn, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.181.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.98 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.18.36.155 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.252.172.123 (Frankfurt am Main, Germany) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.132 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:20ab:7800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3605:da2e:7cf5:bf7c:fec (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.119.110.47 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-119-110-47.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.112.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-112-10.mrs52.r.cloudfront.net

boadedshedisite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4a0:1338:28::c38a:ff18 (Germany)

ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.44.5 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-ew1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.77.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-77-216.eu-west-1.compute.amazonaws.com

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 212.36.83.245 (Sant Vicenç dels Horts, Spain)

ASN15699 (AS_ADAM Adam Datacenter, ES)
PTR: lb1.vdmy.dtic.es

d.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a-prebid.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4007:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.197.128.137 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-128-137.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.101.148.38 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-38.deploy.static.akamaitechnologies.com

secure.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.108.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-108-164.eu-west-1.compute.amazonaws.com

d9.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.115.4 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 4.115.211.130.bc.googleusercontent.com

data.ad-score.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.57.12.140 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-12-140.eu-central-1.compute.amazonaws.com

ad-events.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.5.133 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.157.189 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-157-189.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.132.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.132.117.34.bc.googleusercontent.com

tempnextstat.bcovery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.70.130 (None, )

ASN- ()

tempstat.bcovery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
120	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1024 trc.taboola.com — Cisco Umbrella Rank: 646 vidstat.taboola.com — Cisco Umbrella Rank: 3158 am-trc-events.taboola.com — Cisco Umbrella Rank: 14648 trc-events.taboola.com — Cisco Umbrella Rank: 2085 images.taboola.com — Cisco Umbrella Rank: 1693 videos.taboola.com — Cisco Umbrella Rank: 5450 imprammp.taboola.com — Cisco Umbrella Rank: 15384 am-match.taboola.com — Cisco Umbrella Rank: 15903 wf.taboola.com — Cisco Umbrella Rank: 2974 am-vid-events.taboola.com — Cisco Umbrella Rank: 15154 vidstatb.taboola.com — Cisco Umbrella Rank: 4631 pips.taboola.com — Cisco Umbrella Rank: 1652 cds.taboola.com — Cisco Umbrella Rank: 1817 am-wf.taboola.com — Cisco Umbrella Rank: 16930	3 MB
88	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157 ade.googlesyndication.com — Cisco Umbrella Rank: 356	634 KB
53	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 ad.doubleclick.net — Cisco Umbrella Rank: 163 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594 bid.g.doubleclick.net — Cisco Umbrella Rank: 917	374 KB
45	adpushup.com cdn.adpushup.com — Cisco Umbrella Rank: 18924 e3.adpushup.com — Cisco Umbrella Rank: 22147 video.adpushup.com — Cisco Umbrella Rank: 82521	4 MB
39	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	883 KB
19	adsafeprotected.com 2 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 851 static.adsafeprotected.com — Cisco Umbrella Rank: 721 dt.adsafeprotected.com — Cisco Umbrella Rank: 719	211 KB
16	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143 region1.analytics.google.com — Cisco Umbrella Rank: 2616 www.google.com — Cisco Umbrella Rank: 2	69 KB
15	ultrasurfing.com ultrasurfing.com — Cisco Umbrella Rank: 400964	83 KB
14	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	9 KB
12	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	11 KB
12	datadoghq.com http-intake.logs.us5.datadoghq.com — Cisco Umbrella Rank: 19693 http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 9397	326 B
10	flashtalking.com 1 redirects servedby.flashtalking.com — Cisco Umbrella Rank: 954 secure.flashtalking.com — Cisco Umbrella Rank: 2387 cdn.flashtalking.com — Cisco Umbrella Rank: 1296 d9.flashtalking.com — Cisco Umbrella Rank: 1742 ad-events.flashtalking.com — Cisco Umbrella Rank: 1404	44 MB
10	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 314 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 591 aax.amazon-adsystem.com — Cisco Umbrella Rank: 395	82 KB
6	yahoo.com pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 495 ups.analytics.yahoo.com — Cisco Umbrella Rank: 358	1 KB
6	gstatic.com fonts.gstatic.com csi.gstatic.com	32 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	291 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	467 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 410	104 KB
4	bcovery.com tempnextstat.bcovery.com — Cisco Umbrella Rank: 192736 tempstat.bcovery.com	148 B
4	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 604 rtb0.doubleverify.com — Cisco Umbrella Rank: 944 rtbc-ew1.doubleverify.com — Cisco Umbrella Rank: 18123	22 KB
4	adform.net 1 redirects track.adform.net — Cisco Umbrella Rank: 5048 s1.adform.net — Cisco Umbrella Rank: 9860 cm.adform.net — Cisco Umbrella Rank: 1147	22 KB
4	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 485 fonts.googleapis.com — Cisco Umbrella Rank: 28	372 KB
4	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1005 bcp.crwdcntrl.net — Cisco Umbrella Rank: 898	24 KB
3	ad-score.com data.ad-score.com — Cisco Umbrella Rank: 2906	2 KB
3	vidoomy.com d.vidoomy.com — Cisco Umbrella Rank: 14853 a-prebid.vidoomy.com — Cisco Umbrella Rank: 17774	2 KB
3	rubiconproject.com eus.rubiconproject.com — Cisco Umbrella Rank: 579 token.rubiconproject.com — Cisco Umbrella Rank: 477	12 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	445 B
3	exactag.com m.exactag.com — Cisco Umbrella Rank: 13028	3 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 423	703 B
3	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1157	88 KB
2	demdex.net skydeutschland.demdex.net — Cisco Umbrella Rank: 84818	985 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 75	69 KB
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 1345	1 KB
2	quantserve.com edge.quantserve.com — Cisco Umbrella Rank: 20177 pixel.quantserve.com — Cisco Umbrella Rank: 1007	10 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	60 KB
2	adrecover.com delivery.adrecover.com — Cisco Umbrella Rank: 28888	15 KB
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 373	146 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 722	187 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 1945	452 B
1	boadedshedisite.com boadedshedisite.com — Cisco Umbrella Rank: 100153	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 324	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6518	408 B
1	dotomi.com proc.ad.cpe.dotomi.com — Cisco Umbrella Rank: 2790	463 B
521	44

	Domain	Requested by
54	images.taboola.com
50	pagead2.googlesyndication.com	securepubads.g.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com ultrasurfing.com 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com ad.doubleclick.net
39	s0.2mdn.net	imasdk.googleapis.com ultrasurfing.com s0.2mdn.net ad.doubleclick.net
30	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com ultrasurfing.com 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net ad.doubleclick.net pagead2.googlesyndication.com imasdk.googleapis.com
23	am-trc-events.taboola.com	cdn.taboola.com
23	video.adpushup.com	cdn.adpushup.com
16	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net
16	e3.adpushup.com	ultrasurfing.com
15	cdn.taboola.com	ultrasurfing.com cdn.taboola.com
15	ultrasurfing.com	ultrasurfing.com
14	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
14	fundingchoicesmessages.google.com	cdn.adpushup.com
12	ib.adnxs.com	7 redirects googleads.g.doubleclick.net cdn.adpushup.com
12	ad.doubleclick.net	2 redirects ultrasurfing.com 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com www.googletagservices.com
12	googleads.g.doubleclick.net	36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com pagead2.googlesyndication.com
9	dt.adsafeprotected.com
9	http-intake.logs.datadoghq.com	cdn.adpushup.com
8	trc.taboola.com	cdn.taboola.com
8	securepubads.g.doubleclick.net	1 redirects ultrasurfing.com securepubads.g.doubleclick.net imasdk.googleapis.com
6	static.adsafeprotected.com	pixel.adsafeprotected.com ultrasurfing.com
6	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com
6	www.googletagservices.com	36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com
6	www.googletagmanager.com	ultrasurfing.com cdn.adpushup.com www.googletagmanager.com
6	cdn.adpushup.com	ultrasurfing.com cdn.adpushup.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	c.amazon-adsystem.com	1 redirects ultrasurfing.com c.amazon-adsystem.com
4	csi.gstatic.com	imasdk.googleapis.com
4	pixel.adsafeprotected.com	2 redirects cdn.taboola.com
3	ade.googlesyndication.com	securepubads.g.doubleclick.net
3	ad-events.flashtalking.com
3	data.ad-score.com
3	servedby.flashtalking.com	1 redirects imasdk.googleapis.com
3	googleads4.g.doubleclick.net	ad.doubleclick.net
3	ups.analytics.yahoo.com	imprammp.taboola.com am-match.taboola.com
3	pr-bh.ybp.yahoo.com	imprammp.taboola.com am-match.taboola.com
3	match.adsrvr.org	imprammp.taboola.com am-match.taboola.com
3	m.exactag.com	36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com cdn.taboola.com
3	gum.criteo.com	1 redirects
3	imasdk.googleapis.com	cdn.adpushup.com imasdk.googleapis.com
3	aax.amazon-adsystem.com	c.amazon-adsystem.com
3	secure.cdn.fastclick.net	ultrasurfing.com secure.cdn.fastclick.net
3	region1.google-analytics.com	www.googletagmanager.com
3	www.google-analytics.com	cdn.adpushup.com www.google-analytics.com
3	http-intake.logs.us5.datadoghq.com	cdn.adpushup.com
2	tempstat.bcovery.com	ultrasurfing.com
2	tempnextstat.bcovery.com	ultrasurfing.com
2	a-prebid.vidoomy.com
2	cdn.flashtalking.com
2	cdn.doubleverify.com	s1.adform.net cdn.doubleverify.com
2	eus.rubiconproject.com	am-match.taboola.com eus.rubiconproject.com
2	am-vid-events.taboola.com
2	wf.taboola.com	vidstat.taboola.com
2	am-match.taboola.com	vidstat.taboola.com
2	fonts.gstatic.com	fonts.googleapis.com
2	track.adform.net	36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com s1.adform.net
2	videos.taboola.com
2	skydeutschland.demdex.net	cdn.taboola.com
2	www.youtube.com	cdn.adpushup.com www.youtube.com
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	tags.crwdcntrl.net	ultrasurfing.com
2	rules.quantcount.com	1 redirects ultrasurfing.com
2	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
2	code.jquery.com	delivery.adrecover.com cdn.adpushup.com
2	delivery.adrecover.com	ultrasurfing.com
1	am-wf.taboola.com	vidstat.taboola.com
1	x.bidswitch.net
1	cm.adform.net	1 redirects
1	pixel-sync.sitescout.com
1	d9.flashtalking.com
1	secure.flashtalking.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	cds.taboola.com	cdn.taboola.com
1	pips.taboola.com	cdn.taboola.com
1	d.vidoomy.com	cdn.adpushup.com
1	hb.yellowblue.io	cdn.adpushup.com
1	rtbc-ew1.doubleverify.com	cdn.doubleverify.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	vidstatb.taboola.com
1	s1.adform.net	track.adform.net
1	boadedshedisite.com
1	imprammp.taboola.com	vidstat.taboola.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	trc-events.taboola.com
1	www.google.com	tpc.googlesyndication.com
1	cdn.jsdelivr.net	cdn.adpushup.com
1	www.google.de
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	proc.ad.cpe.dotomi.com	secure.cdn.fastclick.net
1	pixel.quantserve.com	ultrasurfing.com
1	edge.quantserve.com	cdn.adpushup.com
521	93

This site contains links to these domains. Also see Links.

Domain
apps.apple.com
play.google.com
chrome.google.com
ultrasurf.us
popup.taboola.com
xcraft.net
tracking.consumer-experts.com
fragebogen.geers.de
www.fgh-info.de
fragebogen.gutes-hoeren.de
www.aroundhome.de
navy.quest
maximparerurehab.com
www.solaranlagen-magazin.de
www.planetcapture.io
faltenreduzieren.com
www.baseattackforce.com
mypack.de
www.artikel.enpal.de
boadedshedisite.com
das-solar-portal.de
www.zweisam.de
shefence-citional.com
www.claravital.de
www.combatsiege.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.logs.us5.datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-06` - `2024-11-08`	a year	crt.sh
*.adpushup.com GeoTrust TLS RSA CA G1	`2023-08-11` - `2024-07-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2023-10-03` - `2024-10-03`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-06-09` - `2024-07-10`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-22`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.logs.datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2024-03-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
1792641740.rsc.cdn77.org R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-06` - `2024-09-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2024-01-10` - `2024-06-26`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-26` - `2024-06-19`	6 months	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
boadedshedisite.com Amazon RSA 2048 M02	`2023-11-28` - `2024-12-26`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-19` - `2024-05-17`	a year	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-10-06`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
cdn.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-04` - `2024-05-03`	a year	crt.sh
tag.device9.com Go Daddy Secure Certificate Authority - G2	`2023-07-19` - `2024-08-19`	a year	crt.sh
*.ad-score.com Go Daddy Secure Certificate Authority - G2	`2023-09-02` - `2024-10-03`	a year	crt.sh
ad-events.flashtalking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-17` - `2024-09-03`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
tempnextstat.bcovery.com GTS CA 1D4	`2023-11-25` - `2024-02-23`	3 months	crt.sh
tempstat.bcovery.com GTS CA 1D4	`2024-01-05` - `2024-04-04`	3 months	crt.sh

This page contains 35 frames:

Primary Page: http://ultrasurfing.com/
Frame ID: B19DB9781EB45CFD6F7E68EAB152DB00
Requests: 295 HTTP requests in this frame

Frame: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7E226D4F567AE7C6C6735CD448BC8B30
Requests: 1 HTTP requests in this frame

Frame: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html
Frame ID: B92290FA91FB053CC5CDF7707D7FD2C5
Requests: 33 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5AC474862FEE35AE12CD993D9CE0E87B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3A1EB29638F19231A5A7581D6C2EBF00
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F42920EA163A8906F62C7F5076A40069
Requests: 2 HTTP requests in this frame

Frame: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C9CCB220E1A4B592E9624422DC74B765
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhifhcCDAjAB&v=APEucNWNuK-btyQFLIC9mG66mgmWmWyWhwrP5ksg4RMDd2uwt1BHQat_dYJ19M7hfjL3uMfL_pNrOtwWweZbtMIg555V9KrzdGbxFiYl6vO5ESdI37HC2viuD16f7Vn2Zp-OKpZFqA0AzIfKX0SrDsUcWG01h_Vp9bVQ4ilAPiP3J9NYOhfOZ0aUrsayLuYtDkcCGa9MYioXmmf2-jmJNwGu4fyAW63Hvw
Frame ID: 07B0C443E02B3093688C3C6950C1626F
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B8E275BAF830CBA6E7932AB16443B40D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
Frame ID: 9CAA470E03B1A2B29FE90A8A6065286E
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs
Frame ID: BB44A32127A94C5E8B38BD48BF3B0815
Requests: 15 HTTP requests in this frame

Frame: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A70BDE96B3C8F411D7B9B5AE4E0551AE
Requests: 25 HTTP requests in this frame

Frame: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 24E1A3CC89D8E82F9DBAD600DA7AAF9D
Requests: 13 HTTP requests in this frame

Frame: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 56BA20AADE8FA738C7E1482BD42517B3
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQx7C0wQQYg8qA-gEwAQ&v=APEucNX_eYIb1dSblb1KsrTmLamGJxjzYShLa8Pj2dX6k7-zKJmBKMNrVsag0h59hCR_jEKWl_i_eqbVzDMh8IkW_lK_LKRK1htYrBGzOMnamr-aOx8K9Qp0Nk6VhiJpX257teUK7MpGR19NNNoABzdpd-8AdMhmMWK7YbsLhQSBVGFZ8kryjzMpOLAxQN5v6w8huJv5XfyCtffvhMKqqnz_QcHpe81F3A
Frame ID: F7F5D734F91219836F79D1CAD8FCEC20
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNVeQ1eNlBtIBGJ_5uOPmMuiuG3GcJmgX8Q-3-fU7sqh8R1g5f1LfRpE7WhzMe-Tene7qnE9JRDTgqy1AwfVEk0SF7RcBZiEKOpuHoy0eXyTjhTQY3URae1yvoEbpkhq3qdzTapECXUekBWH7u9UbLarXK66JEVYdx_9jbV4gJnRy_xDxjL9fEFgFQgPkLjRU545VUhgnu0ItHoC4acP5kyLCuZBIQ
Frame ID: C404A2CCE1D1D8E91781FA80C9E31BE8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNXlZCvKGzfpMClWH7hDw73H7xSGnEBAWO1QBL0eSvrq7iaMjhIyBCGq2vicS8SflI1QzGdBXEpAG1rWfueHLwRGPebmxzQhGthsUOSVoCM8I50kNuDvwSgAJrV4TNWdwYrSKawrdJivjQsU13V6J2jWB63bwlLl7LomoOB_Y5l3NjZRIhyXoUZkHnufuEqVV3M87dISNuwRyOKsHizA_x_UIrhSPg
Frame ID: 4079DBB91AD0E8D58922FB53084CB7FB
Requests: 5 HTTP requests in this frame

Frame: http://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=undefined&cb=1705445433995&uv=3373&tms=1705445433995&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=9540d181-8f83-43b9-bdea-6ba8cc66cf2d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: CBB4514E7590B6D935C1C50B1D39EE73
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: CE1C45BC6FA66AD87A3AD3EA03180F77
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CB60360B4760FF8D20EAE9D924CDBDCC
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
Frame ID: 4BB86F49688BD60E0292FF4FFF51B718
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6CAC7BE3AA3D79BE2FB3D26D94AAEACA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
Frame ID: F8967849740B226BBD48DFE0CB1513D0
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Frame ID: 1CA5783017094170EC648FF8587FADB9
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: C52886B61DE3B87E267E6EAAEE10324E
Requests: 1 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: ECE6ECF5C5AF7985BAC7147E0165A322
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6B0E63C113C20FFA9647A3DEDFF06699
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 405180193459E7B3FAC15D6FECF2A773
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Frame ID: 1356EE3376D7E600CDE41610B5772E9A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Frame ID: B5CA18C2AE8202515EC61A5BAF59E32E
Requests: 1 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=99.292;dc_eid=40004001;sz=160x600;u_sd=1;dc_adk=2913917845;ord=n1qejf;dc_rfl=1,http%3A%2F%2Fultrasurfing.com%2F$0;xdt=1;crlt=0Fbk)6AZAO;stc=1;sttr=30;prcl=s
Frame ID: E4DF98FF30AAEA19CD4F909DD8D0A957
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 16375BBCE3877AA2020C94ED819A8A69
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Frame ID: 97C511E6F8199B0050D219D1B62422E8
Requests: 1 HTTP requests in this frame

Frame: http://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 1E4CB9FB6152CD9F4B3E53A1629895C3
Requests: 3 HTTP requests in this frame

Frame: http://cdn.taboola.com/libtrc/ultrasurf-bcovery/loader.js
Frame ID: 058B95C0B2EB941CF8549D4573FC965A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ultrasurfing.com/

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

521
Requests

83 %
HTTPS

46 %
IPv6

44
Domains

93
Subdomains

81
IPs

10
Countries

56899 kB
Transfer

68590 kB
Size

32
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.apple.com/us/app/ultrasurf-vpn/id1563051300
Title: Ultrasurf iOS VPN

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=us.ultrasurf.mobile.ultrasurf
Title: Ultrasurf Android VPN

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/ultrasurf-security-privac/mjnbclmflcpookeapghfhapeffmpodij
Title: Ultrasurf Chrome Extenstion

Search URL Search Domain Scan URL

URL: https://ultrasurf.us/download/usf.exe
Title: Ultrasurf Windows Client

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=ultrasurf-ultrasurf&utm_medium=referral&utm_content=thumbs-feed-01-a-delta:Below%20Article%20Thumbnails%20|%20Card%201:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://xcraft.net/registration/
Title: XCraft

Search URL Search Domain Scan URL

URL: https://tracking.consumer-experts.com/cf/r/6554f1200254ae00127335b2
Title: Avira

Search URL Search Domain Scan URL

URL: https://fragebogen.geers.de/hoergeraete-testen-mvp-loc/
Title: GEERS

Search URL Search Domain Scan URL

URL: https://www.fgh-info.de/hoertest
Title: Fördergemeinschaft Gutes Hören

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=ultrasurf-ultrasurf&utm_medium=referral&utm_content=thumbs-feed-01-delta:Below%20Article%20Thumbnails%20|%20Card%203:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://fragebogen.gutes-hoeren.de/hoergeraete-testen-mvp-gh-loc/
Title: Gutes Hören

Search URL Search Domain Scan URL

URL: https://www.aroundhome.de/treppenlift/formular/
Title: Treppenlift-Vergleich

Search URL Search Domain Scan URL

URL: https://navy.quest/
Title: NAVY.QUEST

Search URL Search Domain Scan URL

URL: https://maximparerurehab.com/f04b78f6-a4d4-4532-8454-2337b084513b
Title: Solar-Vergleich

Search URL Search Domain Scan URL

URL: https://www.aroundhome.de/garage/formular/
Title: Garagen Preisvergleich

Search URL Search Domain Scan URL

URL: https://www.solaranlagen-magazin.de/artikel/photovoltaik-2023-deshalb-ist-dieses-solarunternehmen-so-beliebt
Title: Solaranlagen Magazin

Search URL Search Domain Scan URL

URL: https://www.planetcapture.io/
Title: PlanetCapture

Search URL Search Domain Scan URL

URL: https://faltenreduzieren.com/paa-adv-tb/
Title: Provilea

Search URL Search Domain Scan URL

URL: https://www.aroundhome.de/fenster/formular/
Title: Fenster Angebote

Search URL Search Domain Scan URL

URL: https://www.baseattackforce.com/
Title: BaseAttackForce

Search URL Search Domain Scan URL

URL: https://mypack.de/
Title: MMOCASh GmbH

Search URL Search Domain Scan URL

URL: https://www.artikel.enpal.de/artikel/photovoltaik-forderung-2024-das-andert-sich-jetzt-fur-hausbesitzer
Title: Enpal

Search URL Search Domain Scan URL

URL: https://boadedshedisite.com/071ab26f-7129-4e9b-ad2d-e18a9143f72d
Title: Verlassene Häuser | Gesponserte Links

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=ultrasurf-ultrasurf&utm_medium=referral&utm_content=rec-reel-sc2-delta:Below%20Article%20Thumbnails%20|%20Card%2013:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://www.aroundhome.de/dachfenster/formular/
Title: Dachfenster Angebote

Search URL Search Domain Scan URL

URL: https://das-solar-portal.de/solarfoerderung-2024-tab/
Title: das-solar-portal

Search URL Search Domain Scan URL

URL: https://www.zweisam.de/
Title: Zweisam

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=ultrasurf-ultrasurf&utm_medium=referral&utm_content=thumbnails-1x3:Right%20Rail%20Thumbnails:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://shefence-citional.com/5b5f43a5-0eae-4c74-82ab-647e9729fdfa
Title: Tagebuch Gewichtsverlust

Search URL Search Domain Scan URL

URL: https://www.claravital.de/clara-pflegebox
Title: ClaraVital

Search URL Search Domain Scan URL

URL: https://www.combatsiege.com/
Title: CombatSiege

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=ultrasurf-ultrasurf&utm_medium=referral&utm_content=blend-next-up-a:Next%20Up:
Title: Sponsored

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

http://securepubads.g.doubleclick.net/tag/js/gpt.js HTTP 302
https://securepubads.g.doubleclick.net/tag/js/gpt.js

Request Chain 28

http://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
https://c.amazon-adsystem.com/aax2/apstag.js

Request Chain 45

http://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js HTTP 301
https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js

Request Chain 92

http://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS HTTP 302
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Request Chain 173

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CMecjar_4oMDFTTMEQgdU4YEEg;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1&C=1

Request Chain 193

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOedsHZOt2i5gls2RxAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 194

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJwp7WGfKz86vOqKpr2sr1Q%26google_cver%3D1

Request Chain 195

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ2OTM0Mzk1MTI0NDQ4ODI1Mw%3D%3D

Request Chain 261

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 262

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 263

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Request Chain 264

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Request Chain 282

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 283

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 284

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Request Chain 285

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Request Chain 287

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 288

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

Request Chain 289

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Request Chain 290

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Request Chain 356

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CIq-sqr_4oMDFQChgwcdp10P-A;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com

Request Chain 360

https://pixel.adsafeprotected.com/rfw/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433612-pl1-0&adsafe_url=http%3A%2F%2Fultrasurfing.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:56cf2adf-2e46-1bb3-e917-944482a1fcad,c:1vw2fj,sl:outOfView,em:false,fr:true,thd:1,mn:jsserver-primary-7b546d5668-rxqzh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:325.1082.299.248,am:sp,cc:313.1082.622.0,piv:48,obst:0,th:0,reas:l,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:360,mot:0,app:0,maw:0,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1d1%7C1d2%7C1d3%7C1e1%7C1e2%7C1e3%7C1f%7C1g1%7C1h,idMap:1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:VIDEO.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,tt:rjss,et:376,oid:a834bc2a-b4c1-11ee-9127-cabbe488e5a8,v:19.8.473,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433612-pl1-0

Request Chain 397

https://pixel.adsafeprotected.com/rfw/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433723-0&adsafe_url=http%3A%2F%2Fultrasurfing.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77,c:1vw2iD,sl:inView,em:false,fr:true,thd:1,mn:jsserver-primary-7b546d5668-f6fcz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:56,mot:0,app:0,maw:0,fm:u1zleXP+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:SPAN.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,tt:rjss,et:62,oid:a88091e8-b4c1-11ee-aad4-ce8da81403e8,v:19.8.473,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433723-0

Request Chain 487

https://servedby.flashtalking.com/imp/1/224477;7878462;201;gifimpid;DV360;DV360FY24StockBEHInMarketstreamingDEDSKVID1920x1080/?ft_impID=0F2AAA18-2924-0392-5E9B-2C2327944A7C&ft_custom=&ft_c1=&ft_c2=&ft_c3=&ft_id=&ft_mcid=&ft_mliid=&ft_partnerimpid=&ft_partnerid=&ft_section=&gdpr=FT_GDPR&gdpr_consent=&gdpr_pd=FT_GDPR_PD&us_privacy=!!US_PRIVACY!&ft_creative=4438446&ft_configuration=0&cachebuster=1568693309 HTTP 302
https://cdn.flashtalking.com/xre/787/7878462/4438446/image/4438446.gif

Request Chain 510

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=&uid=8989862715861995851

Request Chain 512

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=1039231244461623907

Request Chain 518

http://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS HTTP 307
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

521 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ultrasurfing.com/ 12 KB
4 KB 350ms
315ms Document
text/html 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 350a187040720b4ab9d137273560bd4e29ac415e6c7df7e867555529c38f4ca8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8469eaf749cc18e0-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Jan 2024 22:50:31 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLboqUUR3haPUYeFCUFcOipaBrFob00j49uejK7QHSD%2FwMGh0g29W67U0DajgnoRkrlDqirB8ITTkA04wuB3d0QjUlg5uStDx2zumYB%2FQP69wZEDvLZaYWC9F5hBPUqQ24vRGwyAFb4i1usvnnch"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK reset.css
ultrasurfing.com/css/ 773 B
1 KB 28ms
28ms Stylesheet
text/css 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://ultrasurfing.com/css/reset.css
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 5120
Cf-Polished: origSize=1050
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Cf-Bgj: minify
Last-Modified: Thu, 29 Oct 2020 06:32:21 GMT
Server: cloudflare
ETag: W/"5f9a61f5-41a"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IuuyGCiCnUZ6BY8YCAhwyW%2BV2cjIvR3Xt3iUkUiLALioWryuYpKoKUY5hu3OmEL4Pp%2Bz8ZbY0fnZa0JXMR1luWtMp5qoAJ%2Fyw6YiQ506hhA%2FnRMcnJJ3bIMSkZijGJeKy5ah0Bedx2txiBodMjRt"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
CF-RAY: 8469eaf94b0c18e0-FRA

GET
H/1.1 200
OK style1.css
ultrasurfing.com/css/ 11 KB
4 KB 335ms
312ms Stylesheet
text/css 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://ultrasurfing.com/css/style1.css
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b09ba6e0f2ea66dc1597d8154b0f46f3f8c3ee4f6b2eb1e584d6957908df1ad4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Cf-Polished: origSize=19154
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Cf-Bgj: minify
Last-Modified: Sat, 08 Apr 2023 04:57:00 GMT
Server: cloudflare
ETag: W/"6430f41c-4ad2"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSB%2BAwPrByLQcWB57MRDHQoAxxSyhWQ3%2B3PX9Qh%2BfZskN1LuqWXYb6fMlD%2FYJ%2Fj4pa2x%2BanjL555QRiqBIM0tled1%2FweAQAMh%2F1e7x0PyM0FczMrdFigVK60%2FyU7R%2BO1OUrbw3Y31qPGLo%2B9U9wp"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
CF-RAY: 8469eaf96cd6bbb3-FRA

GET
H/1.1 200
OK 7ad73c5e_photo0_190.jpg
ultrasurfing.com/images/ 8 KB
9 KB 55ms
26ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/7ad73c5e_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8d1bab343171df11d991cf095665ff115609383d2fd48bd028f2472972cdd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 36900
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 8037
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 12:33:03 GMT
Server: cloudflare
ETag: "65a6777f-1f65"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MFz33LdDQEhRQd%2B5firLkoizitucJZL4pE2E3EmOwpFt0GSadEzFctedL3iCaP4lX8gU%2BIZIOP%2F4FGB%2FuL5knsghGtUq5FJXZOODPYtpuTNuj%2F%2BcqCjZvBJ8y0SPNE3BU5zThSNMz%2FCmO7%2BLwjy"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eaf97b2e18e0-FRA
Expires: Wed, 15 Jan 2025 12:35:32 GMT

GET
H/1.1 200
OK 246f0fed_photo0_190.jpg
ultrasurfing.com/images/ 4 KB
5 KB 342ms
312ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/246f0fed_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c632140a3fec8fa6713bdfa4b177a3b004946df0c82e66ac6239ba4a0abbf4b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 4554
Last-Modified: Tue, 16 Jan 2024 22:48:09 GMT
Server: cloudflare
ETag: "65a707a9-11ca"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JW6AW%2BfzH%2FiCabIwMAKRg4G0flDzecdy4BbrPGmykiFE7%2BjYnIN2YJBaqnAhyYSyj49KlH1kOBGQfSea%2BvSoDdvHnohREYoq8Eccc0tvveL61f%2FgpZeR49JSVVPM51xnJliczVf3ZFhu4taH%2F4Jj"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eaf979ba0bc2-AMS
Expires: Wed, 15 Jan 2025 22:50:31 GMT

GET
H/1.1 200
OK 64004312_photo0_190.jpg
ultrasurfing.com/images/ 7 KB
7 KB 26ms
26ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/64004312_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 190a5a5fe1727f2d2368050b7ebd4ef27d114b22ae7f65e7d50095d79d6a377c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 11633
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 6656
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 19:36:02 GMT
Server: cloudflare
ETag: "65a6daa2-1a00"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NS5%2FOv7xQ8D9KPNBtXTHFvawz25pnn%2BNmSAKaZzvb1dPxVnxb3aUOMSFH0jwwOBsnuowVD4BzfQ0opWdxhkW8T5sprs8XaDqYKkhjmsQwn15ZXl92QEo%2B%2Bb7vHYBpQKaJKDHpNWCHiwcOOtI7zhF"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eaf99b4318e0-FRA
Expires: Wed, 15 Jan 2025 19:36:39 GMT

GET
H/1.1 200
OK 43f6dba5_photo0_190.jpg
ultrasurfing.com/images/ 5 KB
6 KB 28ms
28ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/43f6dba5_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1ca98de7b01e6d3290b192e891e8b978c35d0220d8da56efbb6c672ab74455d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 7258
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 5446
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 20:48:03 GMT
Server: cloudflare
ETag: "65a6eb83-1546"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkWkmrwYqGi839In3k5j2hDWyuvMEfXgvbv%2F0WH2ClCUQBXqyJUG4aIwtsQ6QcTDJkDyTsIMWyctzJ0Xm%2FFSpngPBzeebD7IQHhvtrysXe0iIThmfJ8SXReTGdktzshIpAtufeLEiCcwL%2Bu9QD13"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eaf9cb6618e0-FRA
Expires: Wed, 15 Jan 2025 20:49:32 GMT

GET
H/1.1 200
OK cb2cedd0_photo0_190.jpg
ultrasurfing.com/images/ 8 KB
9 KB 306ms
305ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/cb2cedd0_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be99d6c83405ea295f49cc0d412e73b9ed95a16381c141b4db2c27a758fa6f82

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 8240
Last-Modified: Tue, 16 Jan 2024 22:48:06 GMT
Server: cloudflare
ETag: "65a707a6-2030"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLt92MQiNSRks68wKjCksin4BTa8KddNZyYMBr9qTwnc51liH3HPisGHOIYWk1jC1fo%2B5%2BJOA8AmzY9EfHMgAhdT3%2BygYB6%2F0oBolUPxO9t7auOG83LKkmbnYYFaO2aXkyao7FxgkMbtG6f6XqrG"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb5e7abbb3-FRA
Expires: Wed, 15 Jan 2025 22:50:31 GMT

GET
H/1.1 200
OK dbae3de1_photo0_190.jpg
ultrasurfing.com/images/ 5 KB
6 KB 26ms
26ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/dbae3de1_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc75858fd013068888958fc55b37ec3abff8b6189adc9276052817a607435c0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1181
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 5132
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 22:30:06 GMT
Server: cloudflare
ETag: "65a7036e-140c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dal6iBYeXI18Vg1TIbSVMcYbyUfdNZC3cJrpry9wgU5b%2BCeCi8mna%2FnibW9tvMrWNNAc8Rhp0OPtt93t16Cw9ZOWrHJ600l3Ri3pwy2s4pb7YTHykTvrsQuirmQMiS4PVQU0LuGR4y3ifcgiSSIj"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb5caa18e0-FRA
Expires: Wed, 15 Jan 2025 22:30:49 GMT

GET
H/1.1 200
OK 6a79c893_photo0_190.jpg
ultrasurfing.com/images/ 8 KB
9 KB 55ms
54ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/6a79c893_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c70a2a33110d3dc9a178226e2280707fbadf70a289bf48de8e8f64710a652a2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1338
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 7936
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 22:27:06 GMT
Server: cloudflare
ETag: "65a702ba-1f00"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fs9jLTm4KgMTcKD%2FYSy4Q8ioIujBaK7zuf1Y%2BgyvWeNYUMArgyAT8Fdf8yEMZ%2FM7nOFDbT0FuT6FL%2FD9H6gC3ZEYZY4Nn1NANuCOEMyEP%2BMRFXMZm273lgTA58wC0Es6jiJ0kIEveNsdO3cDtTl8"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb6b476ec9-CDG
Expires: Wed, 15 Jan 2025 22:28:12 GMT

GET
H/1.1 200
OK rocket-loader.min.js Show response
ultrasurfing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
5 KB 36ms
30ms Script
application/javascript 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://ultrasurfing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

HTTP/1.1

Server

2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 27 Dec 2023 10:36:07 GMT
Server: cloudflare
ETag: W/"658bfe17-302c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KxNMPYUndBh0XpMC8G1Do0AI%2FTXMuXjt6Qoq%2F6x6BC5o%2FBKtw7vQfqGi8tdfUS%2BmbMArCDXyika%2FmTlKJLmMmr8Vd6TITTO8IrumuNSoGjK1a6wiezA3w8HT7RYqQJLZ2qTmq2T%2BOCcat2W6ln%2Bw"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
X-Frame-Options: DENY
Cache-Control: max-age=172800, public
CF-RAY: 8469eafb6c1c0bc2-AMS
Expires: Thu, 18 Jan 2024 22:50:31 GMT

GET
H/1.1 200
OK adpushup.js Show response
cdn.adpushup.com/45157/ 661 KB
216 KB 301ms
231ms Script
application/javascript 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adpushup.com/45157/adpushup.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 01e5a02533746095ddf786ba3f5e16c3ddf881af2845115ce514f1ad07a0f542

Request headers

Referer: http://ultrasurfing.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires: Tue, 16 Jan 2024 23:50:31 GMT
Date: Tue, 16 Jan 2024 22:48:18 GMT
Content-Encoding: gzip
X-AP-Device: DESKTOP
last-modified: Mon, 15 Jan 2024 14:52:19 GMT
Server: nginx/1.18.0
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
X-AP-Geo: DE
x-client-device: desktop
x-client-geo: DE

GET
H/1.1 200
OK adRecover.js Show response
delivery.adrecover.com/45411/ 41 KB
14 KB 274ms
209ms Script
application/javascript 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://delivery.adrecover.com/45411/adRecover.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: a2a7e7bb3d0cfa13363d5160acea45601f1502fdc117e386cbcefd5775996f38

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires: Tue, 16 Jan 2024 23:50:31 GMT
Date: Tue, 16 Jan 2024 22:48:18 GMT
Content-Encoding: gzip
X-AP-Device: DESKTOP
last-modified: Tue, 16 Jan 2024 07:58:33 GMT
Server: nginx/1.18.0
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
X-AP-Geo: DE
x-client-device: desktop
x-client-geo: DE

GET
H/1.1 200
OK 7ad73c5e_photo0_190.jpg
ultrasurfing.com/images/ 8 KB
9 KB 76ms
45ms Image
image/jpeg 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/images/7ad73c5e_photo0_190.jpg
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8d1bab343171df11d991cf095665ff115609383d2fd48bd028f2472972cdd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 20223
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 8037
Cf-Bgj: h2pri
Last-Modified: Tue, 16 Jan 2024 17:12:03 GMT
Server: cloudflare
ETag: "65a6b8e3-1f65"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5hA%2BztErqFnAYoz7NEZw%2FWwlthg44mO4QIgnxHePosHHL2fCUF9t7a4w2jcBjIe%2FEoEEPy0OFkj%2FkUOkmJuqoIk3RIG3awfBYP2XNWq%2FSS0aNOc2a1ugRIrbAd8eesvBex%2FMmHZpJruX%2BWlnUFr"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb9d890ae0-AMS
Expires: Wed, 15 Jan 2025 17:13:29 GMT

GET
H/1.1 200
OK bg_header.png
ultrasurfing.com/img/ 230 B
1023 B 68ms
37ms Image
image/png 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/img/bg_header.png
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/css/style1.css
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e607d08076b9cdc2c3f973f3a2dd96884fd878c643b8c49212b9e823f590833a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/css/style1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 5852183
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 230
Last-Modified: Thu, 29 Oct 2020 06:32:21 GMT
Server: cloudflare
ETag: "5f9a61f5-e6"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjMV0gm2kPUFyi3lmyGu8DAI%2FwC15pKqnhZolrjpKF1trcJjYw10PWV4cbETw2e%2Bj8r4JSLkwaXJmLe%2FDGk85fps%2FdNYegqWDZPhjc4aYmsTShYWhPyUgSUthta%2BWSYc8eFzvYjeaZyBVJv5d1Ug"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb9c630bc2-AMS
Expires: Sat, 09 Nov 2024 05:14:11 GMT

GET
H/1.1 200
OK logo-new.png
ultrasurfing.com/img/ 7 KB
8 KB 48ms
27ms Image
image/png 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/img/logo-new.png
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/css/style1.css
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0cd3732ca0e287e964e94a3635317a3c6c494906163013a24fb88b316e5270a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/css/style1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 583018
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 7316
Last-Modified: Thu, 29 Oct 2020 06:32:21 GMT
Server: cloudflare
ETag: "5f9a61f5-1c94"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ItUqSnb8uc4rlXSJTdOyL5BzHwzTx4M0ki%2B%2BltNX4FCAOF4sZanZ2Pxwh58%2BZyUMl9srbn4OHSnWvDjT10jM%2BkdnpQLoqkNqJk%2BAjUg%2BFaSV7lFQGx7IkYpVVZXNfskq9b1Vj4BS%2BTU1cuHsaI4n"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb8cbb18e0-FRA
Expires: Thu, 09 Jan 2025 04:53:33 GMT

GET
H/1.1 200
OK bg_nav.png
ultrasurfing.com/img/ 175 B
972 B 57ms
41ms Image
image/png 2606:4700:e2::ac40:8103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ultrasurfing.com/img/bg_nav.png
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/css/style1.css
Protocol: HTTP/1.1
Server: 2606:4700:e2::ac40:8103 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2957b4f8c84f766ac63fc7f0b774f04d8a92f49e7fab7572990170fd6843135

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/css/style1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:31 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 5598658
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 175
Last-Modified: Thu, 29 Oct 2020 06:32:21 GMT
Server: cloudflare
ETag: "5f9a61f5-af"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAXX%2Fu2%2Bnka0NF%2FpYLzeS8yj89lh%2FlBq9mOKHHK%2BFQ%2F1Dq02m8QjBhgqJdpRDYC4xtjPRQFUrevWn9ayRDiSSUexvbQHvXZu8lE8%2BiaeOHvEJ8NwWaeBrQ66H0fJxkssEvUrty3mVYGD84wpUeeq"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
CF-RAY: 8469eafb8b525d6d-FRA
Expires: Tue, 12 Nov 2024 03:39:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 246 KB
85 KB 90ms
38ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y4YW22RJ0K

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ab91220da5046e0f4af885bc1026d79fb2ed9d8d1cfaf0cc42126ebffe1f77a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86551
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 16 Jan 2024 22:50:31 GMT

GET
H2 200 jquery-2.2.2.min.js Show response
code.jquery.com/ 84 KB
30 KB 61ms
20ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.2.min.js
Requested by: Host: delivery.adrecover.com
URL: http://delivery.adrecover.com/45411/adRecover.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:31 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2901211
x-cache: HIT, HIT
content-length: 29880
x-served-by: cache-lga21979-LGA, cache-fra-eddf8230115-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1705445432.897597,VS0,VE0
etag: W/"28feccc0-14e98"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 44, 7251

GET
H/1.1 200
OK block.jpg
delivery.adrecover.com/ 631 B
1 KB 38ms
38ms Image
image/jpeg 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://delivery.adrecover.com/block.jpg?ts=1705445431927
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48F4) /
Resource Hash: 9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Expires: Wed, 15 Jan 2025 22:50:31 GMT
Date: Tue, 16 Jan 2024 22:50:31 GMT
Last-Modified: Wed, 23 Jun 2021 06:37:54 GMT
Server: ECAcc (ama/48F4)
Age: 13175016
Etag: "60d2d6c2-277"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
x-client-device: desktop
Content-Length: 631
x-client-geo: DE

GET
H/1.1 200
OK jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 41ms
20ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js
Protocol: HTTP/1.1
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:32 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 4842815
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 30875
X-Served-By: cache-lga21931-LGA, cache-fra-etou8220022-FRA
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
Server: nginx
X-Timer: S1705445432.251876,VS0,VE0
ETag: W/"28feccc0-15d9d"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Accept-Ranges: bytes
X-Cache-Hits: 4, 545210

POST
H2 202 logs Show response
http-intake.logs.us5.datadoghq.com/api/v2/ 2 B
249 B 229ms
147ms Fetch
application/json 2600:1901:0:8a8e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-api-key=7854699c55cf56127736e336b120a38b&ddsource=nodejs&service=adpushup.js

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:8a8e:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jan 2024 22:50:32 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 pb.45157.1703673059884.js Show response
cdn.adpushup.com/prebid/ 413 KB
121 KB 124ms
32ms Script
application/javascript 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/prebid/pb.45157.1703673059884.js
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48EB) /
Resource Hash: 95e5a319697c15e14cf55990edf01fceb7f6ae792789a7d12c8a3d0d621ddb49

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-client-geo: DE
date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
age: 1495796
x-cache: HIT
x-client-device: desktop
content-length: 123735
last-modified: Wed, 27 Dec 2023 10:29:27 GMT
server: ECAcc (ama/48EB)
etag: W/"658bfc87-6727f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 22:50:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 273 KB
90 KB 41ms
39ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z0TZ7TDHS1

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c2a748bb658865c74db59a1d940681f892e5fd6fc3a246b3be7573bb0596c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92519
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 16 Jan 2024 22:50:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=269851682

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

244ee33d64e9a890d2011b5c7092c98032c2265a152e8a2d510ad7ae0bd7697e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44428
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 22:23:15 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Jan 2024 22:50:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 16 Jan 2024 21:48:12 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3740
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 16 Jan 2024 23:48:12 GMT

GET
H2 200 quantcast.js Show response
cdn.adpushup.com/pbuseridscripts/ 450 B
452 B 105ms
31ms Script
application/javascript 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48CB) /
Resource Hash: 26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-client-geo: DE
date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
age: 13708152
x-cache: HIT
x-client-device: desktop
content-length: 211
last-modified: Mon, 28 Jun 2021 04:15:23 GMT
server: ECAcc (ama/48CB)
etag: W/"60d94cdb-1c2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 22:50:32 GMT

GET
H2 200 urlmapping.json Show response
cdn.adpushup.com/45157/ 1 MB
1 MB 569ms
478ms Fetch
application/json 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/45157/urlmapping.json
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: b9c08786bc5c4fe68b2b618db69f28ee6163b239778cc1dbb93d5a274dd3060e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 22:50:32 GMT
date: Tue, 16 Jan 2024 22:48:19 GMT
last-modified: Tue, 16 Jan 2024 07:10:57 GMT
server: nginx/1.18.0
etag: "65a62c01-1014c7"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-client-device: desktop
content-length: 1053895
x-client-geo: DE

GET
H2

200

gpt.js Show response
securepubads.g.doubleclick.net/tag/js/
Redirect Chain

http://securepubads.g.doubleclick.net/tag/js/gpt.js
https://securepubads.g.doubleclick.net/tag/js/gpt.js

97 KB
29 KB

122ms
72ms

Script
text/javascript

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e60a38ea366e3ad00c1a7e965be634dbba419a3d38895e26845da6ed698d4a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29630
x-xss-protection: 0
server: cafe
etag: 52 / 19738 / m202401100101 / config-hash: 5158892331059391289
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:32 GMT

Redirect headers

Date: Tue, 16 Jan 2024 22:50:32 GMT
X-Content-Type-Options: nosniff
Server: cafe
Vary: Accept-Encoding
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 0
X-XSS-Protection: 0
Expires: Tue, 16 Jan 2024 22:50:32 GMT

GET
H2

200

apstag.js Show response
c.amazon-adsystem.com/aax2/
Redirect Chain

http://c.amazon-adsystem.com/aax2/apstag.js
https://c.amazon-adsystem.com/aax2/apstag.js

282 KB
70 KB

84ms
31ms

Script
application/javascript

108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d3c300c1cd89393c7f945c06656981e3ac1c034f59996affcd1062a3092f40c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:13:43 GMT
content-encoding: gzip
via: 1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront), 1.1 3fbcd51d3039c17ef404823aaeb1f66c.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 22:20:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, MUC50-P2
age: 2210
x-amz-server-side-encryption: AES256
etag: W/"d6937d02acbbf691a008906e9d0617e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: lr372Abw6GwKpmtFjMoWbfSk6-E3V-sY-c5WJjZ9hfDx9a3NrlgHHQ==

Redirect headers

Date: Tue, 16 Jan 2024 22:50:32 GMT
Via: 1.1 774fae779f194800b967be38df6bd8d2.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: MUC50-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://c.amazon-adsystem.com/aax2/apstag.js
Connection: keep-alive
Content-Length: 167
X-Amz-Cf-Id: j3JpjqQbugCo-h5t2z5QrxLIgK3F5M3hjyTHgoSY8OhMwlSgYmTvBA==

GET
H2 200 testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 70 B
321 B 172ms
43ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzIyOTAsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjo0LCJlcnJvckNvZGUiOjAsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6bnVsbCwiY291bnRyeSI6IkRFIn0%3D&c_b=1411.6999998092651
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H/1.1 200 sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 70 B
530 B 116ms
35ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:32 GMT
Server: nginx/1.18.0 (Ubuntu)
Ap-Cookie-Status: cookies ap_uid and ap_usid not set due to GDPR
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
BLOB 200
OK 73429769-36cb-46c1-a771-bfa29568c830
http://ultrasurfing.com/ 2 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/73429769-36cb-46c1-a771-bfa29568c830
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 645c58677e2bfe285d26f92ad76260b7e17c1099970fb4833dd338230ddb2a64

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length: 1601
Content-Type: application/javascript

GET
H2 200 AGSKWxWGtL7zuZ1y1IcNdDu97XV3A1nSFYlAxzUsMF11iBnZwCEpDsaZDLJvauA2_Cx3VImW-PkAxWSsA1Yld5y1tqA= Show response
fundingchoicesmessages.google.com/f/ 182 KB
61 KB 145ms
97ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWGtL7zuZ1y1IcNdDu97XV3A1nSFYlAxzUsMF11iBnZwCEpDsaZDLJvauA2_Cx3VImW-PkAxWSsA1Yld5y1tqA=

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6bb910d654e55f0965a16c0480e7a8bfd435ced42af50392720ea446f0cff84

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-oLXYD3p3NkdFIFWjiX_OFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-oLXYD3p3NkdFIFWjiX_OFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
90 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z0TZ7TDHS1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=269851682

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c51deff7b41f9341f91db6aff3e6af8cf80fe6eb8c7cd69d7fc65de3929aa54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 16 Jan 2024 22:50:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 79ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z0TZ7TDHS1&gtm=45je41a0v886690812&_p=1705445432291&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1817517829.1705445432&ul=en-us&sr=1600x1200&_s=1&sid=1705445432&sct=1&seg=0&dl=http%3A%2F%2Fultrasurfing.com%2F&dt=ultrasurfing.com%2F&en=script-loaded&_fv=1&_nsi=1&_ss=1&_ee=1&epn.siteid=45157&tfd=1515
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z0TZ7TDHS1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 29ms
28ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=60202500&t=event&ni=1&_s=1&dl=http%3A%2F%2Fultrasurfing.com%2F&ul=en-us&de=UTF-8&dt=ultrasurfing.com%2F&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=user-interaction&ea=script-loaded&el=45157&_u=IADAAEABAAAAACAAI~&jid=1349529980&gjid=688717558&cid=1817517829.1705445432&tid=269851682&_gid=1669368947.1705445432&_r=1&_slc=1&z=426538525

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 23 KB
10 KB 70ms
21ms Script
application/javascript 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Protocol: HTTP/1.1
Server: 2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 45a4c240a17a4d5f925ef0e125b86d882c6ad7549028d9cbf6f4f06fd1dd897d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:32 GMT
Content-Encoding: gzip
Etag: "bvEECQq4Zy6gU9J/qv1O6Q=="
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Expires: Tue, 23 Jan 2024 22:50:32 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 79ms
35ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-U61rOOdzv8gM-3Gvn9NCmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-U61rOOdzv8gM-3Gvn9NCmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 78ms
35ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4DPQZnEDK380cMqXpg7R2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-4DPQZnEDK380cMqXpg7R2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxWo47VFt4_ElECvPrSf0w92YgmaxwSw2gEeDL46s0o5ZTKdxv0j3xxmL54LV4GXKa5gXS23UBmEpIys4_aDkmkX-TXO2L7kdo5QrhCGE-7ijU6r12cD4FUyABPPLr05ifZHnbifxg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 65ms
65ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWo47VFt4_ElECvPrSf0w92YgmaxwSw2gEeDL46s0o5ZTKdxv0j3xxmL54LV4GXKa5gXS23UBmEpIys4_aDkmkX-TXO2L7kdo5QrhCGE-7ijU6r12cD4FUyABPPLr05ifZHnbifxg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NDQ1NDMyLDQ5OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIixudWxsLFtbOCwiTElxYzQxQko1YTAiXSxbOSwiZGUiXSxbMTYsIlsxLDEsMV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0d7a9eca0dc508e03e3850b602097e6d6b5d53841197849a51f45930c0e76e99

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4jO2RaPJWBiefp2m7kCxAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4jO2RaPJWBiefp2m7kCxAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eae76cb616003cb3e918dfd9f58d63cc8e832aa9d11a9eda64b1476af57e746a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 40ms
39ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI1MDEsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoyLCJlcnJvckNvZGUiOjIsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6bnVsbCwiY291bnRyeSI6IkRFIn0%3D&c_b=1622.8000001907349
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 2e7e1587-d92f-46dd-8721-80b53eccb87e Show response
config.aps.amazon-adsystem.com/configs/ 564 B
830 B 100ms
27ms Script
application/javascript 108.138.36.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-78.muc50.r.cloudfront.net
Software: CloudFront /
Resource Hash: d2716d1e5bd1c48702ac5f95a2afc4d0911162f0522d2e93da308bcea5c56643

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 21:59:58 GMT
via: 1.1 0c17d6e113cee388d94028cac715ecd2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-P2
age: 3034
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 564
x-amz-cf-id: N8rDd0yeUPJ4kjfqmAOrQiFvhF_rnqEQO8wG7Nr80DMZF8PeropejQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 2 KB
2 KB 127ms
127ms XHR
application/json 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=http%3A%2F%2Fultrasurfing.com&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: Server /
Resource Hash: 7e7827217a94d1d1020058638a3ebc7d637615bbe0696879d60dd75ca50a07f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
via: 1.1 3fbcd51d3039c17ef404823aaeb1f66c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P2
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 2120
x-amz-cf-id: HRcl40LuyzAWBxRYq_ZXqoOo1Bziklek3jSZA4YqCu1Jp2Do4BBHwg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 83ms
34ms XHR
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 11:28:41 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 0c17d6e113cee388d94028cac715ecd2.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 40912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 8rkss2x5yNmBg8nXE-wpcRtkNC8TPaHSuVQrbOFUaNQEBJ2WrebMIg==

GET
H2

200

rules-p-54Nt-1NAaEEe0.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js

160 B
634 B

65ms
21ms

Script
application/javascript

2600:9000:223c:d000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Server: 2600:9000:223c:d000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: edc30a0e05622f71d52d07a0b7b5e94e654ee06854f893be1954336730eb0db6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:36:35 GMT
via: 1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 838
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 15:29:19 GMT
server: AmazonS3
etag: "05b131079c67d484167fd1b1f6c79577"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: yUsDbkKpOWBB52ZP3_fM8kLyPd183OqZAc723sjF24uEn4DbbwGXPg==

Redirect headers

Date: Tue, 16 Jan 2024 22:50:32 GMT
Via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Connection: keep-alive
Content-Length: 167
X-Amz-Cf-Id: qo0ne9ImUS-8h8n_589UFXDDYC8aTs4R9NVOAefDW3K9bO4BqCSqBA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/ 438 KB
138 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f689a26dae9b3d64d05a61dafe9a94f7e05e9a949dfe2330b879d532b441843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 21:32:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4657
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140824
x-xss-protection: 0
server: cafe
etag: 1760809391848743662
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 15 Jan 2025 21:32:55 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 34ms
34ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cNZuI2kpSYXg61PdLDPPYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-cNZuI2kpSYXg61PdLDPPYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
34ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-24o06iytOkLgKHSWdk8IaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-24o06iytOkLgKHSWdk8IaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=1736154041;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fultrasurfing.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-380410647-1705445432514;pbc=;n...
pixel.quantserve.com/ 35 B
372 B 76ms
23ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1736154041;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fultrasurfing.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-380410647-1705445432514;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=ultrasurfing.com;dst=1;et=1705445432640;tzo=-60;ogl=image.http%3A%2F%2Fultrasurfing%252Ecom%2F%2Fimages%2Fb531e4ef_photo0_610%252Ejpg%2Curl.https%3A%2F%2Fultrasurfing%252Ecom%2F;ses=b2aaabae-e3f5-4331-8d4c-51f9b7f31d47;mdl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 39 KB
12 KB 99ms
28ms Script
text/javascript 108.138.36.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-27.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 02:12:53 GMT
content-encoding: gzip
via: 1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:42 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 74259
x-amz-server-side-encryption: AES256
etag: W/"6e8b1f94eaf615b7d0953ad4e8d8bb85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: ce4bvgAtPx1P0efGRlM6Ywb5J093GUjP6zA4TjJmRCcpA0SqV0xJbA==

GET
H2 200 launcher-stub.min.js Show response
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ 14 KB
5 KB 134ms
37ms Script
application/javascript 23.67.137.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.67.137.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-67-137-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: gzip
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
server: Apache
etag: "38c0-5e92054540ea5-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 5252
expires: Tue, 16 Jan 2024 23:05:32 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
334 B 146ms
45ms XHR
application/json 54.76.97.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.97.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-97-196.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: c4f07d9f433bf67dc3ce09c826a618f2b0405887f448b11afa19bcfab848407a

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
x-server: 10.45.4.183
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 launcher.min.js Show response
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ 49 KB
17 KB 34ms
34ms Script
application/javascript 23.67.137.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.67.137.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-67-137-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: gzip
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
server: Apache
etag: "c4b6-5e920545406d3-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17042
expires: Tue, 16 Jan 2024 23:05:32 GMT

GET
H2 200 launcher Show response
proc.ad.cpe.dotomi.com/cvx/client/direct/ 190 B
463 B 141ms
36ms XHR
application/json 2a02:fa8:8806:12::1460
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:fa8:8806:12::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: 71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
vary: Origin
content-type: application/json
access-control-allow-origin: http://ultrasurfing.com
cache-control: max-age=1800
access-control-allow-credentials: true
content-length: 190
expires: Tue, 16 Jan 2024 23:20:32 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 246 KB
85 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y4YW22RJ0K&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=269851682

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aea54c9c6e29069b5637d457358a4055f0bd9581165d5c501bed15ace94ff9b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86674
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 16 Jan 2024 22:50:32 GMT

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/ultrasurf-ultrasurf/ 318 KB
50 KB 49ms
23ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 115a875f01746c303ef8e91d6da322bb7929b9ca0e57b099d82142845cd962f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: zzJ0NY0.SQ8HbLbL3HwG1__hVP_wd_hW
Content-Encoding: gzip
Via: 1.1 varnish
Date: Tue, 16 Jan 2024 22:50:32 GMT
x-amz-request-id: WECZ1WHC4C27YPMR
Age: 152
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-amz-replication-status: FAILED
Connection: keep-alive
Content-Length: 50395
x-amz-id-2: m6uP+9XNBdKqWMZhbPdi+7vkM+GwSGXDYixXvCPxcf2MLhShZckRb2jmle3oaRIEg+JX6lxiUcU=
X-Served-By: cache-fra-eddf8230061-FRA
Last-Modified: Tue, 16 Jan 2024 11:26:57 GMT
Server: AmazonS3
X-Timer: S1705445433.870761,VS0,VE2
ETag: "774ce6b718f9e449e1d7af711867bb1e"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
abp: 64
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 226 KB
73 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MG7Z28F

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67e9e342551d333f3de4d6ccf1cf43068fc590108b16e9fcf8ed9c2fc8885961

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74739
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 22:23:15 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Jan 2024 22:50:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 29ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z0TZ7TDHS1&gtm=45je41a0v886690812&_p=1705445432291&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1817517829.1705445432&ul=en-us&sr=1600x1200&_eu=Ag&_s=2&sid=1705445432&sct=1&seg=0&dl=http%3A%2F%2Fultrasurfing.com%2F&dt=ultrasurfing.com%2F&en=ap-page-view&_ee=1&epn.siteid=45157&_et=456&tfd=1979
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z0TZ7TDHS1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 apInstreamBundle.js Show response
cdn.adpushup.com/45157/ 1 MB
328 KB 34ms
34ms Script
application/javascript 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/489F) /
Resource Hash: b1172bec47999d4ea9a5b20fa7bd6a5a8183cfc77834cd9c229753a909a6eacb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-client-geo: DE
date: Tue, 16 Jan 2024 22:50:32 GMT
content-encoding: br
age: 359382
x-cache: HIT
x-client-device: desktop
content-length: 335872
x-ap-device: DESKTOP
last-modified: Thu, 11 Jan 2024 14:00:34 GMT
server: ECAcc (ama/489F)
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900
x-ap-geo: DE
accept-ranges: bytes
expires: Tue, 16 Jan 2024 23:05:32 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 23ms
20ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=60202500&t=event&ni=1&_s=2&dl=http%3A%2F%2Fultrasurfing.com%2F&ul=en-us&de=UTF-8&dt=ultrasurfing.com%2F&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=user-interaction&ea=ap-page-view&el=45157&_u=KADAAEABAAAAACAAI~&jid=&gjid=&cid=1817517829.1705445432&tid=269851682&_gid=1669368947.1705445432&z=911474093

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 12:52:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 35853
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 45ms
41ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NTksInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiMjEwMjNhNjUtOGYyZS00NTcwLWI5OTgtZTEwYTZhOTU4Y2Q5Iiwic2VjdGlvbk5hbWUiOiJBUF9UX0RfOTcwWDI1MF8yMTAyMyIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJuZXR3b3JrQWRVbml0SWQiOiJBRFBfNDUxNTdfOTcwWDI1MF8yMTAyM2E2NS04ZjJlLTQ1NzAtYjk5OC1lMTBhNmE5NThjZDkiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XSwiY291bnRyeSI6IkRFIn0%3D&c_b=1980.9000005722046
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 46ms
42ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NjQsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiMWNkZDZmODEtNmU0ZS00YjliLTlkMDYtZjRiNmMyMDY4OTNiIiwic2VjdGlvbk5hbWUiOiJBUF9UX0RfMTYwWDYwMF8xY2RkNiIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJuZXR3b3JrQWRVbml0SWQiOiJBRFBfNDUxNTdfMTYwWDYwMF8xY2RkNmY4MS02ZTRlLTRiOWItOWQwNi1mNGI2YzIwNjg5M2IiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XSwiY291bnRyeSI6IkRFIn0%3D&c_b=1986.1999998092651
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 50ms
47ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NjYsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiNzA4ZmUxMzQtODZiNy00ZDBmLWI4YmQtZjI1ODcxMTk4ZjQ3Iiwic2VjdGlvbk5hbWUiOiJBUF9JbnN0cmVhbV9Vbml0Iiwic3RhdHVzIjoxLCJuZXR3b3JrIjoiY3VzdG9tIiwibmV0d29ya0FkVW5pdElkIjpudWxsLCJzZXJ2aWNlcyI6WzJdLCJhZFVuaXRUeXBlIjoxfV0sImNvdW50cnkiOiJERSJ9&c_b=1987.4000005722046
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 51ms
48ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NjgsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiNDMzYWU5MTgtZTI0MS00Mzg2LWFjOTMtYzhjYjI4ZDlhZjc5Iiwic2VjdGlvbk5hbWUiOiJBUF9UX0RfMzAwWDI1MF80MzNhZSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJuZXR3b3JrQWRVbml0SWQiOiJBRFBfNDUxNTdfMzAwWDI1MF80MzNhZTkxOC1lMjQxLTQzODYtYWM5My1jOGNiMjhkOWFmNzkiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XSwiY291bnRyeSI6IkRFIn0%3D&c_b=1990.1999998092651
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 51ms
49ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NzAsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiNTg5MDlmOGEtMTk0Ny00MDY3LThjZjctNGZkZTk5NzRhOGI2Iiwic2VjdGlvbk5hbWUiOiJBUF9UX0RfMzAwWDYwMF81ODkwOSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJuZXR3b3JrQWRVbml0SWQiOiJBRFBfNDUxNTdfMzAwWDYwMF81ODkwOWY4YS0xOTQ3LTQwNjctOGNmNy00ZmRlOTk3NGE4YjYiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XSwiY291bnRyeSI6IkRFIn0%3D&c_b=1992.4000005722046
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 70 B
320 B 47ms
47ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzI4NTksInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjo1LCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6bnVsbCwiY291bnRyeSI6IkRFIn0%3D&c_b=2009.6000003814697
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 35ms
31ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y4YW22RJ0K&gtm=45je41a0v872416883&_p=1705445432291&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1817517829.1705445432&ul=en-us&sr=1600x1200&_s=1&sid=1705445432&sct=1&seg=0&dl=http%3A%2F%2Fultrasurfing.com%2F&dt=ultrasurfing.com%2F&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2021
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y4YW22RJ0K
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 90ms
29ms Ping
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Y4YW22RJ0K&cid=1817517829.1705445432&gtm=45je41a0v872416883&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y4YW22RJ0K
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 86ms
32ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Y4YW22RJ0K&cid=1817517829.1705445432&gtm=45je41a0v872416883&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=370160891

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.20240116-10-RELEASE.js Show response
cdn.taboola.com/libtrc/ 835 KB
173 KB 62ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 72afec3698db07b794eebd045a464c969c7e4a0fbbd7cacc64ea63a41c2554f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: ahsTRc8v7lZn4KaIkAvcEZ3Y7tqK1kIf
content-encoding: br
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:32 GMT
x-amz-request-id: 81T0MVTP66YYNE8F
age: 15339
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 176756
x-amz-id-2: V0h9yQK69NT8vsKksVVL/FAYtycwZJ9i3j94g1XLKHV2e1AXmntywTIToMbHuqBB0OJd0dKzahQ=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 10:34:55 GMT
server: AmazonS3-br
x-timer: S1705445433.973544,VS0,VE0
etag: "c6f23726d4c9c98b8637964ab9544d5c"
vary: Accept-Encoding
content-type: application/javascript
abp: 99
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 21334

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 177ms
72ms XHR
text/javascript 18.173.159.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fultrasurfing.com%2F&pid=F0dqmEx8I0w5r&cb=0&ws=1600x1200&v=23.1211.1645&t=2000&slots=%5B%7B%22sd%22%3A%22ADP_45157_970x250_00000001-8557c656-f4b6-4aa7-8caa-4db82b14c7e8%22%2C%22s%22%3A%5B%22970x90%22%2C%22970x250%22%2C%22900x90%22%2C%22728x250%22%2C%22728x90%22%2C%22690x90%22%2C%22690x250%22%2C%22675x90%22%2C%22675x250%22%2C%22670x90%22%2C%22670x250%22%2C%22650x90%22%2C%22650x250%22%2C%22650x150%22%2C%22630x90%22%2C%22630x250%22%2C%22602x100%22%2C%22600x90%22%2C%22600x250%22%2C%22580x90%22%2C%22570x90%22%2C%22550x150%22%2C%22468x60%22%2C%22320x50%22%2C%22320x100%22%2C%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F22974135918%22%7D%2C%7B%22sd%22%3A%22ADP_45157_160x600_00000001-3d48c6c1-594c-4790-89d3-ef13c0961d82%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F103512698%2F22973422918%22%7D%2C%7B%22sd%22%3A%22ADP_45157_300x250_00000001-05dac7a0-9df8-43e9-a08a-b27ef5fa3f90%22%2C%22s%22%3A%5B%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F22974135924%22%7D%2C%7B%22sd%22%3A%22ADP_45157_300x600_00000001-2011dfb5-bb7e-4334-98e3-0cdb5535e8ff%22%2C%22s%22%3A%5B%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22300x600%22%2C%22250x250%22%2C%22240x400%22%2C%22200x200%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F103512698%2F22974135927%22%7D%5D&schain=1.0%2C1!adpushup.com%2Cd3a968baed143285b4c1d3a5eb89dcef%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.159.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-159-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 bc8243121fd94c5b2714caac07caccde.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P3
x-amz-rid: 02T3GC0FAH81ZF8CDJ41
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: r6im3fFMkRNGEYQFYtVhKSgCxX8315LStVDZgLI8_YdPQs5WvEFZ8A==

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 70ms
27ms XHR
application/json 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20240116

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.45157.1703673059884.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d279a8f3340240ea270cd06bf0a845a4e83671a924833fb7cdb7f9d115d8860d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 24583
x-jsd-version: 1.0.1937
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230103-FRA, cache-lga21940-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"639-fEVUyCOkUkC6Kps16R0PB+wYg0s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQ6jWRUTgwcowtOZh15%2BQw917729JP%2BjRjL9dHU6hehhNMJ93bB7k3XCaZExD8YK%2FpjXrbR9uDiD0G55loXof9T8svadxdlpizjbGh8EJTywQn2zQ9GfcIL32gsWUGr%2BsJ6lHbhttwRhWr0taIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8469eb042d2403d8-FRA

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 115ms
43ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

012836af0a51bc628cc3eb10b36ac2b6a1dc5c6b118f95c6e5c0a66bb2c14966

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H2 200 apPlayerNewUi.css
cdn.adpushup.com/instream/ 71 KB
15 KB 32ms
30ms Stylesheet
text/css 152.199.21.70
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/instream/apPlayerNewUi.css
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.70 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/48E0) /
Resource Hash: e9e05cd85d3088530453443f83b7258a668d25ca53d5555db0fab38ba6cb154c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-client-geo: DE
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: br
age: 10790641
x-cache: HIT
x-client-device: desktop
content-length: 14724
last-modified: Mon, 19 Jun 2023 10:49:40 GMT
server: ECAcc (ama/48E0)
etag: W/"649032c4-11b84"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 22:50:33 GMT

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
320 B 40ms
40ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMwMDEsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZUlkIjo0NTE1Nywic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJ1cmwiOiJodHRwOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInJlZmVycmVyIjoiIiwicGxhdGZvcm0iOiJERVNLVE9QIiwiaXNHZW5pZWUiOmZhbHNlLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiMTI1MzMxNDItNmE2MC00NmQ1LThhY2EtYzMwN2ZiNWJhODJhIiwic2VjdGlvbk5hbWUiOiJBUF9UX1JfcmVzcG9uc2l2ZVhyZXNwb25zaXZlXzEyNTMzIiwic3RhdHVzIjoxLCJuZXR3b3JrIjoiYWRwVGFncyIsIm5ldHdvcmtBZFVuaXRJZCI6IkFEUF80NTE1N19yZXNwb25zaXZlWHJlc3BvbnNpdmVfMTI1MzMxNDItNmE2MC00NmQ1LThhY2EtYzMwN2ZiNWJhODJhIiwic2VydmljZXMiOlsyLDNdLCJhZFVuaXRUeXBlIjo2fV0sImNvdW50cnkiOiJERSJ9&c_b=2123
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 407ms
140ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 416ms
149ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 375 KB
129 KB 77ms
28ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efaf4ad41f657cd1dc07408a59160cafa496db36c8ed259bff15ab87d80643d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131541
x-xss-protection: 0
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H2 200 coreid.min.js Show response
secure.cdn.fastclick.net/js/cnvr-coreid/latest/ 229 KB
66 KB 34ms
34ms Script
application/javascript 23.67.137.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.67.137.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-67-137-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
last-modified: Mon, 23 Oct 2023 16:23:46 GMT
server: Apache
etag: "394d0-60864a57eaadc-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 67550
expires: Tue, 16 Jan 2024 23:05:33 GMT

GET
H2 200 hls.m3u8 Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/ 780 B
778 B 107ms
21ms XHR
application/vnd.apple.mpegurl 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls.m3u8
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b3409135c873363cb5d0f8ec17e1e32d0b81b8a98acc26388d6323527364c293

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-age-lb: 565885
x-77-cache: HIT
x-accel-date: 1704879548
x-77-nzt: EQwBnJIhiwH3faIIAA
x-accel-expires: @1705916081
x-77-age: 565885
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:12 GMT
server: CDN77-Turbo
etag: W/"6467d240-30c"
x-77-nzt-ray: cf878727ef4785ca3908a76540cd740a
vary: Accept-Encoding, Origin
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: http://ultrasurfing.com
x-robots-tag: : noindex, nofollow

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 74ms
74ms XHR
text/javascript 18.173.159.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fultrasurfing.com%2F&pid=F0dqmEx8I0w5r&cb=1&ws=1600x1200&v=23.1211.1645&t=2000&slots=%5B%7B%22sd%22%3A%22ADP_45157_responsivexresponsive_00000001-16234947-3457-4704-81bc-20b91f9400b8%22%2C%22s%22%3A%5B%22420x315%22%2C%22336x280%22%2C%22320x50%22%2C%22320x100%22%2C%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F23007927310%22%7D%5D&schain=1.0%2C1!adpushup.com%2Cd3a968baed143285b4c1d3a5eb89dcef%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.159.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-159-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 bc8243121fd94c5b2714caac07caccde.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P3
x-amz-rid: HXNS8F2MNCM0RPS4X13C
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: yMIs8AmdInKZ6vqj_wuk62vKqk9LhR5lDQFejZnDsjXnNTo7fVlkRQ==

GET
BLOB 200
OK 8d803099-7e9c-4585-af81-fdafe965e0aa
http://ultrasurfing.com/ 6 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/8d803099-7e9c-4585-af81-fdafe965e0aa
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6df16b9d1f923f1c810f639b4338f7f518909b3e7dd84a82590604b75e3f9933

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length: 5905
Content-Type: application/javascript

GET
BLOB 200
OK c1fad68a-85cb-4307-aa75-2f127c8a5a80
http://ultrasurfing.com/ 79 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/c1fad68a-85cb-4307-aa75-2f127c8a5a80
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 152c3b0628903eeadc360e7077fef2ff7fe31c5c32d5f444b4d883f2721b7fd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length: 80503
Content-Type: application/javascript

GET
BLOB 200
OK 1909ed5d-ec7c-4b21-a9ca-6cf50a9b20f5
http://ultrasurfing.com/ 79 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/1909ed5d-ec7c-4b21-a9ca-6cf50a9b20f5
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 152c3b0628903eeadc360e7077fef2ff7fe31c5c32d5f444b4d883f2721b7fd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Length: 80503
Content-Type: application/javascript

GET
DATA 200
OK truncated
/ 228 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ac67c4c64459f243337fd1acd0f9f5884407755db33357382446eccff49080ef

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993b6c12ec96c3b5ed2b09656c8d6299c508bcbc43449a8540f0104f2473eeea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5910fa2b14f49be0ebad39542c1bf8405b12ceea073230cc788aa770cd673ad6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 975 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cb558b096de43381ea12cbb5835a8ad210205e0e189e65bc4343ec23de06fb6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b28c3181c149b11260684c4f1fab1f5e3c0e287313f09c2c8ca28aa9ae4ab9b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 362 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c61902f54255238f30b59f46a3687e46ccdd93a945b9f106a5f4dfdaccc623cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1017 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da50891ffc42d4c1579660f8495c39f0120342c869a96f7fa265333e131745d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

sync Show response
gum.criteo.com/
Redirect Chain

http://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

46 B
288 B

111ms
36ms

Script
text/javascript

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 236223
expires: 60

Redirect headers

location: https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
cache-control: no-cache
content-length: 0

GET
H2 200 json Show response
trc.taboola.com/ultrasurf-ultrasurf/trc/3/ 66 KB
18 KB 490ms
490ms XHR
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/trc/3/json?tim=23%3A50%3A33.112&lti=deflated&data=%7B%22id%22%3A285%2C%22ii%22%3A%22_homepage_%22%2C%22it%22%3A%22home%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1705404415479%2C%22vi%22%3A1705445433110%2C%22cv%22%3A%2220240116-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fultrasurfing.com%2F%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22http%3A%2F%2Fultrasurfing.com%2F%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A1735%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-h2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A1636.90625%2C%22mw%22%3A610%7D%2C%7B%22li%22%3A%22rbox-h2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-1x3%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1220%2C%22mw%22%3A300%7D%5D%2C%22cacheKey%22%3A%22home%3D_homepage_%2CBelow%20Article%20Thumbnails%3Dthumbnails-a%3Aabp%3D0%2C%2CRight%20Rail%20Thumbnails%3Dthumbnails-1x3%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 54f5276a2a8507407032e42e6941b6a43cd12d88b2f5e3de94c411a945ef95e8

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 470
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.31104166666666666
x-fastly-to-nlb-rtt: 7443
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1705445433.122762,VS0,VE470
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H2 202 logs Show response
http-intake.logs.us5.datadoghq.com/api/v2/ 2 B
58 B 154ms
153ms Fetch
application/json 2600:1901:0:8a8e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-api-key=7854699c55cf56127736e336b120a38b&ddsource=nodejs&service=adpushup.js

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:8a8e:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 308 KB
83 KB 570ms
570ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3684559146486941&correlator=1637279160964288&eid=31079233%2C31079784%2C44777901&output=ldjh&gdfp_req=1&vrg=202401100101&ptt=17&impl=fifs&iu_parts=103512698%3A21638617752%2C22974135918%2C22973422918%2C22974135924%2C22974135927&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=320x50%7C970x90%7C970x250%7C900x90%7C728x250%7C728x90%7C690x90%7C690x250%7C675x90%7C675x250%7C670x90%7C670x250%7C650x90%7C650x250%7C650x150%7C630x90%7C630x250%7C602x100%7C600x90%7C600x250%7C580x90%7C570x90%7C550x150%7C468x60%7C320x50%7C320x100%7C300x50%7C300x100%7C300x75%7C300x250%7C250x250%7C200x200%2C320x50%7C160x600%7C120x600%2C320x50%7C300x50%7C300x100%7C300x75%7C300x250%7C250x250%7C200x200%2C320x50%7C300x50%7C300x100%7C300x75%7C300x250%7C300x600%7C250x250%7C240x400%7C200x200%7C160x600%7C120x600&fluid=height%2Cheight%2Cheight%2Cheight&ifi=1&didk=2903060686~1945346800~1829135579~2990006265&sfv=1-0-40&eri=1&sc=0&cookie_enabled=1&abxe=1&dt=1705445433137&lmt=1705445433&adxs=325%2C325%2C975%2C975&adys=105%2C370%2C370%2C620&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C0&ucis=1%7C2%7C3%7C4&oid=2&tos=~~~&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&bc=23&nvt=1&url=http%3A%2F%2Fultrasurfing.com%2F&vis=1&psz=970x-1%7C160x-1%7C300x-1%7C300x-1&msz=970x-1%7C160x-1%7C300x-1%7C300x-1&fws=4%2C4%2C4%2C4&ohw=970%2C160%2C300%2C300&ga_vid=1817517829.1705445432&ga_sid=1705445433&ga_hid=60202500&ga_fc=true&dlt=1705445431230&idt=1389&prev_scp=amznbid%3D2%26amznp%3D2%26stopUnfilledRefresh3%3Dd_g0_u0%26misc%3DoptiRef_v2_c_pv%26adpushup_ran%3D1%26hb_ap_siteid%3D45157%26hb_ap_ran%3D1%26fluid%3D0%26vacant_variation%3Dexperiment_bp_0%26vacant_RCA%3DE_0%26refreshcount%3D0%26refreshrate%3D30%26control_reporting%3Dchrome_DESKTOP_14_0_pv%26cluster_reporting%3Dchrome_DESKTOP_14_1_active_0_pv%26refresh27Split%3Drefresh_control_4_pv%26ap_refresh_type%3DAV_1%7Camznbid%3D2%26amznp%3D2%26stopUnfilledRefresh3%3Dd_g0_u0%26adpushup_ran%3D1%26hb_ap_siteid%3D45157%26hb_ap_ran%3D1%26fluid%3D0%26vacant_variation%3Dexperiment_bp_0%26vacant_RCA%3DE_0%26refreshcount%3D0%26refreshrate%3D30%26control_reporting%3Dchrome_DESKTOP_14_0%26cluster_reporting%3Dchrome_DESKTOP_14_1_active_0%26refresh27Split%3Drefresh_control_4%26ap_refresh_type%3DAV_1%7Camznbid%3D2%26amznp%3D2%26stopUnfilledRefresh3%3Dd_g0_u0%26adpushup_ran%3D1%26hb_ap_siteid%3D45157%26hb_ap_ran%3D1%26fluid%3D0%26vacant_variation%3Dexperiment_bp_0%26vacant_RCA%3DE_0%26refreshcount%3D0%26refreshrate%3D30%26control_reporting%3Dchrome_DESKTOP_14_0%26cluster_reporting%3Dchrome_DESKTOP_14_1_active_0%26refresh27Split%3Drefresh_control_4%26ap_refresh_type%3DAV_1%7Camznbid%3D2%26amznp%3D2%26stopUnfilledRefresh3%3Dd_g0_u0%26adpushup_ran%3D1%26hb_ap_siteid%3D45157%26hb_ap_ran%3D1%26fluid%3D0%26vacant_variation%3Dexperiment_bp_0%26vacant_RCA%3DE_0%26refreshcount%3D0%26refreshrate%3D30%26control_reporting%3Dchrome_DESKTOP_14_0%26cluster_reporting%3Dchrome_DESKTOP_14_1_active_0%26ap_refresh_type%3DAV_1&cust_params=da%3Dadx%26outbrain%3Dtrue%26ap_product%3Dadpushup%26pubmatic_eb_disable%3Dfalse%26faid%3Dfalse%26misc%3DoptiRef_v2_c&adks=3438922519%2C3752000678%2C385502301%2C1406891478&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f712e16e9b6277bdd02bd84f03cbf4623a875dbdb718bc1711e81003e75b0a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84613
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 110ms
62ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401100101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af46fa63cc62df18108888ede9e2b590eac12502ec3a594299ef39e1ac4c92ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12217
x-xss-protection: 0

GET
H2 200 container.html Show response
36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7E22 6 KB
3 KB 117ms
54ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Wed, 15 Jan 2025 22:50:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 427 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79843e768129bc54db15739806c3d973e3d7b3e97c9ac58100c657d071f56fc0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 202 logs Show response
http-intake.logs.us5.datadoghq.com/api/v2/ 2 B
19 B 149ms
149ms Fetch
application/json 2600:1901:0:8a8e::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://http-intake.logs.us5.datadoghq.com/api/v2/logs?dd-api-key=7854699c55cf56127736e336b120a38b&ddsource=nodejs&service=adpushup.js

Requested by

Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/45157/adpushup.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:8a8e:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
via: 1.1 google
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 110 KB
44 KB 314ms
314ms Fetch
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3684559146486941&correlator=1590977749076422&eid=31079233%2C31079784%2C44777901&output=ldjh&gdfp_req=1&vrg=202401100101&ptt=17&impl=fifs&iu_parts=103512698%3A21638617752%2C23007927310&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C420x315%7C336x280%7C320x50%7C320x100%7C300x50%7C300x100%7C300x75%7C300x250%7C250x250%7C200x200&fluid=height&ifi=5&didk=2114507056&sfv=1-0-40&eri=1&sc=0&cookie_enabled=1&abxe=1&dt=1705445433172&lmt=1705445433&adxs=528&adys=370&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&bc=23&nvt=1&url=http%3A%2F%2Fultrasurfing.com%2F&vis=1&psz=420x-1&msz=420x-1&fws=4&ohw=420&ga_vid=1817517829.1705445432&ga_sid=1705445433&ga_hid=60202500&ga_fc=true&dlt=1705445431230&idt=1389&prev_scp=amznbid%3D2%26amznp%3D2%26stopUnfilledRefresh3%3Dd_g0_u0%26adpushup_ran%3D1%26hb_ap_siteid%3D45157%26hb_ap_ran%3D1%26fluid%3D1%26vacant_variation%3Dexperiment_bp_0%26vacant_RCA%3DE_0%26refreshcount%3D0%26refreshrate%3D30%26control_reporting%3Dchrome_DESKTOP_14_0%26cluster_reporting%3Dchrome_DESKTOP_14_1_active_0%26refresh27Split%3Drefresh_control_4%26ap_refresh_type%3DAV_6&cust_params=da%3Dadx%26outbrain%3Dtrue%26ap_product%3Dadpushup%26pubmatic_eb_disable%3Dfalse%26faid%3Dfalse%26misc%3DoptiRef_v2_c&adks=2329818728&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2837f6ca078df412ee3579d4c13a65b8203ef1e47830bae1366d0b540492458a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45440
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/80b90bfd/www-widgetapi.vflset/ 216 KB
67 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/80b90bfd/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca5a691ea0a5a7485c48827ef56c36cb4414693c72ef5f6a0067e5c9d3e00261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:34:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68600
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 02:46:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 15 Jan 2025 22:34:28 GMT

GET
H2 200 2e7e1587-d92f-46dd-8721-80b53eccb87e Show response
config.aps.amazon-adsystem.com/configs/ 564 B
829 B 27ms
27ms Script
application/javascript 108.138.36.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-78.muc50.r.cloudfront.net
Software: CloudFront /
Resource Hash: d2716d1e5bd1c48702ac5f95a2afc4d0911162f0522d2e93da308bcea5c56643

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 21:59:58 GMT
via: 1.1 0c17d6e113cee388d94028cac715ecd2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-P2
age: 3035
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 564
x-amz-cf-id: X6q4o0TWB3gZWxgXp8p9-PibZqlZQqeGDo7QrrjWyUPe9oVRpWk2tQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 2 KB
2 KB 39ms
38ms XHR
application/json 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=http%3A%2F%2Fultrasurfing.com&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: Server /
Resource Hash: 7e7827217a94d1d1020058638a3ebc7d637615bbe0696879d60dd75ca50a07f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:32 GMT
via: 1.1 3fbcd51d3039c17ef404823aaeb1f66c.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P2
age: 1
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 2120
x-amz-cf-id: uGT8XrwWLlqt-RHTwNyTxKt6-kwEF6h1DUxaYdujckCspdKFui4uHQ==

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 1307ms
1306ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6ImFwXzQ1MTU3X2luc3RyZWFtX2Rlc2t0b3BfcDEifV19
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:34 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 72ms
37ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6ImFwXzQ1MTU3X2luc3RyZWFtX2Rlc2t0b3BfcDIifV19
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:33 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 73ms
37ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6ImFwXzQ1MTU3X2luc3RyZWFtX2Rlc2t0b3BfcDMifV19
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:33 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 79ms
40ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6ImFwXzQ1MTU3X2luc3RyZWFtX2Rlc2t0b3BfcDQifV19
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:33 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 80ms
40ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6ImFwXzQ1MTU3X2luc3RyZWFtX2Rlc2t0b3BfYmFja2ZpbGwxIn1dfQ%3D%3D
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:33 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
H/1.1 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
464 B 81ms
41ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE3MDU0NDU0MzMxODUsInBhY2tldElkIjoiMDAwMEIwNjUtODhkOTViNzMtMWVjOS00OTdmLTk5MjYtYzIyZTY4MmE3N2U4Iiwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdWx0cmFzdXJmaW5nLmNvbS8iLCJzaXRlSWQiOjQ1MTU3LCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJjb3VudHJ5IjoiREUiLCJtb2RlIjoxLCJlcnJvckNvZGUiOjEsInBhZ2VHcm91cCI6bnVsbCwicGFnZVZhcmlhdGlvbklkIjpudWxsLCJwYWdlVmFyaWF0aW9uTmFtZSI6bnVsbCwicGFnZVZhcmlhdGlvblR5cGUiOm51bGwsImlzR2VuaWVlIjpmYWxzZSwidXJsIjoiaHR0cDovL3VsdHJhc3VyZmluZy5jb20vIiwicmVmZXJyZXIiOiIiLCJzZWN0aW9ucyI6W3sic2VjdGlvbklkIjoiY2NkNWFlZmMtMjRiOS00ZGZlLTgxOTEtM2E5NmQxNGQ5MDIwIiwic2VjdGlvbk5hbWUiOiJBUF9JTlNUUkVBTV80NTE1N19jY2Q1YSIsInN0YXR1cyI6MSwibmV0d29yayI6ImFkcFRhZ3MiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjYsIm5ldHdvcmtBZFVuaXRJZCI6IkFQXzQ1MTU3X0luc3RyZWFtX1VTX0Rlc2t0b3BfR0kifV19
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:33 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 70
Expires: 0

GET
BLOB 206
Partial Content 1c13d821-8684-4246-b582-4b2bca06e074
http://ultrasurfing.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/1c13d821-8684-4246-b582-4b2bca06e074
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H/1.1 200
OK bridge3.612.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame B922 752 KB
241 KB 43ms
22ms Document
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b64c80b04cff2dc73a2bd8e0eae63e60e4c0168cb01f431f5031edeec71a2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 56506
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 246171
Content-Type: text/html
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 16 Jan 2024 07:08:47 GMT
Expires: Wed, 15 Jan 2025 07:08:47 GMT
Last-Modified: Thu, 11 Jan 2024 19:56:11 GMT
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Server: sffe
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 106ms
30ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5AC4 40 KB
14 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:02:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 16 Jan 2024 23:02:34 GMT

GET
H2 200 main.m3u8 Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 2 KB
676 B 22ms
22ms XHR
application/vnd.apple.mpegurl 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main.m3u8
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 688cc00d0684dabd2be6c15e016a4b9d92d90a3e94d183a3eb0f60ef2c8db920

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-age-lb: 542305
x-77-cache: HIT
x-accel-date: 1704903128
x-77-nzt: EQwBnJIhiwH3YUYIAA
x-accel-expires: @1705939449
x-77-age: 542305
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: W/"6467d241-638"
x-77-nzt-ray: cf878727ef4785ca3908a765d8f4840c
vary: Accept-Encoding, Origin
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: http://ultrasurfing.com
x-robots-tag: : noindex, nofollow

GET
BLOB 206
Partial Content 1c13d821-8684-4246-b582-4b2bca06e074
http://ultrasurfing.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://ultrasurfing.com/1c13d821-8684-4246-b582-4b2bca06e074
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 39 KB
12 KB 29ms
29ms Script
text/javascript 108.138.36.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-27.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 02:12:53 GMT
content-encoding: gzip
via: 1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:42 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 74260
x-amz-server-side-encryption: AES256
etag: W/"6e8b1f94eaf615b7d0953ad4e8d8bb85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: bHo44-OEQI8QaztAzPQRRBnIoWtqO60qT87CBwhhBkjj8nWXpze0Uw==

GET
H2 200 main.m3u8 Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 2 KB
696 B 22ms
22ms XHR
application/vnd.apple.mpegurl 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main.m3u8
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f4d84a5ec6a1d15b9ff25d814e4f54800f02fb8a0500eb4ac91ad237608ca3d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-age-lb: 986033
x-77-cache: HIT
x-accel-date: 1704459400
x-77-nzt: EQwBnJIhiwH3sQsPAA
x-accel-expires: @1705493459
x-77-age: 986033
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: W/"6467d241-66b"
x-77-nzt-ray: cf878727ef4785ca3908a765d14b150e
vary: Accept-Encoding, Origin
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: http://ultrasurfing.com
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00001.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 279 KB
280 KB 31ms
31ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00001.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 64d96640ca5d904dff5b241914849bd4d5ee2d9dd2cfcf74a2d9fae934135a9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 986031
x-77-cache: HIT
x-accel-date: 1704459402
content-length: 285760
x-77-nzt: EQwBnJIhiwH3rwsPAA
x-accel-expires: @1705493199
x-77-age: 986031
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-45c40"
x-77-nzt-ray: cf878727ef4785ca3908a76589893a0e
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00001.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 42ms
41ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00001.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 72e6013277164f63654fc121b2cbe90bb6056c4fc6f778a439e23acbfd2cc512

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 321151
x-77-cache: HIT
x-accel-date: 1705124282
content-length: 2623
x-77-nzt: EgwBnJIhiwH3f+YEAAwBisclwQH3BqgDAA
x-accel-expires: @1705921460
x-77-age: 560773
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a3f"
x-77-nzt-ray: cf878727ef4785ca3908a7659cefa70f
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
332 B 45ms
45ms XHR
application/json 54.76.97.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.97.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-97-196.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 6b99961cfdda662da2bb3895da9f0a3f33c35ba0aafa7e2497718ab6c8a4266d

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
x-server: 10.45.8.9
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 128ms
77ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H3 200 poker-ad. Show response
fundingchoicesmessages.google.com/f/AGSKWxVH3f_RCai_1hOiMZ4YZ8YYyuP2AMCouSwppDZQAgzjLMlljVIpe4H2yd94bbKuEPR1lVRbAlXLcqmJ6X8bD8FtaBapqiL2ffOMKoRupufVoicq8RI2YPR2ajw2BA8IDTeHanKgXkHmaeXfUadpCYqoL-71N... 54 B
106 B 36ms
36ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVH3f_RCai_1hOiMZ4YZ8YYyuP2AMCouSwppDZQAgzjLMlljVIpe4H2yd94bbKuEPR1lVRbAlXLcqmJ6X8bD8FtaBapqiL2ffOMKoRupufVoicq8RI2YPR2ajw2BA8IDTeHanKgXkHmaeXfUadpCYqoL-71NcKancT-GCH5nGlwxboINpNvIL94gD2F/_/blogoas-/blogad02._banner_ad-/iframeadcontent./poker-ad.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-Hs0eiopJhgDZxv-jwMMm8fYViw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6bc350db8340876bf1c6e9ccb692fea5818f4285597246b482ed908e0c55b88d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gRhiSMAaP7pnnywNvGoM-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-gRhiSMAaP7pnnywNvGoM-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 30 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7f80935106390ce68b498562c40c39863298cf9edd85faa71d35fcdf848a6c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11403
x-xss-protection: 0
server: cafe
etag: 8337112287831120551
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 23:50:22 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 37ms
36ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-r4qeWPEK2vLhKd9bQNs0qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-r4qeWPEK2vLhKd9bQNs0qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 33ms
33ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wNSHHroFlh6RbTSaupyXzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-wNSHHroFlh6RbTSaupyXzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 33ms
33ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-J01QULKzrDqwESytCgxnHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-J01QULKzrDqwESytCgxnHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
35ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ZgzMWod3UDZ5a_bGCESbzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ZgzMWod3UDZ5a_bGCESbzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWdzlMPD5m5k2UoTLtIS4pIw9ewk6EDzB7SMXPpjho5CFUdYxd_zEpq4c5Xl6hUDR03AYUTNw9q-Ny-EY1ZPOVJ2aia-QDC4ayjv_EDNslWRjn5oXzDMRzIgibylwbJf7yKCrs3fQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWdzlMPD5m5k2UoTLtIS4pIw9ewk6EDzB7SMXPpjho5CFUdYxd_zEpq4c5Xl6hUDR03AYUTNw9q-Ny-EY1ZPOVJ2aia-QDC4ayjv_EDNslWRjn5oXzDMRzIgibylwbJf7yKCrs3fQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NDQ1NDMzLDM2ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHA6Ly91bHRyYXN1cmZpbmcuY29tLyIsbnVsbCxbWzgsIkxJcWM0MUJKNWEwIl0sWzksImRlIl0sWzE2LCJbMSwxLDFdIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

219d553d5a34a735b36c32ba0a083b8ed8a60758a9655544b7f0f67cbc5d48cb

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-6rtvmpBI5V27mccfcrOxIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-6rtvmpBI5V27mccfcrOxIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main_00002.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 283 KB
283 KB 22ms
21ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00002.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 12f9df9b07229382b461a7000afacaaafd8307b2539c11b2667835d423f924f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 546421
x-77-cache: HIT
x-accel-date: 1704899012
content-length: 289520
x-77-nzt: EQwBnJIhiwH3dVYIAA
x-accel-expires: @1705935153
x-77-age: 546421
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-46af0"
x-77-nzt-ray: cf878727ef4785ca3908a765f04bc117
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00002.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 25ms
24ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00002.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e2618c8c103f14a7a5a25557d493d1a49232c36c1c660ac6719060683ecd64e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 37368
x-77-cache: HIT
x-accel-date: 1705408065
content-length: 2584
x-77-nzt: EQwBnJIhiwH3+JEAAA
x-accel-expires: @1706444493
x-77-age: 37368
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a18"
x-77-nzt-ray: cf878727ef4785ca3908a76589fe2718
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3A1E 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 8084
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:35:49 GMT
expires: Wed, 15 Jan 2025 20:35:49 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F429 829 B
1 KB 79ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

aba29df57554f20f3835fa3e453df6c0e7b394defa7e4c95be9633ebf89997ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--yaOp7NlDTIWSuS65sPEOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce--yaOp7NlDTIWSuS65sPEOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Tue, 16 Jan 2024 22:50:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 AGSKWxX3NA67dZC6xPa7v4j7eVZvNys4WUeZU0KFIMhY9ejaFA0U7l-lG1j0FG4xrlFbmtV9xvwDovBpKkwiQajcR2zvwlAuZtJWHS-1CbD65mDKRhD3ifX8KRP_iy5O4uIxjNWoDV526Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 33ms
33ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxX3NA67dZC6xPa7v4j7eVZvNys4WUeZU0KFIMhY9ejaFA0U7l-lG1j0FG4xrlFbmtV9xvwDovBpKkwiQajcR2zvwlAuZtJWHS-1CbD65mDKRhD3ifX8KRP_iy5O4uIxjNWoDV526Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gW7UsXtgU0bOFjK181pGnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gW7UsXtgU0bOFjK181pGnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 34ms
33ms XHR
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU3oQjX0C8vpV54LEtTuR6bLFPC5gx-nMaDhMOPoac6dzDieHPbzvhyO6dEy_345lXgOwFOIDQTKgSKop7AwSGzb1dfYqIvs1hLP0atPilR8UDZq4AXaUCXEjjqXYNsnQ1wKutveQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-utVssk8yaajovywYYFmbcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-security-policy: script-src 'report-sample' 'nonce-utVssk8yaajovywYYFmbcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 3A1E 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H2 200 main_00003.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 21ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00003.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7e800289f4c239b49594fc0466a323afb2e2d7f3f4afa9368b34fc24b07968e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 877602
x-77-cache: HIT
x-accel-date: 1704567831
content-length: 2597
x-77-nzt: EgwBnJIhiwH3ImQNAAwBJRPCLgH3viMHAA
x-accel-expires: @1705603367
x-77-age: 1345504
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3908a7655315e01a
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00003.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 276 KB
276 KB 22ms
22ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00003.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 292db287ad5f6f3365c0d0f0632cec1d3d93052df4c36c070bdb879b8967c0a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 897132
x-77-cache: HIT
x-accel-date: 1704548301
content-length: 282188
x-77-nzt: EgwBnJIhiwH3bLANAAwBJRPCLgH3mHkHAA
x-accel-expires: @1705582815
x-77-age: 1387012
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-44e4c"
x-77-nzt-ray: cf878727ef4785ca3908a765933b0e1b
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00004.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 22ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00004.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ba215ba34df598608a897a1378c5c68d337ae0b7cc5d3dd6aff569c5c2779826

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 120722
x-77-cache: HIT
x-accel-date: 1705324711
content-length: 2597
x-77-nzt: EQwBnJIhiwH3ktcBAA
x-accel-expires: @1706359526
x-77-age: 120722
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3908a7658f5ece1d
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F429 0
0 52ms
52ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401100101&jk=3684559146486941&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H2 200 container.html Show response
36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C9CC 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Wed, 15 Jan 2025 22:50:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3A1E 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Fr9yAg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 main_00005.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 22ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00005.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 306933f88fe33271cb5c31207d65753523ccc2f6f3af8574e26d57cf66d17458

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 910759
x-77-cache: HIT
x-accel-date: 1704534674
content-length: 2584
x-77-nzt: EQwBnJIhiwH3p+UNAA
x-accel-expires: @1705570282
x-77-age: 910759
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a18"
x-77-nzt-ray: cf878727ef4785ca3908a765ce7e1720
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 07B0 624 B
825 B 110ms
58ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhifhcCDAjAB&v=APEucNWNuK-btyQFLIC9mG66mgmWmWyWhwrP5ksg4RMDd2uwt1BHQat_dYJ19M7hfjL3uMfL_pNrOtwWweZbtMIg555V9KrzdGbxFiYl6vO5ESdI37HC2viuD16f7Vn2Zp-OKpZFqA0AzIfKX0SrDsUcWG01h_Vp9bVQ4ilAPiP3J9NYOhfOZ0aUrsayLuYtDkcCGa9MYioXmmf2-jmJNwGu4fyAW63Hvw

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Tue, 16 Jan 2024 22:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C9CC 111 KB
39 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Origin: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 21:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 21:44:19 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/ Frame C9CC 7 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 01:53:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 01:53:42 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/ Frame C9CC 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/abg_lite_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:32:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11897
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:32:16 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C9CC 41 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355365
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame C9CC 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/window_focus_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 20:34:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame C9CC 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:17:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9CC 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-An5MtedXrAfmMCWTX4QZJKJRZbCkC8QkexICp2jYk2RahbfCprE8S3t9DOGXycqNrk0bS32KtUEWxS2_GOXUxXARHwJyAlvLYebpt8FWPUq9-sKzk

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C9CC 205 KB
65 KB 172ms
121ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H2 200 main_00006.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 22ms
22ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00006.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d7e1852e847464aa848dff2855855f2581f7e8e0acba9772af1f2d2043f9a6e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 560140
x-77-cache: HIT
x-accel-date: 1704885293
content-length: 2597
x-77-nzt: EQwBnJIhiwH3DIwIAA
x-accel-expires: @1705920682
x-77-age: 560140
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3908a76580bd1b22
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B8E2 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main_00007.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 22ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00007.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0b870888288fdc85577e8f8f7ca0eb724c54d5f0d98b50f407207aebd3839d88

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 910758
x-77-cache: HIT
x-accel-date: 1704534675
content-length: 2597
x-77-nzt: EQwBnJIhiwH3puUNAA
x-accel-expires: @1705570443
x-77-age: 910758
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3908a765317bf123
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
DATA 200
OK truncated
/ Frame C9CC 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 008a70c27959c17d83d2db9900979a1748ac72eb97145a455783d2869b571a88

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 floating-unit.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 8 KB
3 KB 20ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/floating-unit.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 13a31108add44acedecde5907c49a00cf55cd83f4d02c0e70fb7f6f2efb03caa

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: 3xQBwy612YPveMmZvmCHkz5gb7NoRIUJ
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: 73Y8R0KHYJ8XMPAZ
age: 41066
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2508
x-amz-id-2: YfNPPxAgCjhrmmOqvWMZqDn3chhq9ZqAYSnUfP+sVfkp5Jj5FXEx9jkLEPEpvuYws6fMtjv37nU=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:26:08 GMT
server: AmazonS3
x-timer: S1705445434.621506,VS0,VE0
etag: "2d991c04efc6d00dc0d94bd96286c614"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 85
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 9857

GET
H/1.1 200
OK UnitFeedManagerDesktop.min.js Show response
vidstat.taboola.com/lite-unit/4.7.5/ 121 KB
34 KB 63ms
23ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7bd96688cbb98c39cc3c0dc22f09cbfd22d353d77b651ebc255cfaedfecdbc5

Request headers

Referer: http://ultrasurfing.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:33 GMT
Via: 1.1 dc57cbf9d7336ae929f762b5ada2ed98.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P5
Age: 1428247
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront, HIT
Connection: keep-alive
Content-Length: 34238
X-Served-By: cache-fra-etou8220095-FRA
Last-Modified: Sun, 31 Dec 2023 10:01:09 GMT
Server: AmazonS3
X-Timer: S1705445434.664235,VS0,VE0
ETag: "cf9f8c79c74a3093183012fb770abf82"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: vlSrrwuWG6AsTzV7KsViTku81sswjDfAxWS_YBw1JyB0jcrtPyODsg==
X-Cache-Hits: 101128

GET
H2 200 feed-card-placeholder.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
1 KB 20ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 337d1faf3071a595281b4aa1576dfb816077055db421988197191e999a15ed5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: _A5Sp0Eo7J4GIafqglHr37mAlgRZ80ZF
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: 5R13SCSM415Y9YBJ
age: 41071
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1263
x-amz-id-2: rwAX6Vx0XQ1341QM4+8ROAeqt9rrKbtbc7wtHm5jFMibhLKD42NZasLuiSQZnGrws6ur7smvVPo=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:26:03 GMT
server: AmazonS3
x-timer: S1705445434.623393,VS0,VE0
etag: "c61c6b1f0ef5631d735efb58f2c9752e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 3
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 112240

GET
H2 200 userx.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 18 KB
6 KB 20ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c8c81ec732de22eef38a59be9d9eeee0416021f88d76934093e7ad6676255

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: pJvcTqz._lhRM4tJNJ.Nmzzz9ihx4E8W
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: 2GF1WB4C16VBJ7PP
age: 41038
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5540
x-amz-id-2: ySrpBjwrZhAZZH38mmkzE7NzbzBRQWRUAY06gxAX6GNEnN0qP+sNqbCG1/QvCHFpzHbdYVQhTKI=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:26:36 GMT
server: AmazonS3
x-timer: S1705445434.633955,VS0,VE0
etag: "ee2febaa6389dd91552eba295cce0e8c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 79
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 24879

GET
H2 200 distance-from-article.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 21ms
21ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/distance-from-article.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a611239b0171e932d983c83ed344b300a539371827c8773d3fee7e914f84359c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: 6EDsD9OfM0EzyKftzkuHMrmu313k9Lmo
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: S51RR16PHSW581YY
age: 41076
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1132
x-amz-id-2: EGuKPVL2V8I6pzRaFkUsY3qr+02ZWDhvdROF6L9IPjpzcdxcv+k3qhhzojYuBBArmSUUEMWOCMQ=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:25:58 GMT
server: AmazonS3
x-timer: S1705445434.634104,VS0,VE0
etag: "d1e3b030f0d650d7721c290093dbef7d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 63
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 123998

GET
H2 200 article-detection.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 3 KB
2 KB 22ms
22ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/article-detection.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 830f9b2b1e7cef76f805e9a1e77458e158b766d79e59031459699b161222de59

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: uxYt7RnKPLqSn2XbiyQ5aSh7P7FsUaAn
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: 9R6X7Q0SW2JSNMV5
age: 41083
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1291
x-amz-id-2: shv6XOUPxZBQ1+n1aKhsI2t2LM/n0EyEb5nLRgwkdKxMXRTSvsF+4LcywVIoBOR/r++E6LEtNsg=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:25:50 GMT
server: AmazonS3
x-timer: S1705445434.634199,VS0,VE0
etag: "73c4772610641a5b8d39d839d8ab4b7f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 43
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 123923

GET
H/1.1 200
OK f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 4 KB
3 KB 21ms
21ms Image
image/svg+xml 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
Content-Encoding: gzip
Via: 1.1 varnish
Date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: SG3Z6M75MMYH9KCF
Age: 64
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 1758
x-amz-id-2: pOhcdsrxFGfbkU47FRRoaXIkxOJ9+RrCMUDFURJzo0wgy7zDGiwACfDOgxFmwyUDxAVdE2ihuCI=
X-Served-By: cache-fra-eddf8230061-FRA
Last-Modified: Wed, 07 Feb 2018 11:15:52 GMT
Server: AmazonS3
X-Timer: S1705445434.638688,VS0,VE0
ETag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
abp: 37
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Cache-Hits: 46

POST
H2 204 abtests
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/ 0
246 B 103ms
28ms Ping
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/abtests?route=AM:AM:V&tvi48=14791&lti=deflated&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22hp4u-excludeUrl%22%2C%22type%22%3A%22module%20initialized%22%2C%22eventTime%22%3A1705445433635%7D&tim=23%3A50%3A33.635&id=3380&llvl=2&ri=61b005ca044d13965c76eda20399cfb2&sd=v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=-1709852854480885386&pt=home&vi=1705445433110&
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: http://ultrasurfing.com
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 debug
trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
90 B 101ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.606&type=warn&msg=Delta%20mode%20replace%3A%20placement%20Below%20Article%20Thumbnails%20%7C%20Card%204%20is%20missing%20from%20preloadRequest&llvl=2&id=130&cv=20240116-10-RELEASE&lt=deflated&pct=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25830

GET
H2 204 supply-feature
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/ 0
230 B 101ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/supply-feature?route=AM:AM:V&tvi48=14791&lti=deflated&ri=61b005ca044d13965c76eda20399cfb2&sd=v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=-1709852854480885386&pt=home&vi=1705445433110&d=%7B%22event_type%22%3A%22next_up%22%2C%22event_state%22%3A%22RENDERED%22%2C%22event_value%22%3Anull%2C%22event_msg%22%3Anull%7D&tim=23%3A50%3A33.611&id=9379&llvl=2&cv=20240116-10-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 abtests
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/ 0
230 B 102ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/abtests?route=AM:AM:V&tvi48=14791&lti=deflated&ri=61b005ca044d13965c76eda20399cfb2&sd=v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=-1709852854480885386&pt=home&vi=1705445433110&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1705445433619%7D&tim=23%3A50%3A33.619&id=9638&llvl=2&cv=20240116-10-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
90 B 101ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.632&type=info&msg=Load%20publisher%20card%3A%20split-1%20on%20Card%3A%205%20with%20the%20anchor%20element%20selector%3A%20.news-promos-sports%20succeed&llvl=2&id=9458&cv=20240116-10-RELEASE&lt=deflated&idx=pc&pc=split-1&st=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25844

GET
H2 200 json Show response
trc.taboola.com/ultrasurf-ultrasurf/trc/3/ 31 KB
9 KB 503ms
503ms XHR
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/trc/3/json?tim=23%3A50%3A33.643&route=AM:AM:V&tvi48=14791&lti=deflated&data=%7B%22id%22%3A361%2C%22ii%22%3A%22_homepage_%22%2C%22it%22%3A%22home%22%2C%22sd%22%3A%22v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA%22%2C%22ui%22%3A%2282018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9%22%2C%22uifp%22%3A%2282018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9%22%2C%22lbt%22%3A1705404415479%2C%22vi%22%3A1705445433110%2C%22cv%22%3A%2220240116-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fultrasurfing.com%2F%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%7D%2C%22bu%22%3A%22http%3A%2F%2Fultrasurfing.com%2F%22%2C%22vpi%22%3A%22%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A3077%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-h2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A1056.96875%2C%22mw%22%3A610%2C%22fi%22%3A6%2C%22fb%22%3A2%2C%22fti%22%3A%22delta-override%3A10660336%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22home%3D_homepage_%2CBelow%20Article%20Thumbnails%3Dthumbnails-a%3Aabp%3D0%2C%2CRight%20Rail%20Thumbnails%3Dthumbnails-1x3%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d1112f3fc2a8b234715236a7efa22d5335c1c6267466031df7c2bc8d44de8f4d

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 481
date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.38849999999999996
x-fastly-to-nlb-rtt: 7349
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1705445434.653446,VS0,VE481
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1878143/77320179/ 60 KB
15 KB 247ms
44ms Script
application/javascript 54.73.100.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433612-pl1-0
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.73.100.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-73-100-143.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1e002b499d94aec6c4e37f9ae3843053ec35104cf25fbabbc78b680ef44e899a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

POST
H2 204 required-viewability-available Show response
trc.taboola.com/ultrasurf-ultrasurf/log/3/ 0
327 B 28ms
28ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/log/3/required-viewability-available?tvi48=14791&route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7472
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
pragma: no-cache
server: nginx
x-timer: S1705445434.664722,VS0,VE9
content-type: image/gif
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 event
skydeutschland.demdex.net/ 42 B
493 B 247ms
46ms Image
image/gif 54.74.69.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=8843427&d_src=158980&d_adsrc=&d_creative=206985712&d_placement=383820185&d_campaign=31090180&d_bust=[Timestamp]&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.74.69.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-69-97.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-082fe620b.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: GnDzxuVwT1U=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
x-error: 315
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ 43 B
1 KB 153ms
33ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=8&extPu=sky-dcm&extLi=31090180&extPm=383820185&extCr=206985712&subid=ADGapID_026_800138_550762062-550762062&rnd=[Timestamp]&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Tue, 16 Jan 2024 22:50:33 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Di, 16 Jan 2024 10:50:33 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

B31090180.383820185;dc_pre=CMecjar_4oMDFTTMEQgdU4YEEg;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc...
ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatm...
https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CMecjar_4oMDFTTMEQgdU4YEEg;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_r...

43 B
111 B

34ms
33ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CMecjar_4oMDFTTMEQgdU4YEEg;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CMecjar_4oMDFTTMEQgdU4YEEg;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
28ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.657&type=usage&msg=New_CTA-event-1705445433657&llvl=2&id=9550&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~-1965243323693857025~~HUnpqXtCJW2C%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25844

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
28ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.657&type=usage&msg=New_CTA-event-1705445433657&llvl=2&id=7283&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-available%22%2C%22itemId%22%3A%22~~V1~~-1965243323693857025~~HUnpqXtCJW2C%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25844

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.659&type=usage&msg=New_CTA-event-1705445433659&llvl=2&id=2308&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~-3506151704203757045~~7LhlZGEWPKJB%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25844

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.659&type=usage&msg=New_CTA-event-1705445433659&llvl=2&id=9499&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-available%22%2C%22itemId%22%3A%22~~V1~~-3506151704203757045~~7LhlZGEWPKJB%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25811

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.660&type=usage&msg=New_CTA-event-1705445433660&llvl=2&id=7626&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~1706375301501894866~~lBn0N9uVcnk_Q%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25811

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 30ms
30ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.660&type=usage&msg=New_CTA-event-1705445433660&llvl=2&id=7209&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-available%22%2C%22itemId%22%3A%22~~V1~~1706375301501894866~~lBn0N9uVcnk_Q%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 25811

GET
H2 200 9ef4660844c0d71526ea6f3bcf1c7190.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 18 KB
19 KB 24ms
23ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c426fcce7a59ac1567dd6cab45c40c4d0837edcde561346b6b1869bfb9fbcdd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
age: 602664
edge-cache-tag: 367722470797545855738463288781679575637,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 367722470797545855738463288781679575637,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 551
req-referer: https://www.ynet.co.il/
content-length: 18790
x-request-id: df3b11a8d31407ae2d49ebb415e38f5d
x-served-by: cache-iad-kjyo7100084-IAD, cache-iad-kjyo7100087-IAD, cache-lax-kwhp1940090-LAX, cache-iad-kjyo7100137-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 08 Jan 2024 15:57:25 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=36834,owidth=1067,oheight=600,obytes=228486,ef=(1,13,17,23,30)
x-timer: S1705445434.750384,VS0,VE0
etag: "c1eeeb5caa4670db558aa2711f39bb00"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 2, 8

GET
H2 200 604f64db35ad7d8e32fc4a7cffa729ec.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 11 KB
12 KB 22ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/604f64db35ad7d8e32fc4a7cffa729ec.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f9002aaa6bb534761e09a262e44a64f34ace9135535eab711319ca14e1ff6973

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/604f64db35ad7d8e32fc4a7cffa729ec.jpg
age: 2157942
edge-cache-tag: 380932827776598572844696039841441315722,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 380932827776598572844696039841441315722,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 253
expiration: expiry-date="Sat, 16 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://hsv24.mopo.de/
content-length: 11022
x-served-by: cache-iad-kiad7000042-IAD, cache-iad-kiad7000067-IAD, cache-sna10731-LGB, cache-iad-kiad7000155-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 16 Aug 2023 01:27:53 GMT
server: nginx
surrogate-reporting: width=360,height=200,owidth=1250,oheight=702,obytes=143120
x-timer: S1705445434.750371,VS0,VE0
etag: "36f3abd020f660909f414fbde2ba4304"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 41, 2

GET
H2 200 ab7ec63b5e45273e9d0685b92e871cac.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 7 KB
7 KB 24ms
23ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab7ec63b5e45273e9d0685b92e871cac.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c1fd178704274f44bbf9ae308e617a1759fe6c4dbd862be4fccc278d05a5a314

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab7ec63b5e45273e9d0685b92e871cac.jpg
age: 3481256
edge-cache-tag: 491672595259720921679951174822222721209,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 491672595259720921679951174822222721209,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, MISS, MISS, HIT
x-envoy-upstream-service-time: 165
req-referer: https://www.autozeitung.de/
content-length: 6888
x-request-id: e2bb5ac3854659f89ba1750a5d792ea6
x-served-by: cache-iad-kiad7000033-IAD, cache-iad-kcgs7200166-IAD, cache-lga21929-LGA, cache-iad-kiad7000085-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 16 Nov 2023 12:22:53 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=16187,owidth=1067,oheight=600,obytes=60107
x-timer: S1705445434.750366,VS0,VE0
etag: "7e546c92488a5704edf3def7caa1a952"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 0, 2

GET
H2 200 221655ce032044f5ae2f7f6de9ec5bdb.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 22ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/221655ce032044f5ae2f7f6de9ec5bdb.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 147c7a6312303aec7481f9f54ba329f3edf77754f3b1a38a9bd277f8a88ca89d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/221655ce032044f5ae2f7f6de9ec5bdb.jpg
age: 813594
edge-cache-tag: 494366385138543953060662240160626996212,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 494366385138543953060662240160626996212,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 114
expiration: expiry-date="Sun, 24 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://vnexpress.net/
content-length: 12150
x-served-by: cache-iad-kiad7000080-IAD, cache-iad-kiad7000174-IAD, cache-iad-kcgs7200031-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 24 Aug 2023 21:09:33 GMT
server: nginx
surrogate-reporting: width=360,height=200,owidth=1200,oheight=675,obytes=381043
x-timer: S1705445434.750352,VS0,VE0
etag: "aea4926f12c095671f8f2eaf672d3e00"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 29, 2

GET
H2 200 334cb3dd96fe00f71626cdd3fbc5e6a0.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 29 KB
29 KB 29ms
28ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/334cb3dd96fe00f71626cdd3fbc5e6a0.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e0a3f45317ab3f3de302667a12739c6d68b6524002ef471d943e87596328c6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/334cb3dd96fe00f71626cdd3fbc5e6a0.jpg
age: 4449398
edge-cache-tag: 390135444443759611241965298133296758900,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 390135444443759611241965298133296758900,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, HIT, MISS, HIT
x-envoy-upstream-service-time: 170
req-referer: https://www.heizsparer.de/heizung/warmwasseraufbereitung/durchlauferhitzer
content-length: 29190
x-request-id: 76123160d5ab08ca84043fa88ff86f8c
x-served-by: cache-iad-kjyo7100109-IAD, cache-iad-kjyo7100044-IAD, cache-iad-kjyo7100040-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 01 Sep 2023 00:45:15 GMT
server: nginx
x-timer: S1705445434.750078,VS0,VE1
etag: "63775d711fbd1209c75def4b63beb2fd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.673&type=usage&msg=New_CTA-event-1705445433673&llvl=2&id=1719&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-visible%22%2C%22itemId%22%3A%22~~V1~~-1965243323693857025~~HUnpqXtCJW2C%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 26250

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.673&type=usage&msg=New_CTA-event-1705445433673&llvl=2&id=2062&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~6284370232775599779~~n_KPGReDtK8CG%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 26250

GET
H2 200 631df4c75b4f02dc29d72a916064592e.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 13 KB
14 KB 28ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631df4c75b4f02dc29d72a916064592e.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f621f61617e2773f4d17084367e220df078b203bfab308c11808d005c4d2810b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631df4c75b4f02dc29d72a916064592e.png
age: 2510889
edge-cache-tag: 533785047141029851524565568207219022138,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 533785047141029851524565568207219022138,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 41
expiration: expiry-date="Thu, 21 Dec 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://lemagsportauto.ouest-france.fr/exploit-de-gasly-podium-en-belgique-deja-un-electro-choc-chez-alpine-f1/79780/
content-length: 13184
x-served-by: cache-iad-kcgs7200108-IAD, cache-iad-kcgs7200067-IAD, cache-lax-kwhp1940035-LAX, cache-iad-kiad7000109-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 20 Nov 2023 06:58:59 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=16884,owidth=1200,oheight=800,obytes=488780
x-timer: S1705445434.785418,VS0,VE1
etag: "62dadeb78469fd10ef4b843de10cb292"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 1, 187, 1

GET
H2 200 c169e09da8dffac4916b00c0fee587e5.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
15 KB 26ms
20ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c169e09da8dffac4916b00c0fee587e5.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ec245a0c0bff86ad50722921bd78ac3bd49ab8bf75cb8dbff4a012e36448f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c169e09da8dffac4916b00c0fee587e5.jpg
age: 3582265
edge-cache-tag: 310165035180675793021928839638344283296,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 310165035180675793021928839638344283296,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 181
expiration: expiry-date="Fri, 22 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.dailyrecord.co.uk/news/scottish-news/binmen-refuse-enter-glasgow-street-30864043
content-length: 14514
x-served-by: cache-iad-kjyo7100076-IAD, cache-iad-kiad7000082-IAD, cache-iad-kcgs7200045-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 22 Aug 2023 07:30:52 GMT
server: nginx
x-timer: S1705445434.785737,VS0,VE0
etag: "d0a55e3721f4469b4ad21ffbb8476d57"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 76, 4

GET
H2 200 01333441-49f1-4d36-b01a-6589fa45f00b__yf9ilj04.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/ 22 KB
23 KB 28ms
23ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/01333441-49f1-4d36-b01a-6589fa45f00b__yf9ilj04.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7492a43f0aeb26c7740bfa1c284011b183ddc83b4d4ce07cdc93cebfc357f8c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/01333441-49f1-4d36-b01a-6589fa45f00b__yf9ilj04.jpg
age: 3395564
edge-cache-tag: 427860200276258725763742677764774220840,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 427860200276258725763742677764774220840,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 487
req-referer: https://www.t-online.de/
content-length: 22986
x-request-id: dd539460a6134478634edce819043f75
x-served-by: cache-iad-kiad7000129-IAD, cache-iad-kcgs7200078-IAD, cache-lax-kwhp1940026-LAX, cache-iad-kjyo7100042-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 08 Dec 2023 08:44:41 GMT
server: nginx
surrogate-reporting: width=360,height=300,bytes=33777,owidth=2000,oheight=2000,obytes=350462
x-timer: S1705445434.785925,VS0,VE1
etag: "82183d7bd5369cbb8f2cd618b1228ae9"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 50, 1

GET
H2 200 04968aa5892e4e408f1de94e886fb00d.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 16 KB
17 KB 30ms
25ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/04968aa5892e4e408f1de94e886fb00d.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: bf352f346efc41f1e0e69355115e19cf269d6855e586dc4727dea04c2034499c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 3
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/04968aa5892e4e408f1de94e886fb00d.jpg
age: 2670488
edge-cache-tag: 586329929833731548038996226118185389125,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 586329929833731548038996226118185389125,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 465
req-referer: https://www.t-online.de/
content-length: 16108
x-request-id: 0bba102c2be112da3f9af2ec7de05df8
x-served-by: cache-iad-kcgs7200159-IAD, cache-iad-kcgs7200109-IAD, cache-lax10660-LGB, cache-iad-kiad7000137-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 29 Sep 2023 09:39:33 GMT
server: nginx
surrogate-reporting: width=360,height=300,bytes=23588,owidth=1600,oheight=900,obytes=1028771
x-timer: S1705445434.785722,VS0,VE3
etag: "6f5b340d6c997871000cd981565c63e4"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2 200 eec2cf551bca54e8e01777ade85f4244.jpg
images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.2%2Cw_1376%2Cx_332%2Cy_127/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 310 KB
313 KB 27ms
26ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.2%2Cw_1376%2Cx_332%2Cy_127/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eec2cf551bca54e8e01777ade85f4244.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9a77b3dff91c6d3da502d97c1c8c9ade20baea4a343240537ad8bf65ef4b0c3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 5
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.2%2Cw_1376%2Cx_332%2Cy_127/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eec2cf551bca54e8e01777ade85f4244.jpg
age: 2330338
edge-cache-tag: 569902423933287221938148904032916081426,423893678703345693035471660519887363262,29ecf9b93bbf306179626feeda1fab70
cache-tag: 569902423933287221938148904032916081426,423893678703345693035471660519887363262,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 1434
req-referer: https://ads.taboola.com/campaigns/creative/duplicate/ditogamesag-navyquest-sc/29858833/3853655050?locale=en&accountId=1544312&campaignId=29858833&dimension=SPONSORED&reportId=creative&datePreset=THIS_MONTH&filters_active=true&reportViewName=All&sorting=%5B%7B%22sort%22%3A%22desc%22%2C%22colId%22%3A%22creative_spent%22%7D%5D&filters=%5B%7B%22type%22%3A%22campaignItemStatus%22%2C%22values%22%3A%5B%7B%22label%22%3A%22Recent%22%2C%22value%22%3A%22RECENT%22%2C%22messageId%22%3A%22app.campaigns.creative.status.RECENT%22%7D%5D%7D%5D&page=1&autoFiltersTrigger=%257B%2522reportId%2522%253A%2522creative%2522%252C%2522accountName%2522%253A%2522ditogamesag-network%2522%257D&initialCreativeType=IMAGE&taboola-debug=-1&tbl_creative_preview=%5B%7B%22title%22%3A%22Play%20this%20game%20for%201%20minute%20and%20see%20why%20everyone%20is%20addicted%22%2C%22description%22%3A%22Play%20for%20free.%20No%20Installation.%C2%A0This%20game%20will%20keep%20you%20up%20all%20night.%22%2C%22thumbnail%22%3A%22http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Feec2cf551bca54e8e01777ade85f4244.jpg%22%2C%22itemType%22%3A%22is-syndicated%22%2C%22branding-text%22%3A%22Navy%20Quest%20Game%22%2C%22additional-properties%22%3A%7B%22hideMe%22%3Afalse%2C%22placementUrl%22%3A%22%22%2C%22type%22%3A%22video%22%2C%22cta-text%22%3A%22%22%2C%22cropping%22%3A%22%7B%5C%22crop%5C%22%3A%5B%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A4%2C%5C%22h%5C%22%3A3%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A263%2C%5C%22y%5C%22%3A119%2C%5C%22w%5C%22%3A1529%2C%5C%22h%5C%22%3A1147%7D%7D%2C%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A6%2C%5C%22h%5C%22%3A5%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A332%2C%5C%22y%5C%22%3A127%2C%5C%22w%5C%22%3A1376%2C%5C%22h%5C%22%3A1147%7D%7D%2C%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A2%2C%5C%22h%5C%22%3A1%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A0%2C%5C%22y%5C%22%3A190%2C%5C%22w%5C%22%3A2040%2C%5C%22h%5C%22%3A1020%7D%7D%5D%7D%22%7D%7D%5D&tbl_should_override_all_slots=true&tbl_should_repeat_override_items=true&cm_multiUnitManager.isActive=false
content-length: 317800
x-request-id: 9546332b618683b5f3d8806b374dfd5b
x-served-by: cache-iad-kjyo7100071-IAD, cache-iad-kjyo7100026-IAD, cache-lga21959-LGA, cache-iad-kiad7000045-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 09 Nov 2023 14:27:58 GMT
server: nginx
surrogate-reporting: width=1376,height=1147,bytes=565875,owidth=2040,oheight=1400,obytes=428760
x-timer: S1705445434.785709,VS0,VE5
etag: "7c3c7fd19878a4a04ac8f6dcbf0702ac"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 07B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1&C=1

43 B
341 B

53ms
52ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhifhcCDAjAB&v=APEucNWNuK-btyQFLIC9mG66mgmWmWyWhwrP5ksg4RMDd2uwt1BHQat_dYJ19M7hfjL3uMfL_pNrOtwWweZbtMIg555V9KrzdGbxFiYl6vO5ESdI37HC2viuD16f7Vn2Zp-OKpZFqA0AzIfKX0SrDsUcWG01h_Vp9bVQ4ilAPiP3J9NYOhfOZ0aUrsayLuYtDkcCGa9MYioXmmf2-jmJNwGu4fyAW63Hvw
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BLsVPkIgfv0y1LEhezP6pwT%2FWKjW33%2FRWz1fNH4i%2BGJQCtxMdt8tLHZF8JteLXThC7X97%2Fst1FpxMNIBXqdYSZBVDOSbxxVQCfHwk1ML4UNR0bkfuqor2oiHvDXEWbdgNhkVa6ztQok1w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb098e9f4510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcWQfOC%2FPF54cNHCcFEwe1ByFHKPszA8CRL4oiiDZr6OZAO8PS97gnQ9mHEqNq%2FHsY%2FoCMlXYeCrQONi%2Bv0AkXuHih%2BHGbZK4Lg1MUyosYxsRDQwTQwRdJ60DmLVlO%2F%2F9YHZC4e6ZcUoHA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1&C=1
cache-control: no-cache
cf-ray: 8469eb092d774510-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 07B0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOedsHZOt2i5gls2RxAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
765 B

57ms
56ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhifhcCDAjAB&v=APEucNWNuK-btyQFLIC9mG66mgmWmWyWhwrP5ksg4RMDd2uwt1BHQat_dYJ19M7hfjL3uMfL_pNrOtwWweZbtMIg555V9KrzdGbxFiYl6vO5ESdI37HC2viuD16f7Vn2Zp-OKpZFqA0AzIfKX0SrDsUcWG01h_Vp9bVQ4ilAPiP3J9NYOhfOZ0aUrsayLuYtDkcCGa9MYioXmmf2-jmJNwGu4fyAW63Hvw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhOUQwUIBh6dVf4%2FMk1%2F8RTSW74eG0cgtvIoPlW556o6k7ra47GdlQIt7V9pTCKSf6IhTAja4bBS3V3K6tbpwzX8nbSCsz4utfDmglKN1zvPHxx57WGAtBa1fmZGs44HYlyVuHzldft0VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0a0f2c266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 07B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJwp7WGfKz86vOqKpr2sr1Q%26google_cver%3D1

43 B
1 KB

26ms
26ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJwp7WGfKz86vOqKpr2sr1Q%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhifhcCDAjAB&v=APEucNWNuK-btyQFLIC9mG66mgmWmWyWhwrP5ksg4RMDd2uwt1BHQat_dYJ19M7hfjL3uMfL_pNrOtwWweZbtMIg555V9KrzdGbxFiYl6vO5ESdI37HC2viuD16f7Vn2Zp-OKpZFqA0AzIfKX0SrDsUcWG01h_Vp9bVQ4ilAPiP3J9NYOhfOZ0aUrsayLuYtDkcCGa9MYioXmmf2-jmJNwGu4fyAW63Hvw

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
an-x-request-uuid: f314fd3b-ce08-49c6-a10a-5479a3060eae
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
an-x-request-uuid: e5bcc1b9-c99b-4484-baed-a776b654d282
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJwp7WGfKz86vOqKpr2sr1Q%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 07B0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ2OTM0Mzk1MTI0NDQ4ODI1Mw%3D%3D

170 B
243 B

31ms
30ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ2OTM0Mzk1MTI0NDQ4ODI1Mw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
an-x-request-uuid: 14400858-93db-4869-bb32-8c8b74db8139
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ2OTM0Mzk1MTI0NDQ4ODI1Mw%3D%3D
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 https%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fvideo%2F%2Fh_400%2Cc_scale%2Fv1655289863%2Fsbfcvda1gqwcij41gdnv.mp4
videos.taboola.com/taboola/video/fetch/q_auto:low/ 162 KB
163 KB 33ms
23ms Media
video/mp4 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.taboola.com/taboola/video/fetch/q_auto:low/https%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fvideo%2F%2Fh_400%2Cc_scale%2Fv1655289863%2Fsbfcvda1gqwcij41gdnv.mp4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.44 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

51d50e35fef162329c65f20917c771ddefd3fd26d7662d2332e119d9181353f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=604800
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
date: Tue, 16 Jan 2024 22:50:33 GMT
age: 1322642
x-cache: HIT, HIT
Content-Range: bytes 0-165889/165890
server-timing: cld-akam;mitm=f;dur=208;cpu=47;start=2023-09-02T18:31:33.814Z;desc=miss,rtt;dur=0,cloudinary;dur=139;start=2023-09-02T18:31:33.850Z
Content-Length: 165890
x-backend-name: fastlyshield--shield_cache_iad_kiad7000121_IAD
x-served-by: cache-iad-kiad7000121-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 02 Jul 2023 12:39:48 GMT
server: Cloudinary
x-timer: S1705445434.818149,VS0,VE1
etag: "cebe3af2bb40eb7120e4db4f22ce1234"
vary: /video/fetch/q_auto:low/https%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fvideo%2F%2Fh_400%2Cc_scale%2Fv1655289863%2Fsbfcvda1gqwcij41gdnv.mp4
content-type: video/mp4;codecs=avc1
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 452, 0

GET
H2 200 next-up-widget.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 16 KB
5 KB 20ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/next-up-widget.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-ultrasurf/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 150f363c4a6a83920c643313c2a6969f8f289da52dffbe8cbfd51fa0b97c428f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: u3GhKROdMNPXku8.80H2HVlxdCRuYRY3
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:33 GMT
x-amz-request-id: 807M06E1X02JSC7K
age: 41062
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4672
x-amz-id-2: VvYNKPRUeRsZgl4z1tiQE/UWtV9iPaRQWliQq7Xgtl+ayCRHibaKrAKBRuuiGYn9Fy5lWCnFvQk=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:26:12 GMT
server: AmazonS3
x-timer: S1705445434.696059,VS0,VE0
etag: "7a401c22b9c0aa4a7c8839de2a859a60"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 2
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 9601

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 126 KB
23 KB 22ms
21ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a252e6979d9c0ea6ed9625aa1a7f230ff4d23309eba498bb9074118cebfadce0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 51014
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23245
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 08:40:19 GMT
expires: Wed, 15 Jan 2025 08:40:19 GMT
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame C9CC 0
0 113ms
62ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstgfulPtAR9fCqm2e-CZa9A9g5mKNxZDhUFuGBqzl423JHLJt5ncT6Dalv_tb1mtlqeLCs9aL7_oKsUrAONypSMsWiQ9ejIPmrNEFwjW56zOJ4IhfvTO41sbMXRp34yJDX49IaEEFQS2vJVUK3l5PXOMu06tNd4TXZmlpUAI9DxFrTeDcNy3VfNgDg6VKExRZgmiAIv--c5r2BjWXSZ7aRsJgFwk8iLQ9VoBGojlTswXJ5eUJZOP0eafPEPKX6cQQzmTpntpjVsPJH6VNUC1J-D6Zk5ZI2xXHk54E7YVBpPZQNAuHVWyX9JT3tAz14EDSJiyjEyUTghaVRj1uSUn6Ud14pQ7TBUSkBTZR6RXy39VIiJUnlK_L3qwpxgjEubN4NdHz98itC3NQBe-5zqzJdlwJq1afDuAZlRHDTgJo-C1KEWIkCc2YDmCHr7aUAg35fSRuTQFD3OqkuLm8NYq0c_6f0KAEqeEZZ4li6arZlFpkg-NCTBWsqX-tIDPwfhpQ8FSU2gmNMt6lF8gMlsLfRSvMN3LkBZP6ivrLVyh9e0O0lC9GOoVbWIMrbm9CP6wPLTb7GcCXBkJPyaI4qH8g9WFpjTeFvNqyH_fmRLahNFMihpL46o6q_9CAHYSa7Ltr_Mhf-3yL94Bf6gVewTozgVEomnTWAheZwMBcoRm5WUb-827C9fM59zXw81jQcjJbRUFcDXq7FWXbVadV_IiyfkXSjuiRL5GDjJyNgBb6LdidzTqdZbh9ND3tmSWUYH67TVA3geX5WDSOfrAZuIRh3nIMJa64qSj29ugV4GzYsHVh_u7cBoxAsGmYhr4uhMkk9I69hOADp7TukxAOzLjSxQg_OwAKilFqoCBsRl32E3k6dML_MnqyEeB4VCTSpqRm8FsdO4XZVEjhG2ntdMaa37oueuomHF_9FAmPqIAV9GpblGtALeuZcS4-lmyE-4X1QKRxXJxCnu0bD2zDhAG_nv5UqJaiXIMHZQ5nu7HeZEeNOxnqfwh62VlJs1_7EcnDVShYMubpLATm02YtHSmCTN2czJN0JvCBxoAECuS8fdw0jCToNS_TR1xOc-Eas2lac403zlLeFo7S27ftI903vqBD2GGRhExldR06Rw5GDB6VEKYKPdkhaGK02h4yEMTrGfypV4ZX15oER13M2ntJCZypeB099KBm9I750sOB0v8ouBdzVD9vqL7PxcYxAkG1U_vSIbUDepeERaZUfogyvJdBoIbgtmJeq8E_S2XlaDHg1_Jt-MbmdDGxz-mRolgMnK7wO2hyTPgm1X-TjNxo_hbo_qbCX1hGNhBj4u9xG-0ok_T0VS3ckg0k0_WgmRE2G5JHpxobHs77iJQvXvkmr2s_K_6kJCgXBrQyeDaeLh6jqIq9sTLx4ys1wRs2EUNdPoMzu6_lTmfriB4DdsFiLsOagJybyNfuUTvMIWouZ59N7JhSb-tXj78bFPdn6hAiG83ywTyS_meSATitwVJVwILLfJXr3Azmo1&sai=AMfl-YTw7jSIUpyXXchk612R_RQsgq7zwUtT2OYRlDSK7SFPehBeROvAtjdRy1HDcDbmQhBezGMl8rm8YUrq7Tk9UXLC3Ud6Yz1lu3b6h4oKTOXOydjaiyyKTH50-u_YcNDC8q6bR31wDYlBRLsx5Wm7-_Z3v6fY_vfZlthfINcyqoDf-GCRCmW1icTV4LqG_f0-IO0741abEEgyMSnNHJgcoRUqLXvO8cxvDcLaCpIhj5v_LBykJpt8GLC1V5m4Ohx3F8oT5qV93cuGBf2IQBB67b2UmeUIiDl9nZzYq80Dm6_o1fOTuDa5lwqSD5VNnskJZb_HOADnh8zOJMT-ScgMrq8ffXneSnpGcfisIEk_Z2SIVl2h2zicd5Jxz47qUAxuZw5pdgOxr4mi2ipdvPpNNOGPfXEds_8vOUh14oYxG3Gm0QUjxzR6EzrJzLzM2mSLdiOlz7ftOFou0zxM1KBIW7XVsFe9aXq36o_XsdEtndqRQh0p8rBclkAD6D9KlPE9SY6w_MQCDYwA&sig=Cg0ArKJSzJT5Y_LVMQE6EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zY2h3YWViaXNjaC1oYWxsLmRl&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=138&cbvp=1&cstd=136&cisv=r20240111.94224&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame B8E2 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H2 204 supply-feature
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/ 0
230 B 28ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/supply-feature?route=AM:AM:V&tvi48=14791&lti=deflated&ri=61b005ca044d13965c76eda20399cfb2&sd=v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=-1709852854480885386&pt=home&vi=1705445433110&d=%7B%22event_type%22%3A%22distance_from_article%22%2C%22event_state%22%3A%22reported%22%2C%22event_value%22%3A%22296.96875%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=23%3A50%3A33.699&id=240&llvl=2&cv=20240116-10-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 main_00008.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 21ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00008.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3e7ef45e2bd7b402fb8e5b1e3fc9e87a9f647ae661caf403c1d2d31eb70de2ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:33 GMT
x-age-lb: 397902
x-77-cache: HIT
x-accel-date: 1705047531
content-length: 2597
x-77-nzt: EgwBnJIhiwH3ThIGAAwB1GY4EQH3jwMAAA
x-accel-expires: @1706083420
x-77-age: 398813
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3908a765a735ed2a
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012312191621000/ Frame BB44 196 KB
56 KB 142ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5ef37381138e5c82aba1b09a5e9cb76a193c998e80f09e9ec9cdb8c0eac8e17

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 13 Jan 2024 07:19:18 GMT
age: 315075
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56099
x-xss-protection: 0
server: sffe
etag: "b4f73150f1481343"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 12 Jan 2025 07:19:18 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame BB44 15 KB
5 KB 114ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

291ad59350731069a43cb924ae03eba4174c9157dbb1434679298877141e1fbb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jan 2024 16:30:29 GMT
age: 22804
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5228
x-xss-protection: 0
server: sffe
etag: "1615cf8c9658662f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 15 Jan 2025 16:30:29 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame BB44 95 KB
28 KB 116ms
60ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c57e30f3e3440754bfd9c14304db0781d0d1226d5a3b093a4ed015f5007d5c62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jan 2024 19:33:26 GMT
age: 11827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29030
x-xss-protection: 0
server: sffe
etag: "4993b3249a87fa76"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 15 Jan 2025 19:33:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame BB44 5 KB
2 KB 122ms
69ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca848bb459064d2d0a527bd0840ec4cbdea5545ab07b8dc7ebb61c8d0cb1a954

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 13 Jan 2024 04:38:02 GMT
age: 324751
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1930
x-xss-protection: 0
server: sffe
etag: "09131eec19261354"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 12 Jan 2025 04:38:02 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012312191621000/v0/ Frame BB44 40 KB
13 KB 116ms
70ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012312191621000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

febaf4a1ace567d9e1c2a64b9721eaa47cb418db39c8869b38ecd480bdfde322

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 12 Jan 2024 22:03:06 GMT
age: 348447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12961
x-xss-protection: 0
server: sffe
etag: "b1091b2fa725aeb2"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 11 Jan 2025 22:03:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BB44 4 KB
1 KB 151ms
31ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 21:47:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H3 200 container.html Show response
36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A70B 6 KB
3 KB 28ms
27ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Wed, 15 Jan 2025 22:50:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BB44 2 KB
2 KB 27ms
27ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 11:48:31 GMT
x-content-type-options: nosniff
server: cafe
age: 39722
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 17 Jan 2024 11:48:31 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BB44 295 B
319 B 26ms
26ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 07:11:20 GMT
x-content-type-options: nosniff
server: cafe
age: 56353
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 17 Jan 2024 07:11:20 GMT

GET
H3 200 container.html Show response
36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 24E1 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Wed, 15 Jan 2025 22:50:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 56BA 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401100101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Wed, 15 Jan 2025 22:50:33 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 9CAA 32 KB
11 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 23:49:09 GMT

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.773&type=usage&msg=New_CTA-event-1705445433773&llvl=2&id=1502&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~-1965243323693857025~~HUnpqXtCJW2C%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 26720

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 29ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A33.773&type=usage&msg=New_CTA-event-1705445433773&llvl=2&id=8764&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22filter-next_up%22%2C%22itemId%22%3A%22~~V1~~-1965243323693857025~~HUnpqXtCJW2C%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 26720

GET
H3 200 7904001187760510839
tpc.googlesyndication.com/simgad/ Frame BB44 27 KB
27 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7904001187760510839?w=600&h=314&tw=1&q=75

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b7f86d2445e61c082c1307d400456e75e89ff7469ce1ec10500453ff4f2282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 11:42:26 GMT
date: Sat, 13 Jan 2024 11:42:26 GMT
x-content-type-options: nosniff
age: 299287
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27666
x-xss-protection: 0
last-modified: Sat, 01 Aug 2020 11:42:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 15334278864553842226
tpc.googlesyndication.com/simgad/ Frame BB44 7 KB
7 KB 30ms
30ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15334278864553842226?w=100&h=100&tw=1&q=75

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b55cad9ed4bc5fa17dce35251b15c2864dbda83b148d3eb8c2a2afaf71be47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 09:01:08 GMT
date: Tue, 16 Jan 2024 09:01:08 GMT
x-content-type-options: nosniff
age: 49765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7134
x-xss-protection: 0
last-modified: Sat, 01 Aug 2020 11:26:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame BB44 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cb1a1d782b8e747b08665c378a8a54bdadc078290e24dcd878216f5bbf28858

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 9ef4660844c0d71526ea6f3bcf1c7190.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 8 KB
9 KB 29ms
29ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e726f11d86820c2dd7671822e14a1dbebb1a2074cdfa2b7c949c49803dcf0e95

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
age: 601938
edge-cache-tag: 367722470797545855738463288781679575637,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
cache-tag: 367722470797545855738463288781679575637,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 327
req-referer: https://www.vozpopuli.com/economia_y_finanzas/macroeconomia/espana-acabara-legislatura-mas-brecha-renta-per-capita-ue-2019.html
content-length: 8696
x-request-id: a66df72463ebdba69db9539e2d08d8c7
x-served-by: cache-iad-kiad7000034-IAD, cache-iad-kjyo7100169-IAD, cache-lax-kwhp1940115-LAX, cache-iad-kiad7000164-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 08 Jan 2024 15:57:25 GMT
server: nginx
surrogate-reporting: width=160,height=160,bytes=15648,owidth=1067,oheight=600,obytes=228486,ef=(1,13,17,23,30)
x-timer: S1705445434.821656,VS0,VE0
etag: "06c7fe588ade0bc1b143f1851df3f8a6"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c426fcce7a59ac1567dd6cab45c40c4d0837edcde561346b6b1869bfb9fbcdd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
age: 602664
edge-cache-tag: 367722470797545855738463288781679575637,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 367722470797545855738463288781679575637,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 551
req-referer: https://www.ynet.co.il/
content-length: 18790
x-request-id: df3b11a8d31407ae2d49ebb415e38f5d
x-served-by: cache-iad-kjyo7100084-IAD, cache-iad-kjyo7100087-IAD, cache-lax-kwhp1940090-LAX, cache-iad-kjyo7100137-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 08 Jan 2024 15:57:25 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=36834,owidth=1067,oheight=600,obytes=228486,ef=(1,13,17,23,30)
x-timer: S1705445434.814780,VS0,VE0
etag: "c1eeeb5caa4670db558aa2711f39bb00"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 2, 9

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/604f64db35ad7d8e32fc4a7cffa729ec.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f9002aaa6bb534761e09a262e44a64f34ace9135535eab711319ca14e1ff6973

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/604f64db35ad7d8e32fc4a7cffa729ec.jpg
age: 2157942
edge-cache-tag: 380932827776598572844696039841441315722,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 380932827776598572844696039841441315722,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 253
expiration: expiry-date="Sat, 16 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://hsv24.mopo.de/
content-length: 11022
x-served-by: cache-iad-kiad7000042-IAD, cache-iad-kiad7000067-IAD, cache-sna10731-LGB, cache-iad-kiad7000155-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 16 Aug 2023 01:27:53 GMT
server: nginx
surrogate-reporting: width=360,height=200,owidth=1250,oheight=702,obytes=143120
x-timer: S1705445434.814748,VS0,VE0
etag: "36f3abd020f660909f414fbde2ba4304"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 41, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab7ec63b5e45273e9d0685b92e871cac.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c1fd178704274f44bbf9ae308e617a1759fe6c4dbd862be4fccc278d05a5a314

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab7ec63b5e45273e9d0685b92e871cac.jpg
age: 3481256
edge-cache-tag: 491672595259720921679951174822222721209,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 491672595259720921679951174822222721209,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, MISS, MISS, HIT
x-envoy-upstream-service-time: 165
req-referer: https://www.autozeitung.de/
content-length: 6888
x-request-id: e2bb5ac3854659f89ba1750a5d792ea6
x-served-by: cache-iad-kiad7000033-IAD, cache-iad-kcgs7200166-IAD, cache-lga21929-LGA, cache-iad-kiad7000085-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 16 Nov 2023 12:22:53 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=16187,owidth=1067,oheight=600,obytes=60107
x-timer: S1705445434.838216,VS0,VE0
etag: "7e546c92488a5704edf3def7caa1a952"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 0, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/221655ce032044f5ae2f7f6de9ec5bdb.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 147c7a6312303aec7481f9f54ba329f3edf77754f3b1a38a9bd277f8a88ca89d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/221655ce032044f5ae2f7f6de9ec5bdb.jpg
age: 813594
edge-cache-tag: 494366385138543953060662240160626996212,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 494366385138543953060662240160626996212,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 114
expiration: expiry-date="Sun, 24 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://vnexpress.net/
content-length: 12150
x-served-by: cache-iad-kiad7000080-IAD, cache-iad-kiad7000174-IAD, cache-iad-kcgs7200031-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 24 Aug 2023 21:09:33 GMT
server: nginx
surrogate-reporting: width=360,height=200,owidth=1200,oheight=675,obytes=381043
x-timer: S1705445434.850611,VS0,VE0
etag: "aea4926f12c095671f8f2eaf672d3e00"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 29, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/334cb3dd96fe00f71626cdd3fbc5e6a0.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e0a3f45317ab3f3de302667a12739c6d68b6524002ef471d943e87596328c6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/334cb3dd96fe00f71626cdd3fbc5e6a0.jpg
age: 4449398
edge-cache-tag: 390135444443759611241965298133296758900,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 390135444443759611241965298133296758900,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, HIT, MISS, HIT
x-envoy-upstream-service-time: 170
req-referer: https://www.heizsparer.de/heizung/warmwasseraufbereitung/durchlauferhitzer
content-length: 29190
x-request-id: 76123160d5ab08ca84043fa88ff86f8c
x-served-by: cache-iad-kjyo7100109-IAD, cache-iad-kjyo7100044-IAD, cache-iad-kjyo7100040-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 01 Sep 2023 00:45:15 GMT
server: nginx
x-timer: S1705445434.850656,VS0,VE0
etag: "63775d711fbd1209c75def4b63beb2fd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631df4c75b4f02dc29d72a916064592e.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f621f61617e2773f4d17084367e220df078b203bfab308c11808d005c4d2810b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/631df4c75b4f02dc29d72a916064592e.png
age: 2510889
edge-cache-tag: 533785047141029851524565568207219022138,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 533785047141029851524565568207219022138,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 41
expiration: expiry-date="Thu, 21 Dec 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://lemagsportauto.ouest-france.fr/exploit-de-gasly-podium-en-belgique-deja-un-electro-choc-chez-alpine-f1/79780/
content-length: 13184
x-served-by: cache-iad-kcgs7200108-IAD, cache-iad-kcgs7200067-IAD, cache-lax-kwhp1940035-LAX, cache-iad-kiad7000109-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 20 Nov 2023 06:58:59 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=16884,owidth=1200,oheight=800,obytes=488780
x-timer: S1705445434.859327,VS0,VE0
etag: "62dadeb78469fd10ef4b843de10cb292"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 1, 187, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c169e09da8dffac4916b00c0fee587e5.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ec245a0c0bff86ad50722921bd78ac3bd49ab8bf75cb8dbff4a012e36448f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c169e09da8dffac4916b00c0fee587e5.jpg
age: 3582265
edge-cache-tag: 310165035180675793021928839638344283296,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 310165035180675793021928839638344283296,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 181
expiration: expiry-date="Fri, 22 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.dailyrecord.co.uk/news/scottish-news/binmen-refuse-enter-glasgow-street-30864043
content-length: 14514
x-served-by: cache-iad-kjyo7100076-IAD, cache-iad-kiad7000082-IAD, cache-iad-kcgs7200045-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 22 Aug 2023 07:30:52 GMT
server: nginx
x-timer: S1705445434.873002,VS0,VE0
etag: "d0a55e3721f4469b4ad21ffbb8476d57"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 76, 5

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/01333441-49f1-4d36-b01a-6589fa45f00b__yf9ilj04.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7492a43f0aeb26c7740bfa1c284011b183ddc83b4d4ce07cdc93cebfc357f8c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/01333441-49f1-4d36-b01a-6589fa45f00b__yf9ilj04.jpg
age: 3395564
edge-cache-tag: 427860200276258725763742677764774220840,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 427860200276258725763742677764774220840,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 487
req-referer: https://www.t-online.de/
content-length: 22986
x-request-id: dd539460a6134478634edce819043f75
x-served-by: cache-iad-kiad7000129-IAD, cache-iad-kcgs7200078-IAD, cache-lax-kwhp1940026-LAX, cache-iad-kjyo7100042-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 08 Dec 2023 08:44:41 GMT
server: nginx
surrogate-reporting: width=360,height=300,bytes=33777,owidth=2000,oheight=2000,obytes=350462
x-timer: S1705445434.873161,VS0,VE0
etag: "82183d7bd5369cbb8f2cd618b1228ae9"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 50, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/04968aa5892e4e408f1de94e886fb00d.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: bf352f346efc41f1e0e69355115e19cf269d6855e586dc4727dea04c2034499c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/04968aa5892e4e408f1de94e886fb00d.jpg
age: 2670488
edge-cache-tag: 586329929833731548038996226118185389125,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 586329929833731548038996226118185389125,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 465
req-referer: https://www.t-online.de/
content-length: 16108
x-request-id: 0bba102c2be112da3f9af2ec7de05df8
x-served-by: cache-iad-kcgs7200159-IAD, cache-iad-kcgs7200109-IAD, cache-lax10660-LGB, cache-iad-kiad7000137-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 29 Sep 2023 09:39:33 GMT
server: nginx
surrogate-reporting: width=360,height=300,bytes=23588,owidth=1600,oheight=900,obytes=1028771
x-timer: S1705445434.884794,VS0,VE0
etag: "6f5b340d6c997871000cd981565c63e4"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.2%2Cw_1376%2Cx_332%2Cy_127/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eec2cf551bca54e8e01777ade85f4244.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9a77b3dff91c6d3da502d97c1c8c9ade20baea4a343240537ad8bf65ef4b0c3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.2%2Cw_1376%2Cx_332%2Cy_127/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eec2cf551bca54e8e01777ade85f4244.jpg
age: 2330338
edge-cache-tag: 569902423933287221938148904032916081426,423893678703345693035471660519887363262,29ecf9b93bbf306179626feeda1fab70
cache-tag: 569902423933287221938148904032916081426,423893678703345693035471660519887363262,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 1434
req-referer: https://ads.taboola.com/campaigns/creative/duplicate/ditogamesag-navyquest-sc/29858833/3853655050?locale=en&accountId=1544312&campaignId=29858833&dimension=SPONSORED&reportId=creative&datePreset=THIS_MONTH&filters_active=true&reportViewName=All&sorting=%5B%7B%22sort%22%3A%22desc%22%2C%22colId%22%3A%22creative_spent%22%7D%5D&filters=%5B%7B%22type%22%3A%22campaignItemStatus%22%2C%22values%22%3A%5B%7B%22label%22%3A%22Recent%22%2C%22value%22%3A%22RECENT%22%2C%22messageId%22%3A%22app.campaigns.creative.status.RECENT%22%7D%5D%7D%5D&page=1&autoFiltersTrigger=%257B%2522reportId%2522%253A%2522creative%2522%252C%2522accountName%2522%253A%2522ditogamesag-network%2522%257D&initialCreativeType=IMAGE&taboola-debug=-1&tbl_creative_preview=%5B%7B%22title%22%3A%22Play%20this%20game%20for%201%20minute%20and%20see%20why%20everyone%20is%20addicted%22%2C%22description%22%3A%22Play%20for%20free.%20No%20Installation.%C2%A0This%20game%20will%20keep%20you%20up%20all%20night.%22%2C%22thumbnail%22%3A%22http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Feec2cf551bca54e8e01777ade85f4244.jpg%22%2C%22itemType%22%3A%22is-syndicated%22%2C%22branding-text%22%3A%22Navy%20Quest%20Game%22%2C%22additional-properties%22%3A%7B%22hideMe%22%3Afalse%2C%22placementUrl%22%3A%22%22%2C%22type%22%3A%22video%22%2C%22cta-text%22%3A%22%22%2C%22cropping%22%3A%22%7B%5C%22crop%5C%22%3A%5B%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A4%2C%5C%22h%5C%22%3A3%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A263%2C%5C%22y%5C%22%3A119%2C%5C%22w%5C%22%3A1529%2C%5C%22h%5C%22%3A1147%7D%7D%2C%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A6%2C%5C%22h%5C%22%3A5%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A332%2C%5C%22y%5C%22%3A127%2C%5C%22w%5C%22%3A1376%2C%5C%22h%5C%22%3A1147%7D%7D%2C%7B%5C%22ratio%5C%22%3A%7B%5C%22w%5C%22%3A2%2C%5C%22h%5C%22%3A1%7D%2C%5C%22area%5C%22%3A%7B%5C%22x%5C%22%3A0%2C%5C%22y%5C%22%3A190%2C%5C%22w%5C%22%3A2040%2C%5C%22h%5C%22%3A1020%7D%7D%5D%7D%22%7D%7D%5D&tbl_should_override_all_slots=true&tbl_should_repeat_override_items=true&cm_multiUnitManager.isActive=false
content-length: 317800
x-request-id: 9546332b618683b5f3d8806b374dfd5b
x-served-by: cache-iad-kjyo7100071-IAD, cache-iad-kjyo7100026-IAD, cache-lga21959-LGA, cache-iad-kiad7000045-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 09 Nov 2023 14:27:58 GMT
server: nginx
surrogate-reporting: width=1376,height=1147,bytes=565875,owidth=2040,oheight=1400,obytes=428760
x-timer: S1705445434.894987,VS0,VE0
etag: "7c3c7fd19878a4a04ac8f6dcbf0702ac"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e726f11d86820c2dd7671822e14a1dbebb1a2074cdfa2b7c949c49803dcf0e95

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:33 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ef4660844c0d71526ea6f3bcf1c7190.jpg
age: 601938
edge-cache-tag: 367722470797545855738463288781679575637,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
cache-tag: 367722470797545855738463288781679575637,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 327
req-referer: https://www.vozpopuli.com/economia_y_finanzas/macroeconomia/espana-acabara-legislatura-mas-brecha-renta-per-capita-ue-2019.html
content-length: 8696
x-request-id: a66df72463ebdba69db9539e2d08d8c7
x-served-by: cache-iad-kiad7000034-IAD, cache-iad-kjyo7100169-IAD, cache-lax-kwhp1940115-LAX, cache-iad-kiad7000164-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 08 Jan 2024 15:57:25 GMT
server: nginx
surrogate-reporting: width=160,height=160,bytes=15648,owidth=1067,oheight=600,obytes=228486,ef=(1,13,17,23,30)
x-timer: S1705445434.862184,VS0,VE0
etag: "06c7fe588ade0bc1b143f1851df3f8a6"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 27

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F7F5 624 B
368 B 63ms
61ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQx7C0wQQYg8qA-gEwAQ&v=APEucNX_eYIb1dSblb1KsrTmLamGJxjzYShLa8Pj2dX6k7-zKJmBKMNrVsag0h59hCR_jEKWl_i_eqbVzDMh8IkW_lK_LKRK1htYrBGzOMnamr-aOx8K9Qp0Nk6VhiJpX257teUK7MpGR19NNNoABzdpd-8AdMhmMWK7YbsLhQSBVGFZ8kryjzMpOLAxQN5v6w8huJv5XfyCtffvhMKqqnz_QcHpe81F3A

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Tue, 16 Jan 2024 22:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A70B 89 KB
31 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A70B 42 B
63 B 54ms
53ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AIdjwEE1p9tjWDishiuy8BeKP1M1A93a-9rEsa5YWHZG3ma4uafh-q9SAPC0NrvgH3lGI-B69JtzyeTJa_kkJ1bkwV2_HamyWeyV9vFBEGku3HEe8

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame A70B 3 KB
4 KB 127ms
36ms Script
text/javascript 37.157.5.132
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=68651521;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=20563363907&extPm=20563363907&extCr=524297475&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CqJMWOQinZfLXC7iH7_UP7rKWqA2Vlrftc67trp72EfvV9P0IEAEguoTAM2CVgoCAsAegAYbHmLcpyAEJqQJE4XrXqjqyPqgDAcgDmwSqBK8CT9BPNoWdGp46EZT45A-Kq5eaFo2tQd4q-zvA72G77U216I1Y5HlWC297O30TAQlZVBDTka-Njt0CTrgpAEGpr60LzERiiS5I6WdcyvQsbb_1ObRRRYkxj4K25h7s3aLBkY-NmZA77gGabEA9Ll50fLfyvriTwWo5_zOA9-fdo5iWWwiKoMKvlPwNziOm3tDe2qMfzXaSpIGZUfJkJn_XyULjVrK64MWb0bQCSWN7kv7OO6FagwnfVvlc89UFpLmOcTnl6cLiP2c_a04pbTwxp-LYFGBI_ZY2slhtpOsem6R8jqxNMHhB2JIAEO-CYSurRqMkk5K7msxEVAmf3CwxWYr4UvHyZCPj8YSuz5d8mBpmxiIdrGqM4LnSqte3BaUoXT01FWxAEx2ZY9LYVKdywAS6mvXlugTgBAOIBcOQsM1MkAYBoAZNgAeG_-iWBKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WLzv6Kn_4oMDgAoDmAsByAsBgAwBqg0CREXiDRMItaXpqf_igwMVuMO7CB1umQXVsBPwvZQW2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&sig=AOD64_3hAeEVPGXxdM-Kv0zHuo1uL25XJA&client=ca-pub-8933329999391104&dbm_c=AKAmf-Cy3htbXSBwOwa-1YZ8Y-XIjan42tVyMLE_SIrAWFNZo5Tj6U-fstter_VQnsaCWHVYgI9hx6oVIOrvVuuWVVPXNc0O_jeLOeDtBZrtBQSLOevtrBoQLDzKsvjoKyz58ZYzpNlNrpyf3CzPYvxVqVbTNcBZlamEMYUtJlM_sOriIlEv6_A&cry=1&dbm_d=AKAmf-AkMEX3FfW725xH94XzziHssC0Tw3C301fBsRHy52NAy_V01B3yjC1CE8Ok3u10K0A719xvKcaMuIG6Xy7FK3OKlW-nue-5LPzl64NUhxqSmo0AoMKpLSoTaWKZ2uA1xvBIit5-PKVA_DyzCc27aCqotWjeyGglBoeWt9RKNhuOh9PSHRaCu1NCb4DfMDRd3n5ndlNaUIgxidAb0QjosvVcG4q2qe38Whxhydg3IWzkhOFwk4LbUzgr-wooZdLXVeYrIsOFYHj7n2u5qyQS7jVFB7Qbbrjq8knz3d8Ruk2NAeYrs7tlBuaY78w33ZMTJmGKZuz-8hz4ab3LEDk6b---cRcP54QB1RUcB6HIBcUeolgnoohDu1LSQN1qnz0abCy0s3uHXON8NFmM6NyN4ihlAZNG5r13mlOch0Je1U1ton6CKay423wXK1EfNmp8UATR0aXcStJl8isNNVHnMkcXTc_SdGflm7F-wP8GGG4ot_5fXU2n4t3k4CJ0kvp1ipElfMS1oY4OK8MEp5_-GnT0sjN-v4FFDUKH36zDMSNBo1cnKRv0NWRU47zAcXhh1NWf5HyR&adurl=

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.132 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

99d0eb5c20ac169666b38dabd24cb95f70d30baa6ddd92ed5f8cd4ea1b33678b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3029
expires: -1

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame A70B 43 B
1 KB 114ms
35ms Script
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=20563363907&extPm=20563363907&extCr=524297475&rnd=1705445433191474

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

6b3da89922d333d106b84fefeebd7b16bfebf4cfbd7bef37fa10a47c471ae64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Tue, 16 Jan 2024 22:50:33 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Di, 16 Jan 2024 10:50:33 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1756
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame A70B 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/window_focus_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 20:34:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame A70B 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:17:25 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame A70B 205 KB
65 KB 200ms
199ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H3 404 null
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 43 B
65 B 189ms
189ms Image
image/gif 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/null

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Tue, 16 Jan 2024 22:50:34 GMT
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
allow-fenced-frame-automatic-beacons: true

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C404 624 B
368 B 60ms
60ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNVeQ1eNlBtIBGJ_5uOPmMuiuG3GcJmgX8Q-3-fU7sqh8R1g5f1LfRpE7WhzMe-Tene7qnE9JRDTgqy1AwfVEk0SF7RcBZiEKOpuHoy0eXyTjhTQY3URae1yvoEbpkhq3qdzTapECXUekBWH7u9UbLarXK66JEVYdx_9jbV4gJnRy_xDxjL9fEFgFQgPkLjRU545VUhgnu0ItHoC4acP5kyLCuZBIQ

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Tue, 16 Jan 2024 22:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 24E1 172 KB
60 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Origin: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82889
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/ Frame 24E1 7 KB
3 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 01:53:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 01:53:42 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/ Frame 24E1 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/abg_lite_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:32:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11897
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:32:16 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 24E1 41 KB
14 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355365
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame 24E1 3 KB
1 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/window_focus_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 20:34:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame 24E1 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:17:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24E1 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CCLXJhyx8eNiltFni2zWuPTi8N9BQT8HKa2yzRiW7yiAPx8FEwvI9GoQWp0vLKgi_yttK6chDfxxmtTUxKzNjDKIoN4aZ2NcvhzXZGItkhRhUTRcE

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 24E1 205 KB
65 KB 117ms
116ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4079 624 B
245 B 58ms
57ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNXlZCvKGzfpMClWH7hDw73H7xSGnEBAWO1QBL0eSvrq7iaMjhIyBCGq2vicS8SflI1QzGdBXEpAG1rWfueHLwRGPebmxzQhGthsUOSVoCM8I50kNuDvwSgAJrV4TNWdwYrSKawrdJivjQsU13V6J2jWB63bwlLl7LomoOB_Y5l3NjZRIhyXoUZkHnufuEqVV3M87dISNuwRyOKsHizA_x_UIrhSPg

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:33 GMT
expires: Tue, 16 Jan 2024 22:50:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 56BA 172 KB
60 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Origin: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82889
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/ Frame 56BA 7 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 01:53:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 01:53:42 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/ Frame 56BA 23 KB
9 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/abg_lite_fy2021.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:32:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11897
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:32:16 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 56BA 41 KB
14 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355365
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame 56BA 3 KB
1 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/window_focus_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 20:34:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/ Frame 56BA 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240111/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 19:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 19:17:25 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 56BA 42 B
63 B 56ms
54ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Djp4v6KpBTqsCLvaxGtJBpyMCDJVtp3_2Dn-GY_oU7twdDhqz9MpJ58b3QasMqzpA20caeRJkg1I4hbLMmJRTl8sIJEJIDdBJ2lXRPseAnhGSQCrc

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56BA 205 KB
65 KB 135ms
134ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66227
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704891455226136"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB44 16 KB
16 KB 76ms
25ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 09:10:14 GMT
x-content-type-options: nosniff
age: 49219
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jan 2025 09:10:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB44 15 KB
16 KB 70ms
20ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 17:28:03 GMT
x-content-type-options: nosniff
age: 105750
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Jan 2025 17:28:03 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F7F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
735 B

52ms
51ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQx7C0wQQYg8qA-gEwAQ&v=APEucNX_eYIb1dSblb1KsrTmLamGJxjzYShLa8Pj2dX6k7-zKJmBKMNrVsag0h59hCR_jEKWl_i_eqbVzDMh8IkW_lK_LKRK1htYrBGzOMnamr-aOx8K9Qp0Nk6VhiJpX257teUK7MpGR19NNNoABzdpd-8AdMhmMWK7YbsLhQSBVGFZ8kryjzMpOLAxQN5v6w8huJv5XfyCtffvhMKqqnz_QcHpe81F3A
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owzUCrTXNHKdHjHU%2BOhZAHMnCLLPrV46wgMjO%2ByQJ49ax1dgNECirYBB0MQGI2LLAaepTnyNHGgQFjVh8PcIoNSzWg04AYTQtnewAyLOXrAtgHg%2Bx51Cgc4uKDJPXX%2BZZiUIWYR3m1JvoA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0a7ff8266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F7F5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
734 B

53ms
52ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQx7C0wQQYg8qA-gEwAQ&v=APEucNX_eYIb1dSblb1KsrTmLamGJxjzYShLa8Pj2dX6k7-zKJmBKMNrVsag0h59hCR_jEKWl_i_eqbVzDMh8IkW_lK_LKRK1htYrBGzOMnamr-aOx8K9Qp0Nk6VhiJpX257teUK7MpGR19NNNoABzdpd-8AdMhmMWK7YbsLhQSBVGFZ8kryjzMpOLAxQN5v6w8huJv5XfyCtffvhMKqqnz_QcHpe81F3A
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BvC2Tj7Uta8K01aVv%2Bofu6IWq87ssXl8XXtm2CuAUbGYp%2BZ9XQ5h0fLjyTHF0FovqvF2E%2BVkuS04KAEUjX5MWY%2FJA8sh6S47t00mb23qkPRfreTpvHAmt1VmrlZR3YzSqdcIZMDp53Kx3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0ad87b266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F7F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

43 B
1011 B

33ms
33ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQx7C0wQQYg8qA-gEwAQ&v=APEucNX_eYIb1dSblb1KsrTmLamGJxjzYShLa8Pj2dX6k7-zKJmBKMNrVsag0h59hCR_jEKWl_i_eqbVzDMh8IkW_lK_LKRK1htYrBGzOMnamr-aOx8K9Qp0Nk6VhiJpX257teUK7MpGR19NNNoABzdpd-8AdMhmMWK7YbsLhQSBVGFZ8kryjzMpOLAxQN5v6w8huJv5XfyCtffvhMKqqnz_QcHpe81F3A

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: 7d96cab3-3247-46e1-821e-6c021ee5293a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F7F5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: 50c8479e-d813-439b-ad5e-174bcb91a3e3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 _0000_bsh-logo.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 2 KB
2 KB 21ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000_bsh-logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5be51a67acabdbde95cf4929031ebf7c071358a56c465c626c1b8053a79ea7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51007
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2092
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0000s_0000_fuchs.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 37 KB
37 KB 27ms
26ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000s_0000_fuchs.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e9db21f3937eef9299b90bfe799d8874869affeb8c9fccbad7fb2f56b1b64fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37475
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0000s_0001_jetzt-sichern.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 1022 B
1 KB 38ms
37ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0000s_0001_jetzt-sichern.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf461dd3069046a73726a2db69d26ba1d39fa0804e207a92bb0635fa4341da92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1022
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0000s_0000_pfeil.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 447 B
475 B 39ms
38ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0000s_0000_pfeil.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

526e28126d245c325f4616348304baae91c5ff41084e34d8367b22fd2415668b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 18:06:21 GMT
date: Tue, 16 Jan 2024 18:06:21 GMT
x-content-type-options: nosniff
age: 17053
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 447
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0000s_0002_roter-balken.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 251 B
279 B 36ms
35ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0000s_0002_roter-balken.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49f75eb91a94ab0b271b604c66904b856fea265442c0eb68423ba7ba6088740c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 20:27:37 GMT
date: Tue, 16 Jan 2024 20:27:37 GMT
x-content-type-options: nosniff
age: 8577
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0002_headline2.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 5 KB
5 KB 24ms
23ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0002_headline2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d32b85697d2a1d21860a855d0a9bdf3aeddfd5fe39000ca12cfaa4539cf3311

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4627
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0001_zinsvorteil.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 6 KB
6 KB 49ms
48ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0001_zinsvorteil.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b1cba1e286f53d6cb248988afd025754de401e28af971ef20d34f0f4ecbce80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5915
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0000_fussnote.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 3 KB
4 KB 51ms
51ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0000_fussnote.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

313864d8b59cae58f81aa5d2aa30eaffab90576200da5e1c8c32428c2d2d5c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3572
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0001s_0004_grau2.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 716 B
744 B 49ms
48ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0001s_0004_grau2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b555ba4a6687747c117903d3e01ef59af7bf1f484111550c949c250fde48ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 716
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0000s_0004_bg.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 131 B
159 B 46ms
45ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000s_0004_bg.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df730e6582661cd11a990903a329825a15e825572d3ddaf1472be9caeb998cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0000s_0003_headline.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 5 KB
5 KB 48ms
47ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000s_0003_headline.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58aa4d5b632232bbd5addaba386abb47aef836c32d73458c3995365a09200164

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:10:00 GMT
date: Tue, 16 Jan 2024 15:10:00 GMT
x-content-type-options: nosniff
age: 27634
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4785
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0000s_0001_hausstoerer.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 2 KB
2 KB 39ms
38ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000s_0001_hausstoerer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdc3864d80194bc26de78834e1037981f2b1655d5591f163c75f1d7898a68615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 08:40:26 GMT
date: Tue, 16 Jan 2024 08:40:26 GMT
x-content-type-options: nosniff
age: 51008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1677
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 _0000s_0002_prozent-3d.png
s0.2mdn.net/sadbundle/8912310402203866721/ Frame 9CAA 18 KB
18 KB 40ms
39ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8912310402203866721/_0000s_0002_prozent-3d.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7075edd92871d719495ae342e056de8892186bdb6c17427cbcefd3bbe60661fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8912310402203866721/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 21:53:15 GMT
date: Tue, 16 Jan 2024 21:53:15 GMT
x-content-type-options: nosniff
age: 3439
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18321
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 14:28:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H/1.1 200
OK st Show response
imprammp.taboola.com/ Frame CBB4 439 B
630 B 51ms
30ms Document
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=undefined&cb=1705445433995&uv=3373&tms=1705445433995&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=9540d181-8f83-43b9-bdea-6ba8cc66cf2d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eeb4df351ca75ce2925ca9ddd959d51ad20444ee88c0feec245493021519657d

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 16 Jan 2024 22:50:34 GMT
Server: nginx
Vary: Accept-Encoding
Via: 1.1 varnish
X-Cache: MISS
X-Cache-Hits: 0
X-Served-By: cache-fra-etou8220045-FRA
X-Timer: S1705445434.027944,VS0,VE10
transfer-encoding: chunked

GET
H2 200 sync Show response
am-match.taboola.com/ Frame CE1C 577 B
671 B 76ms
28ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 77d3e03faf0ffbb11ad0c0592db709cb01a92ce2a2501d50466479e2ccc68931

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 16 Jan 2024 22:50:34 GMT
machineid: 3408
server: nginx

POST
H/1.1 200
OK VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 2 KB
1 KB 161ms
120ms XHR
application/json 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1705445433999&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1589&pt=1382323701&tz=60&viewable=true&ddast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=1334675&dpubid=231135&abtst=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fultrasurfing.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b490f6138d7d9c066318706709b29cbe94a091d5676fc0833e014c4e862468b6

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: text/plain

Response headers

X-Cache-Hits: 0
Date: Tue, 16 Jan 2024 22:50:34 GMT
Content-Encoding: gzip
Via: 1.1 varnish
MachineId: 1419
transfer-encoding: chunked
X-Cache: MISS
Connection: keep-alive
X-Served-By: cache-fra-eddf8230125-FRA
Pragma: no-cache
Server: nginx
X-Timer: S1705445434.050202,VS0,VE99
Vary: Accept-Encoding
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200 st
am-vid-events.taboola.com/ 0
112 B 96ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=31589837&cb=1705445433994&uv=3373&tms=1705445433994&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1705445430878.7!ts:1705445433994&mntl=1
Protocol: HTTP/1.1
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C404
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
733 B

57ms
57ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNVeQ1eNlBtIBGJ_5uOPmMuiuG3GcJmgX8Q-3-fU7sqh8R1g5f1LfRpE7WhzMe-Tene7qnE9JRDTgqy1AwfVEk0SF7RcBZiEKOpuHoy0eXyTjhTQY3URae1yvoEbpkhq3qdzTapECXUekBWH7u9UbLarXK66JEVYdx_9jbV4gJnRy_xDxjL9fEFgFQgPkLjRU545VUhgnu0ItHoC4acP5kyLCuZBIQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBMo5Jki2wbZnfGRlkb1wiD3dpEw8mSyY88HlHTf1WAgzo6HWs1GU%2B57fYWq2RoIxXqA7r1OTlRjKs1YrLjaUCTWK02O94ymTaOnSa8lLdGynFv9OG19jw4YOJkkP%2FRNKRxr6p%2FIN%2FxxAg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0ad87e266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C404
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
731 B

56ms
56ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNVeQ1eNlBtIBGJ_5uOPmMuiuG3GcJmgX8Q-3-fU7sqh8R1g5f1LfRpE7WhzMe-Tene7qnE9JRDTgqy1AwfVEk0SF7RcBZiEKOpuHoy0eXyTjhTQY3URae1yvoEbpkhq3qdzTapECXUekBWH7u9UbLarXK66JEVYdx_9jbV4gJnRy_xDxjL9fEFgFQgPkLjRU545VUhgnu0ItHoC4acP5kyLCuZBIQ
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTPEB555XNz2zFVCnuaPdXz3a%2BEyu%2BsPpDYfRG7lO3e9moIlDljJT5pY2pbrKNR6EDsOMfUXE7qe53KF0KotiFuVilprToOIHnyfsTD18K0IIiaMMZKxTQ7R0npnEn4B%2BCocG5afVrrY3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0b3930266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame C404
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

43 B
1011 B

33ms
31ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNVeQ1eNlBtIBGJ_5uOPmMuiuG3GcJmgX8Q-3-fU7sqh8R1g5f1LfRpE7WhzMe-Tene7qnE9JRDTgqy1AwfVEk0SF7RcBZiEKOpuHoy0eXyTjhTQY3URae1yvoEbpkhq3qdzTapECXUekBWH7u9UbLarXK66JEVYdx_9jbV4gJnRy_xDxjL9fEFgFQgPkLjRU545VUhgnu0ItHoC4acP5kyLCuZBIQ

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: 14a0f3e5-6bdf-4228-a655-038da4065908
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C404
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

170 B
188 B

33ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: c87f23e8-afa2-4a0f-bd25-265cedeb6b33
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 main.19.8.473.js Show response
static.adsafeprotected.com/ 214 KB
66 KB 111ms
33ms Script
application/javascript 2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.473.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433612-pl1-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68687158d2c493d42ae6dee2f15fc2c761da3abf8d92c4474e1dbc527b6930d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:05:29 GMT
x-amz-version-id: TozINgEWWkvQmqDfTCTq3yrdeWW.56xS
content-encoding: gzip
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 366306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 11 Jan 2024 21:47:36 GMT
server: AmazonS3
etag: W/"38edfb290172e1aef8532f19eb4cbbe4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: cAcAWAiNYP9EKBtgWDsm_t_s0XL6umg2gGCDkUD4Ip60ce0CGQhiOQ==

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4079
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
738 B

55ms
55ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNXlZCvKGzfpMClWH7hDw73H7xSGnEBAWO1QBL0eSvrq7iaMjhIyBCGq2vicS8SflI1QzGdBXEpAG1rWfueHLwRGPebmxzQhGthsUOSVoCM8I50kNuDvwSgAJrV4TNWdwYrSKawrdJivjQsU13V6J2jWB63bwlLl7LomoOB_Y5l3NjZRIhyXoUZkHnufuEqVV3M87dISNuwRyOKsHizA_x_UIrhSPg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qBMigH3wDj8axj5hlWQUgJMyXeZsqHEOCYo3F9eWnlwZvwX4hb%2FszzcAO1PzRoA%2FnoUxmW3Q%2FO%2F4Qct8rMqiwlilwP8jm8N%2FSX2dO%2FlQuLErRivrfRrTWNASBxjgBvA5ojkLjye%2BrBJ0dA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0b08d2266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4079
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZacIOcipzmC6pHkMEB5MbwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1

43 B
730 B

55ms
54ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNXlZCvKGzfpMClWH7hDw73H7xSGnEBAWO1QBL0eSvrq7iaMjhIyBCGq2vicS8SflI1QzGdBXEpAG1rWfueHLwRGPebmxzQhGthsUOSVoCM8I50kNuDvwSgAJrV4TNWdwYrSKawrdJivjQsU13V6J2jWB63bwlLl7LomoOB_Y5l3NjZRIhyXoUZkHnufuEqVV3M87dISNuwRyOKsHizA_x_UIrhSPg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDpVwqgoMAy0x4JuDPy4POhhZltnoegowvEBdFqAulcVZHaOoNP7oqvKy%2Fnvt8Z2iXk0LswjJJ3ptUWsgaW9qm8v2Ahr6HIpHXt9E1SKJ9jk6J5rlfPP6h%2Bql8T4blQmFw4Az20SKZxQUg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8469eb0b3927266d-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENBH-LVEaKnxKzxS15uKVzc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 4079
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

43 B
1011 B

27ms
26ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ28u5ARijme6CAjAB&v=APEucNXlZCvKGzfpMClWH7hDw73H7xSGnEBAWO1QBL0eSvrq7iaMjhIyBCGq2vicS8SflI1QzGdBXEpAG1rWfueHLwRGPebmxzQhGthsUOSVoCM8I50kNuDvwSgAJrV4TNWdwYrSKawrdJivjQsU13V6J2jWB63bwlLl7LomoOB_Y5l3NjZRIhyXoUZkHnufuEqVV3M87dISNuwRyOKsHizA_x_UIrhSPg

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: b78c4cce-e66c-4426-b269-ecfd1b46c88b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJwp7WGfKz86vOqKpr2sr1Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4079
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

170 B
188 B

32ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
an-x-request-uuid: a0d1c417-91a0-4e40-89a2-ba05fa313ce7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTAzOTIzMTI0NDQ2MTYyMzkwNw%3D%3D
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 24E1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbb8abdfa438031112d280c087de15ebf1566221bb4577facc6dcfed36853818

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame CB60 38 KB
13 KB 24ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 4 KB
2 KB 28ms
28ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0cdcfa51bf7c0951161cf2e242a6ebfda64367f3aabce61b9a3a92b68baa0b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1654
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:34 GMT
expires: Wed, 15 Jan 2025 22:50:34 GMT
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 24E1 0
0 62ms
61ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssAkP2aU_8KV09rWECvFXCguzTQ6jk5r8WjKFKF4NkWAHvAJ1u5ZgsxOMWoWS9hRT2b_p9YPX1EdnzzY1ah7ZJr1HhHbAKrQpAhXpoazecXssAur-yq8KzhUiDblqTnA1DT0_H_0s0a9YyExPUTuAKh3xfMq9-I9Na6_8gx-NGnajMMPevJP46840Yzb3h4kLbtmJB2iQtGkoiUh9O5z8FawVWHb0htTvBixDWlOgvQivB8B5HjDS6_EMciwlfd-biERryI2Guz08KZmHoSR6l8rr_I3c-C8xL5mgfMBbXUNlZKDmRJqp8R8hnskOiCeVzmmKyd8yiAhtCfMbkKjwHt1n7fmTiRlzen7pGH1qmPPjfkxIxe--jSWs0fPWpNnF-ZR90wb1390hurwj05sq1uzpE6qxVhm5ZG4X1Idb0m-Z1j4ZOIQbPe5fw_wfBZxuw4mmPZKmqzli65IBsszZfYpdu2TwuolRaJ8oxWLibFKnOhtfmZ8a1uok30i26ZDYctft0dH_3Pj9kwNvqgC7rJR2G-na80r-1vutbuDv8VwmnGK1ZaGT8t52ClGRyqlo1zI2MKd9RwvlfpSaavnwFRO0jdNOJlenlsnOult1KHCnC-oPKu0aMB2AF5tSE5HO6CurU3ZmECbjf5ayKsctyQxfRbl1eWWZlKmcuD-FrFJFLJmRUqIyJdZSL7SOkoTAWdyVsRBv5BdyiZDLxqZa0O9solvSfW0tL5YaCH1qyBVznllmx6DM0miIrWfO_Tt9XEffiFWhOpPGFVRZb5R_Lf9SVNtOps32Qq1zA8ZMetXuf-TFda6oJ291qX7EEIuG0JD9GurOAizXcv3-KgsMx7tIzbLz90Hhlib5g6fNaTdvDAxcfIoVHEXCcNkYztl8Kmj26NkDdyGo5707U4v8gIiYdXkAibCMM8kk1_yL2ZGNhC4vbIpTugYOdp9hKVjEWE4nudxUr0Qxq6GpFTX_PykefLWZBE-8ZJDokW5wMxGRIpeGzbuu-5zDXCpbeCmExQdxGtlga1syyk7bGjaQ-lcBiCDGZqlveCLG8U3MZW-rTHEm_VhlGEpL61KFGEdQ8no1tBgpyxOxxbGXOFank-4uxzXONPRBXaAwNQtitWXVBYR6oQf3zk8eg6qx-hLFskDm8C6sIHpqrr9cbp8MXC3xlusKvg9T6r0m5JM3WE_LJg3wqLsQ4LGTUNuIm-sp_qQ4L-zVDgdwPxMT_NhRKLu2aVElID_q60cRMC4_Jan55Kd0GPmLVfwlEWBF-R1m3OoVeiQo4d_hfgprtZOylhrZ3JEqmmyXtIHV2YVrseK6fRnL4LBbsj9of3bJAEbZuMcHgCjPpF23p1uGHJ-af6Q01SuYB7Ec1-aWtuC2rqn0clMO2L3CVzAbpCmT49OqZGVKzYsq2zLSU884lY-jrgXd7mgSsXXAcmY5OQB3msSxepe0UJfEWF7wNEnLT1QqI&sai=AMfl-YSeqHDgTfyJaLO6zsFn6Bx1gwk_uoq2RbwlWd_Kf-t8feJvxe3STB9xx_D1lIYuN0wKdemieHvkIuUteOY-u0BRx15YWQSlXIlvdgHnTsym5U9UBj4RqyZTB9hd9IBJT-0-mxiRBKpyC7zMHTp75rQStLGbTBRlOH9yu2WF9CupEJLiy1xjtOz-HPd7jETOK9gtWpYhSS8TjvNgk8Tt91mWU8i05Ryi5iWRAOUYcEtJEq7ayYc-MeIC3GEnRN_JWK9pWRiQ8yTzH0n2AczOChJFBLou8Zhn2x3hqZ3KgBaJ6LzqFl11vOcxpUTkLdCztz5IqlaAFWUxQCXACnhWr4Ueld9FYNvFL2XbZANafzRTEhaxUwIhD7b5l8NW7z3MgvdDR7Vk4CsCxwpD_KgNUPeKwUnL5OHnvC1ZEQVTRmzpYfYjw8_enhtd6BLTlpgB3jobJT1g4XGLELG1mOK5OpI_Ed_mEH-35_-lLKHhDZy17ZpYIJlh-cEXquMNzicZiG8c6Q&sig=Cg0ArKJSzBDul7Qbze4qEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=128&cbvp=1&cstd=121&cisv=r20240111.69835&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A70B 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3871432408760&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A70B 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3871432408760&version=m202309260101&ct=77&x=1&cor=11179823133224598000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A70B 34 KB
19 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BaZfjS-Pzl_HXNecFgiz9R0jl-P83v9qlNUoNzZmIHs8lcJj721RBFml9twPnsJPqp_3Dmu4HF8-tLHOHBVXMoYSxKsB2NlrsGjeh4GJdks97lTRqUbkKMpyP2y0TgoXgIYQHZSzpwSVpvrOnnbQgTzplbSTrXJd34HVJfAT1VksMSKwE&cry=1&dbm_d=AKAmf-BD8RFcim5n-xUCTvsNIeSmEc--XggTpohfLOmoSHs3EtVOIbmZ3NalxVKPKPQjksRAar1MkUqX30arCSxWm35O3u4bYiICIhZfLkGtpqXmJerDMfxYfKGLOjPVrdCHBYyzUAdaBIqqbhd-M--lSk8zC9PcB5_Jh-8q4tPKwmLPa1RISa4oEgxFWfJMw7fCVAU4YF4rH-d5MAtsAtCDdvY3diE2sUUqJJIZNNU_3vw37WocOTyZ9wuTxCsiXOf1OVx4Hbv19LM1DFQpfNdl8AEAPnlOUM-KLgWz5adKjdSnzuHzZ0eDaaqoexDMQtrY2qrj4qZ2KRHGNAq_dHqBhYLBXZW1fluDSgYKS6AHFd8jc1C51yeNrzaiL5QxpKVQAHcX_bpEyW4BojdN7aasmCeBkjn6gyQUsba71ywtyRgp2V_BwC2jbHb1NhYWjzuOkwBCcweVakgqdIBBOBu-059ciewjidKRPfcCLY4LX1-K1BySPkQBkSLHimcpbOzLoSbe3vU0zGw5DR__IyeipoEqt7Y53i8y_tmxvAyW3xC6NarHN0kH7AzKh3OpwWuzfSvIKEx5dr7TXY4tJR1hhS3n2E5ttVfl5elFLQET02vRAM7rA8o8z4ieM3tCVxF2pgjtTq4cJpwpCVinj4L-qz4hfFRYZG2aqnfWkJGrrLVWvl2GNJ9-PdshvGrmzaD5nHMB0oCeRGyIYQPZvuHjiynjSpnmKXNOZ4YbP-BsM_lebnWSiFS-NnuQy5hUOg1wfuVJqqat0e-N2ZzfCvGLPA1ltYYnL5D2HibWiY7vXM5VyYdr-uqI0wrVvNshM3TGgfXUUzHU_rq1Drxat9em5P6CRKUU_GazpAaY-2_UIi3tjvFiG-bQl3Ag6RfkvflQ6M1BQyv9gH69iFKRw_D5fTx7TYJo5XkroSHApj47Tu5CkO57FvYIkLcAtZYi40D10S3ziXcjWld6Eq83loyr3332CGfIfJHBK0KxnaxX9MfxEHbyfGkvXW7Eut6LY7CDSVtEoWlvieB8_HhSz7vBrTCJoqv2ZvoBhogn9ledgVIvMbZq0Oa0OvJAFwGIkeAWqemaJsSGdIzN2RNdyt3YVl_R-g1WV-nGrQoVOAfdZz7i0mDjcWr9kShYTczkp7qm07t-XlodXxurRAq2732Jd50xCOViUQ0WCWaXcl456NzxY8ch8d1IarBtfX0ju4if907iMVrOXssNElQ6s2bBnXxRN8F4CXt5wYrDW6hC_owGzJMLdBcSM20sPkyVhlzF4LOkulAvJfpcOt-wS1GvWt8Y-40s8hP9iQRxmaLBpTjaM9HjLB1Prx08BZzdPe64d-CpIWbPbl0P5xb29-jSMUlJmOmjGqY26aeBniNNpia0xwqNBToxx6_OnrSqew7bI92haxnSyEibEc0ZMFwE23CU8gDCCQ7sAZFqpaQfVqkZtOigYEfSQcLFB0OeESHRtfPsuAci13XTaaHAyeykHvbEAAPfVUfzAiT112e7InaibsgNoIYB9dpSpdkCTF79aB_ti-sm7lBpeQR3Ink1xg8RAE5Nm7jjT_GwK70YI6Gx7lBQbefQFg5jV582rCOymXP531BDXWcPLUIdvQx6SoRtpjlPl1S-nZK1mwdXLB3TLndUFhbUGVMcB2ah8RLuQA_x16kAOkrVN0upfu7r9tqV9XTZYDxPc8TyFKNdGJieklzvJLhtj07vicEFxl_XqEF_90FCZcXxGKfCyzjgKNu_-4-nzN5t2XQcTf-7OnieMq1etmIFKbbnb7harnqfc28ggcxiz1miiw7cXKNezQUwxc77nmssZI78WhKTCeZVD1GJ8Y0HSWrdh0YcWtQnZVNsw1ijKnxYyHSRDsGKioJxi3I8CZG_S47a_izSslL9buC5t5Hb5ruhjF_94aY-w8n2dzX2CQNG4FedwnOFi20KkuoHB-JuH9gwJeZWjWojZaoeejxtZYpp5JZQr5XnxI9BnUvgYh3qJ0hGfnQejRKzAuDWrGUsjVk_xoxd8c37QtNQchMMngMyVydqxw4elDRh1h2ORG1KOyvS3FxKY-mP-EkBzqQ34upM4brovZ8bZ83JkPurfeIfpz0T63xp8KeqbxQMdMrUdlzuIIH2GlsgZT-ggOiZGXEwtRrJ4L1yeU_JuSIquy9uM2r4pJ06kTJfMM5-MPWBDpaANHYesLxiKTy64wk312t2Ngk1AgHZIAyJv7sfvgiF76kkgEU0JBe36_wFfOhOMInWZrxaW70QVHVVs5wViJ8G8QKZPWZJ2UhpW38mvvOpJcmysSH6HecScmuda1iidlRwk9t8_IJpZQ9DHC57vv1WnC4r6cSWRdRdrp79VE_9kAvxfAgpYpraVD5e-cfXMMkeN0utRYVH2PwgsSTHkZBxPdn-Xs7CYMADDYDq3PFRUiKV6FcU4-PjUPKEyPmyDxzjallfp33XPEgsH1PLwI-tKE0JtiKsWAOv-fZssMbMTwaRsSD2GhDRO-2eaTIwJQ1ti6ACluLpjoB4pbtRWVc9_12JEzsHgpOa1WKL2-ninICujeLJ1KoIPQhWyiF6_vKXUGuXEkGMfyC7FIJyzGe7Q0NZcbx51HhJsyzoT93otb71Ip-zK8DrSwmOMDLSm0xx6ujfAJsTHpGzznGxtQY3YU_rEWSq51_GniJ23Nb6rxgP-CFcrQ-3QmaFGPFhMaAEN3LzLDZCOgJcu0PHjiF3uExt6k3un2ADNDK7soMhuMtIygr9NXJnnmFQuxFtuokFBP9vtQL2wp6iGzgd7SHqBbg58TluP78b2RnPvVU9CQmPPOIPKtHVhD8l08rCX7ElkePvDW1Kch_22vAr0J6I0dW2-L79Wna8VHW71ljG1JhLYoI6gtN65-wjAPtnAr_90gqs7B1yxf0fV_PBjGbiMq2aj8slD8UabnvagH_1KFpFPu3EJVtJHuNFoXxdcbi9rVwIsvpvbCknDcFSYiSb3iF5SJljmuNfv7e0FgDJrDn5RBFnVk67ch6_Z3hT1fh-6s7ZZ5tPLU0AZcJHKcwZUNT0TellhB4jMk2AhRW1AnYX5Kj3t3KIWBc1KDzgCv5fY8y-4irJnYMsWpe0u30TqBN-qyiN4CiO7lT8c3JI_0VfRKhFAy7vG8zX82tvt1kIeM0uanTSi3rZnzCRfHSc2NMqDHuZs2FC9lQCesZc6SEG2QhzkkD2UXdwuAe9v9KLYQ0n2YuzVXgqj19W3C587z4gchpgNPyiaBEYDeE3Ac59VcGauPiLfel4O6RjCpZIgDTOKdjx-iDoW-AfL41Jlj3VeTqmDjNkPwIenNJNt3ZflkGZdWGpABr4RGadQeqoO4UTd0Aupu07MLK389P8djx3IvQOK10ePICdJ4Ywj2JYPQlldJNPa1eo13ed_e7xREMDb7SxGEqDOV5NQiongcRxToKWUFxNmBCLN6BS2eVU9gKcZiuWtPekcET2DSmjRx__QSmC_wuYIsnJqOgmD8DQLueihuX183FtbC6488jUigNlUott8a35m-AbkvZJcU-dw3ztx0SjbjiWYGHa4zJJq9RAyLVCYjxPB4nJTOgsuF4qQWs5ClssY_JdGcly2O4bJDifLcZ0TeIJrC9YkTSlyts86sQbH4qzDFyFTIyCOP4dKPoH0u5nS5FewlJbdP6GVIQU3K8FqX1ae1ROan_H7CCc-aTC5OC7uz-NyMlRAVHog4Pw077_r4qOC8HARhBziiqvT_NWmS2zFXqamXckuczL0Y-gIosMvV_8sD9YbTx8peO8gTRC8BG5PMS5kgJ15wUnZf5kmwVlcjT4Vw-bNmxm2K_3WlxHiJW-0RLhNi6aBsYUCu8RUEFqk9TFKmrqgl0AS1MSfe_aTI6fd72p1eGAYY53zDJAcf9JvNxUsumHwmTWuiFil0jImj8Lw4BZZSslpbQYCrEd5ogYneltqHQhuVWTgjDbxBScW-vOj1U4l1nMsI4x&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fultrasurfing.com%2F&ds=l&xdt=1&iif=1&cor=11179823133224598000&adk=1033480540&idt=97&cac=0&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3f71afc776255e6f474324ee27a263e723253c0a287309dcd16450b943cbe19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19576
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9CAA 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/gif

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.taboola.com/taboola/video/fetch/q_auto:low/https%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fvideo%2F%2Fh_400%2Cc_scale%2Fv1655289863%2Fsbfcvda1gqwcij41gdnv.mp4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.44 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

51d50e35fef162329c65f20917c771ddefd3fd26d7662d2332e119d9181353f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=604800
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
date: Tue, 16 Jan 2024 22:50:34 GMT
age: 1322642
x-cache: HIT, HIT
Content-Range: bytes 0-165889/165890
server-timing: cld-akam;mitm=f;dur=208;cpu=47;start=2023-09-02T18:31:33.814Z;desc=miss,rtt;dur=0,cloudinary;dur=139;start=2023-09-02T18:31:33.850Z
Content-Length: 165890
x-backend-name: fastlyshield--shield_cache_iad_kiad7000121_IAD
x-served-by: cache-iad-kiad7000121-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 02 Jul 2023 12:39:48 GMT
server: Cloudinary
x-timer: S1705445434.084382,VS0,VE1
etag: "cebe3af2bb40eb7120e4db4f22ce1234"
vary: /video/fetch/q_auto:low/https%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fvideo%2F%2Fh_400%2Cc_scale%2Fv1655289863%2Fsbfcvda1gqwcij41gdnv.mp4
content-type: video/mp4;codecs=avc1
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 452, 0

GET
H2 200 main_00004.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 268 KB
268 KB 23ms
23ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00004.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ac98ee91299f984d51aa0dbdb1212d69361998cec64cb157021a805b2e7a5ed1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 397904
x-77-cache: HIT
x-accel-date: 1705047530
content-length: 274104
x-77-nzt: EgwBnJIhiwH3UBIGAAwBisclwQH35IYCAA
x-accel-expires: @1705918726
x-77-age: 563508
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-42eb8"
x-77-nzt-ray: cf878727ef4785ca3a08a765502cb505
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B8E2 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BeRt4OQinZc3nDImi9u8Ps_CmgA4AAAAAOAHgBAI&bg=!xsWlxYrNAAaumcC-jpk7ADQBe5WfOIT0sg5rp8jv0OeL8FzzkewI2veG940rQdBJmYBL19RnWldnpe2jFR_MFGNmM8UhAgAAALNSAAAAAmgBB5kDEGA1jHCszyItygKE4l5_g4F-firBHu2SiZECMNlsgr4u5L6_pxCbMc78BCIvxr65Lt4NKyo6aogVDc8xB_ij0l57qoQQHY5ZvHowm4u2KXt_6FOJu9PiZ6paIm9wy1M-s1DSQ2f1doKbImd4uUCBIDd50PFhQYkLUnfds1xB_mNia5DetbIIr7u9PCGnNq1mzQasKjUU4o2VlrgAqKEZ9IcJqBXYyU3L8SZCcAE2y2UN2oOqeYRp1Id0J5Lin4EFDnNIy24sRNBOa5nfIoDF9mu1rC6u3okSf3_QSm7qaB4pCz7qonfLR7ii-dTma9vGI6lBkZF0TUWFh4evnfzIocKBX_VUhHeBS_yjiUWx91NUbUVl2pW7QeX9tQUKwfoMwu9MgP6HSf7ImKjyRmk8Yh8LNApZxVwvb1cBinOFyyd68I5q9cusO6suuY8rcVSM_5ZHQVUv2Iy5CmL_J42a41BNLz_4veiHXaQDX0d2R13ASCNGeqfCfMA9iS2f3L2QhlNG052-kGHKn4RZKDkk6711PlvJK7xHzJsjIQEbOmexDJvdUZSGa6MuRl8KPZ6xao-shmkudlqltQ3g7T_8s8FxfE52jKhedElhVB7gFxY0mT2HiLkTUhEUdSHzXO9Gzc97HJkLMiEtrwffQnhtusXkXJBPWrv9x2mjFp5YcCTH2WB3Jpv2k2DWY5w73Exzz8599uJi7bLEjV5a6c14fmHRO8ENY4X_u0XM3Ous8olSPoZT9jiPsRRec8bQc6fStz7c0yQY9RQiQ6uqfZvSxKv3tH63CDtiCFJF4JPtt2f2iksreNrIjoFHTK9DSrowsdQdwgjZsOsbw1racx1k1AN3WZC8hIHD9k2NQ6yP3RjScu2vzqrOLfh9Mv5Fq5vdeziPLWPYIJawHWwz3n5RKqxUgF8XIuqjHO6W7cv2XCdXFtQGID70WnjX3fx8dQtCsTYg4tgsDbKhFoecpW37A1s1EIETF5EoS4Ixmctn4qe-sdjR9qDaty2zziSWoSwig-cMML1DB-EI_TASxrhn4To

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 6CAC 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame CBB4 70 B
148 B 138ms
44ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: http://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=undefined&cb=1705445433995&uv=3373&tms=1705445433995&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=9540d181-8f83-43b9-bdea-6ba8cc66cf2d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9
pr-bh.ybp.yahoo.com/sync/taboola/ Frame CBB4 43 B
426 B 160ms
47ms Image
image/gif 2a05:d018:d29:3605:da2e:7cf5:bf7c:fec
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/taboola/82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9?gdpr=1&us_privacy=1---

Requested by

Host: imprammp.taboola.com
URL: http://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=undefined&cb=1705445433995&uv=3373&tms=1705445433995&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=9540d181-8f83-43b9-bdea-6ba8cc66cf2d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:da2e:7cf5:bf7c:fec Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58785/ Frame CBB4 0
125 B 104ms
25ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4BB8 236 KB
63 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 148 KB
27 KB 29ms
29ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38f6d5e179f945f14121dc1f5d5b19e91358bc47212f77212b03ffa1171f9a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 17:39:12 GMT
date: Tue, 16 Jan 2024 17:39:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27168
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 4BB8 120 KB
41 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 12:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37625
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 12:23:29 GMT

GET
H3 200 clicktag.js Show response
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 3 KB
1 KB 31ms
31ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/clicktag.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea51f498a2e11e522503ca4033674ae7233a3d2a5e5fe9c07491f5fbe5883ac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 10:58:59 GMT
date: Sat, 13 Jan 2024 10:58:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 301895
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 995
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame CE1C 70 B
149 B 109ms
43ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9
pr-bh.ybp.yahoo.com/sync/taboola/ Frame CE1C 43 B
425 B 132ms
48ms Image
image/gif 2a05:d018:d29:3605:da2e:7cf5:bf7c:fec
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/taboola/82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9?gdpr=1&us_privacy=1---

Requested by

Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:da2e:7cf5:bf7c:fec Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 4 KB
2 KB 29ms
28ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0cdcfa51bf7c0951161cf2e242a6ebfda64367f3aabce61b9a3a92b68baa0b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1654
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:34 GMT
expires: Wed, 15 Jan 2025 22:50:34 GMT
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 56BA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6298a36117d8182dd38f93d32cb9ba045754bbdae49b7f260054fd4700973df2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 56BA 0
0 61ms
61ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsve37RJsrpH8mx1m7YQTjvvORW9HiLsgh5GSrR1YtDWA-8KBcEFjzgQd6V2pX75Su-Mvb0Mcayeiu5uMjoP88miaw0cBnOhLdjZlEVfQP1gPA0tUkp7VY9uO7urJ0b6YIXkXXiqLHYv0kQsnN7b1hl3apPTvhIdkcaKiweWh4kgam6-PuxsTJEErqM3iByCmVUxjcj0IirdmPqkhb8vHLdIpyj25pERnQ-N-oXp2Eq80s_eJsDKcvGvO_rBLqtsf-LRKxgu6AtR_nyeclvbFGBoBf3e8g_Rwbiiv-LtI1X51WC3HDi4rIGJuvQd-oqFdHNjPJuUAjZNLmHqwB2RI4Dy3sxtXUMkAvFdFiZcd9zcBj_uZp9yUD5m874-HUTcUmDnGRyVNUEljOfvZFK16IRpCTWK1hbiJI5Q1PlOgB3JVOL3HcwzCHos1x18o57Av_OeOxMSAwsOaLmLDHv4tsLqqSZjIiVOaU-YF1q6CtpnuyhDciZEtGlWOBX8utDUS1lCCUiq4T9OsYEocq-mgpo_XQK54fKNj0v76oaG9_nlvo_F2tLYRa4Vm6Gmi9FkA1tfW41WTk8weD78bG59INno-464r54s2AOf82nPVmskSv3lZaU8RjP6a2R4lj0kZ6swlbHXHlk5ydn9NJyA5duhruMW8nh-F-lLmAt5jIUkTKH9okDYm3XMv_eugaMG49XFfFLJz5T-kgU9Af34jNX49AvAbbSe3VPcxgaeKkUXPTdF3X4WN5DRCwWFizcHbFpvGvv7QJO3gVUEUsqbltzPw43myYaIfbkgO4Sei_v34RRa6dyFU5YH1lXRm0paNYx3fA5aUmFZTeCGptwrdMZavnU4sTZIUxu-RFGhqTifThGnmCLHhcc4mv5iZrsHyTe3gd9ZjOHb4DPMPIKm8fViqiWHPPReZtKciioD1IuifJ8o-BjwZd3E9vvvMNSp6SBkUeVK5xM4kz4ZEcFfyCK11Jv6RG5LIcY1zsA-7vRDWeW53r8PCgoLHSiAz4t7snPw0HRgbfcipNY0I4vAlpcGaPdngRMWVJ30rRQDj0UYA675t9EJBRNmCpgVIoCwJ4iiFD1Wwt3Yez_5HkYl6kYVPxDWqqoAen0xYeLHHzZntXG147iL9FSdMaKLdFueSx9Fs7XLzuxIr_o36FByN8LO7njY7Fdtosd6py1sIm4zNa0JBj_CF_Ibiqmcvo8OWM2dhZWcziUiRosGceRk6kdY5emIeUZDQoggS3vysfpEf0F3NMouY6_pTm-1wIVAG9pjTlbk1Q6KWjUaSy1Ols-mC5QlJq0fU_Qjor-suPi4H4ES3Fa8T9E3KkQ1dphxQp3j4emrNSXW-AoY7PgmGV498xdtxF2o6w80FYd1iNBDedMbK1NnFwIE_Z4blvEheZPf4ziKA_u0lZsUmS2HXLarVG-DquaGST16FhymLlW6GcJqgU7RID2xuJ66NA&sai=AMfl-YRkwjis1ogKC2nWNacxstXoPlOLMIMVBxbhFidlRgj2CGIJojNu_yMNKbuPTYS_hyhzgG2CAHgP1048zdLLH3ivBJNeJTw0aMDqaiCPrHv-YIr1vy2iM7k9v0auvXSGK_6PV08XEvJWB1sdzEnkBAXotI-9ENXTRXkTpfW5xsr2wPt5BbbwY-vOzDFXuVMbo8vXYJ-xSm7lSGgCnQrQy0didNbWAQsnsiN4hG0P4WLfQ3_3Dv-gNH8jVT_6iF5Mjp_ZRZbgMRKCUPKMtr7V2YTVok1uCgpfr2h-NETbsOzMVImU584Eb5LzHTWTrXp1TCHnQus13aIlOqnhp8vaYTNfG6kqroB5sP4GDVtTGRoUPUh9bRdLKSYdQ_moTNwM3bm6YVJzqqO3weDzy9yUZuc1Bz4yuDILbatcp8XQ7Sqv2X5yX5R0RqUqLE_EdkdBLOUwHycBC21BmCAfcJwTey28baDelsu-ALFrgRmpVKc5chFapq9ZdYnDAMsftUkXl0w2cg&sig=Cg0ArKJSzDJ7yBcqafRoEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=203&cbvp=1&cstd=200&cisv=r20240111.67574&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1CA5 281 B
555 B 110ms
26ms Document
text/html 104.119.110.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.119.110.47 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-119-110-47.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://am-match.taboola.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Jan 2024 22:50:34 GMT
ETag: "280524-119-60b38417c4040"
Last-Modified: Tue, 28 Nov 2023 15:41:45 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame C9CC 0
0 55ms
54ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstgfulPtAR9fCqm2e-CZa9A9g5mKNxZDhUFuGBqzl423JHLJt5ncT6Dalv_tb1mtlqeLCs9aL7_oKsUrAONypSMsWiQ9ejIPmrNEFwjW56zOJ4IhfvTO41sbMXRp34yJDX49IaEEFQS2vJVUK3l5PXOMu06tNd4TXZmlpUAI9DxFrTeDcNy3VfNgDg6VKExRZgmiAIv--c5r2BjWXSZ7aRsJgFwk8iLQ9VoBGojlTswXJ5eUJZOP0eafPEPKX6cQQzmTpntpjVsPJH6VNUC1J-D6Zk5ZI2xXHk54E7YVBpPZQNAuHVWyX9JT3tAz14EDSJiyjEyUTghaVRj1uSUn6Ud14pQ7TBUSkBTZR6RXy39VIiJUnlK_L3qwpxgjEubN4NdHz98itC3NQBe-5zqzJdlwJq1afDuAZlRHDTgJo-C1KEWIkCc2YDmCHr7aUAg35fSRuTQFD3OqkuLm8NYq0c_6f0KAEqeEZZ4li6arZlFpkg-NCTBWsqX-tIDPwfhpQ8FSU2gmNMt6lF8gMlsLfRSvMN3LkBZP6ivrLVyh9e0O0lC9GOoVbWIMrbm9CP6wPLTb7GcCXBkJPyaI4qH8g9WFpjTeFvNqyH_fmRLahNFMihpL46o6q_9CAHYSa7Ltr_Mhf-3yL94Bf6gVewTozgVEomnTWAheZwMBcoRm5WUb-827C9fM59zXw81jQcjJbRUFcDXq7FWXbVadV_IiyfkXSjuiRL5GDjJyNgBb6LdidzTqdZbh9ND3tmSWUYH67TVA3geX5WDSOfrAZuIRh3nIMJa64qSj29ugV4GzYsHVh_u7cBoxAsGmYhr4uhMkk9I69hOADp7TukxAOzLjSxQg_OwAKilFqoCBsRl32E3k6dML_MnqyEeB4VCTSpqRm8FsdO4XZVEjhG2ntdMaa37oueuomHF_9FAmPqIAV9GpblGtALeuZcS4-lmyE-4X1QKRxXJxCnu0bD2zDhAG_nv5UqJaiXIMHZQ5nu7HeZEeNOxnqfwh62VlJs1_7EcnDVShYMubpLATm02YtHSmCTN2czJN0JvCBxoAECuS8fdw0jCToNS_TR1xOc-Eas2lac403zlLeFo7S27ftI903vqBD2GGRhExldR06Rw5GDB6VEKYKPdkhaGK02h4yEMTrGfypV4ZX15oER13M2ntJCZypeB099KBm9I750sOB0v8ouBdzVD9vqL7PxcYxAkG1U_vSIbUDepeERaZUfogyvJdBoIbgtmJeq8E_S2XlaDHg1_Jt-MbmdDGxz-mRolgMnK7wO2hyTPgm1X-TjNxo_hbo_qbCX1hGNhBj4u9xG-0ok_T0VS3ckg0k0_WgmRE2G5JHpxobHs77iJQvXvkmr2s_K_6kJCgXBrQyeDaeLh6jqIq9sTLx4ys1wRs2EUNdPoMzu6_lTmfriB4DdsFiLsOagJybyNfuUTvMIWouZ59N7JhSb-tXj78bFPdn6hAiG83ywTyS_meSATitwVJVwILLfJXr3Azmo1&sai=AMfl-YTw7jSIUpyXXchk612R_RQsgq7zwUtT2OYRlDSK7SFPehBeROvAtjdRy1HDcDbmQhBezGMl8rm8YUrq7Tk9UXLC3Ud6Yz1lu3b6h4oKTOXOydjaiyyKTH50-u_YcNDC8q6bR31wDYlBRLsx5Wm7-_Z3v6fY_vfZlthfINcyqoDf-GCRCmW1icTV4LqG_f0-IO0741abEEgyMSnNHJgcoRUqLXvO8cxvDcLaCpIhj5v_LBykJpt8GLC1V5m4Ohx3F8oT5qV93cuGBf2IQBB67b2UmeUIiDl9nZzYq80Dm6_o1fOTuDa5lwqSD5VNnskJZb_HOADnh8zOJMT-ScgMrq8ffXneSnpGcfisIEk_Z2SIVl2h2zicd5Jxz47qUAxuZw5pdgOxr4mi2ipdvPpNNOGPfXEds_8vOUh14oYxG3Gm0QUjxzR6EzrJzLzM2mSLdiOlz7ftOFou0zxM1KBIW7XVsFe9aXq36o_XsdEtndqRQh0p8rBclkAD6D9KlPE9SY6w_MQCDYwA&sig=Cg0ArKJSzJT5Y_LVMQE6EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zY2h3YWViaXNjaC1oYWxsLmRl&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=637&vt=11&dtpt=499&dett=3&cstd=136&cisv=r20240111.94224&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BB44 0
0 62ms
62ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdXsZOQinZfHXC7iH7_UP7rKWqA2Z3-zZb8Dk5o6lDI7d-8XsDxABILqEwDNglYKAgLAHoAGumIqiAsgBCakCROF616o6sj7gAgCoAwHIAwqqBNkCT9A-gzY03ZT1kxsNq8UpUwVWrssooBub5tZQtM9X3nQjYOsYkLlyK-a9nHDgch6V5iq0_6rsLX9YnxuGscVYpbqRPP9lOwpzOSqy6pz3qs2etKM3AZb_GqNss2n5tKk5WFZJSMZaIibokO7wCkElC2Q_bvAz1CjNk6AMlPz3OSQaNubw1lMsoWlgmKEpeXW-K0n2q2nkInXi_Ti_wj8BAQsE9XLC1t8HIDzMSoM61ds4EniQhUKIKKqeZn2FbDdgdO6pnHn3vhCKP6ZS2hdBDlgUBVVsY22HQP-ZDH5GxL1a1Mzw7NdOUcrapwmHzRQ6solcgn6CWXoAH5VL-bMW4gLMNxZi0H4DqxZCggjZo7txwXHyi4lPGtdT7FATLkkh4JeFW49bjI__YQNe4SRhZGHqhH1w9S_QDsMIASIlgSN5-viMtwqWOoSnCkDP82SZHlgDzQhlRRbJwASegcTr_wLgBAGIBa296vknkgUECAQYAZIFBAgFGASgBi6AB7rn9d0BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQkPwP0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOli87-ip_-KDA5oJIGh0dHBzOi8veGNyYWZ0Lm5ldC9yZWdpc3RyYXRpb24vgAoDyAsB4g0TCLSl6an_4oMDFbjDuwgdbpkF1bgT5APYEwyIFAPQFQGAFwGyFx4KHAgAEhRwdWItMTMyNTM0MDQyOTgyMzUwMhjKqx4&sigh=ZCwdYHSZby4&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&template_id=484&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H2 204 071ab26f-7129-4e9b-ad2d-e18a9143f72d
boadedshedisite.com/impression/ 0
1 KB 166ms
57ms Image
text/plain 54.230.112.10
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://boadedshedisite.com/impression/071ab26f-7129-4e9b-ad2d-e18a9143f72d?site=ultrasurf-ultrasurf&site_id=1110515&title=%24%7Bcity%3Acapitalized%7D%24%3A+Verlassene+H%C3%A4user+zum+Verkauf+zu+unglaublichen+Preisen&platform=Desktop&campaign_id=31867879&campaign_item_id=3884306973&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F32dbb5d53d34c0edd2b7f06a959db4b8.jpeg&click_id=GiBNnyYs3zENcU1d_OGbM9-jEDr4Gy8yF5_QXhV5HP4p9CCL0mMo6MjN8sucpfypAQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.112.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-112-10.mrs52.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 65c8c6a64ee169aa569938f99935b4da.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: MRS52-C1
x-cache: Miss from cloudfront
cache-control: no-store, no-cache, pre-check=0, post-check=0
x-amz-cf-id: vIBt0SVynsDOU61p6xN3kk0wS41khl0UGbrgIcyYhWeJfn878l1i0A==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F896 236 KB
63 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 135 KB
24 KB 23ms
23ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b25623e741968f2ebf681e62d7493503936947a57229fc347d755e615216b04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 19:47:42 GMT
date: Fri, 12 Jan 2024 19:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356572
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24423
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame F896 120 KB
41 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 12:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37625
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 17 Jan 2024 12:23:29 GMT

GET
H3 200 clicktag.js Show response
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 3 KB
1 KB 26ms
26ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/clicktag.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea51f498a2e11e522503ca4033674ae7233a3d2a5e5fe9c07491f5fbe5883ac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 15:04:38 GMT
date: Tue, 16 Jan 2024 15:04:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 995
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H/1.1 200
OK cmOsUnit.css
vidstat.taboola.com/vpaid/units/33_7_3/assets/css/ 60 KB
10 KB 42ms
21ms Stylesheet
text/css 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/33_7_3/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b9deac08511b98fa127fcf0d07e132b58d85b56662aabeafd82029d6257cdd2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-meta-mtime: 1704535363
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 4d156fc02c81ad97b906c107779265e2.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P5
Age: 910011
x-amz-server-side-encryption: AES256
X-Cache: Miss from cloudfront, HIT
x-amz-meta-ctime: 1704535364
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Length: 9167
X-Served-By: cache-fra-etou8220074-FRA
Last-Modified: Sat, 06 Jan 2024 10:02:45 GMT
Server: AmazonS3
X-Timer: S1705445434.298186,VS0,VE0
ETag: "30d09ffbf9a524bc6081bc1e302eec66"
x-amz-meta-uid: 0
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: text/css
x-amz-meta-gid: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: JfrJJnCfXmcxnlZA8N27NNkOXi1Da2YZfmtacs6YwNf_gDDBG2tUnw==
X-Cache-Hits: 781

GET
H/1.1 200
OK cmTagFEED_MANAGER.js Show response
vidstat.taboola.com/vpaid/units/33_7_3/infra/ 484 KB
126 KB 24ms
24ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmTagFEED_MANAGER.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4a22a285f4b33ee0625fd971bc53ee27c3c43748bba6e2116487eb118e11f446

Request headers

Referer: http://ultrasurfing.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-meta-mtime: 1704535340
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 671c13f54b1ad36c801a07e5c548b1c8.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P5
Age: 586709
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront, HIT
x-amz-meta-ctime: 1704535341
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Length: 128543
X-Served-By: cache-fra-etou8220095-FRA
Last-Modified: Sat, 06 Jan 2024 10:02:22 GMT
Server: AmazonS3
X-Timer: S1705445434.277229,VS0,VE2
ETag: "0e5f927c231eb0d3983c58a3a504d613"
x-amz-meta-uid: 0
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: application/javascript
x-amz-meta-gid: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2SUDYTxVNmXbiJE28MM7QA0gUvtCazm4qN6yUKEWwTpOPXXasrTyFQ==
X-Cache-Hits: 1

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 53ms
53ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401100101&jk=3684559146486941&bg=!gYKlgs3NAAaumcC-jpk7ADQBe5WfOG1gOCvg9lsn53Yw4XqXkXOgjcHUy5jmG_wlVwUybyW_0DuVLuWIM9_H4JvpZnByAgAAAElSAAAAAmgBB5kCtRmTgVy5fVWttdFfqZHC8T6N8rNVNa2_ggSwm2Q2uXgfVKiIcbFVNX1YY_Zr-elwPeNLO-0mqXiwqvttSoFm2pNJeH-NhRhTwCAXkbKfAz8P9t4Wnc8rbaOMTuiMf_9wB1KllPYUgsRhFGtEKMf-jj_gg5Tmg7x4V6o_v_B57XEhOHGznQOp9ibtrCMahAhgyjlDqtX174CkLwrIjN54wUnmQ1eAgTNIoXNjvVbuUQSTUPPbNdJudXXeiYus8VfIicXMJ6TseshXbicVEnht_4OOoKtt7cAFEWUCey55fhioqv9d_algBT6SCFJ2RPVhK5VDvl2aUGVe_SHZnAaJv_KJegNSy0jylp_CLTobrKRA_aW28OyEH0rrouwnB0dI9cf_jJmUS9lOpgClAN-XGs2LMWVesovZTqIi9MJUPMu-vFDaap3bni-hQBa8EAiPpzLmWLI5hr1fW2lQvl1TRLGizlufN22cU7ADWMbSTHwUId5wta7fe-0U5wJ1D2TnCZ3I5-i3RUijpsxNbL9CnOgU7XMI8MvDXbqhqVvBubJmXHzHRS2J3s6rGto4BDYLxNbNc_DvPnsC-BXgyjNt0Mrls_zVEWGCOp9kV-1Fe4Ttmvgxh5p3zRJd5B0TAGfjJa-0SkeN9YCJzf1SEgUuRavAL5L7UnFZPoWp5NhCzWtXvdbsnu-ovsZ7wwZ1mHlfgTJGXP-KcSGea-SXksIcz-t8M-enC-VnBL6LCn41oMZmLdk7MX90Iz5B4RKDdgDpcTe3TJ_bm6Pd9znx2faxT5q0HEpleNfE8KF40qRdvGOro4tRgQjhElD24YG2Zh0ApT5TIZiItSKkXZ51v73cUnd4CByMrf4tJ48JvA0KS-5B6mDuZs7i0hH6T6PVwnQZfMhD7omoPBMYMPpa0wiZfr7RaMFKlQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/ Frame A70B 31 KB
12 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BaZfjS-Pzl_HXNecFgiz9R0jl-P83v9qlNUoNzZmIHs8lcJj721RBFml9twPnsJPqp_3Dmu4HF8-tLHOHBVXMoYSxKsB2NlrsGjeh4GJdks97lTRqUbkKMpyP2y0TgoXgIYQHZSzpwSVpvrOnnbQgTzplbSTrXJd34HVJfAT1VksMSKwE&cry=1&dbm_d=AKAmf-BD8RFcim5n-xUCTvsNIeSmEc--XggTpohfLOmoSHs3EtVOIbmZ3NalxVKPKPQjksRAar1MkUqX30arCSxWm35O3u4bYiICIhZfLkGtpqXmJerDMfxYfKGLOjPVrdCHBYyzUAdaBIqqbhd-M--lSk8zC9PcB5_Jh-8q4tPKwmLPa1RISa4oEgxFWfJMw7fCVAU4YF4rH-d5MAtsAtCDdvY3diE2sUUqJJIZNNU_3vw37WocOTyZ9wuTxCsiXOf1OVx4Hbv19LM1DFQpfNdl8AEAPnlOUM-KLgWz5adKjdSnzuHzZ0eDaaqoexDMQtrY2qrj4qZ2KRHGNAq_dHqBhYLBXZW1fluDSgYKS6AHFd8jc1C51yeNrzaiL5QxpKVQAHcX_bpEyW4BojdN7aasmCeBkjn6gyQUsba71ywtyRgp2V_BwC2jbHb1NhYWjzuOkwBCcweVakgqdIBBOBu-059ciewjidKRPfcCLY4LX1-K1BySPkQBkSLHimcpbOzLoSbe3vU0zGw5DR__IyeipoEqt7Y53i8y_tmxvAyW3xC6NarHN0kH7AzKh3OpwWuzfSvIKEx5dr7TXY4tJR1hhS3n2E5ttVfl5elFLQET02vRAM7rA8o8z4ieM3tCVxF2pgjtTq4cJpwpCVinj4L-qz4hfFRYZG2aqnfWkJGrrLVWvl2GNJ9-PdshvGrmzaD5nHMB0oCeRGyIYQPZvuHjiynjSpnmKXNOZ4YbP-BsM_lebnWSiFS-NnuQy5hUOg1wfuVJqqat0e-N2ZzfCvGLPA1ltYYnL5D2HibWiY7vXM5VyYdr-uqI0wrVvNshM3TGgfXUUzHU_rq1Drxat9em5P6CRKUU_GazpAaY-2_UIi3tjvFiG-bQl3Ag6RfkvflQ6M1BQyv9gH69iFKRw_D5fTx7TYJo5XkroSHApj47Tu5CkO57FvYIkLcAtZYi40D10S3ziXcjWld6Eq83loyr3332CGfIfJHBK0KxnaxX9MfxEHbyfGkvXW7Eut6LY7CDSVtEoWlvieB8_HhSz7vBrTCJoqv2ZvoBhogn9ledgVIvMbZq0Oa0OvJAFwGIkeAWqemaJsSGdIzN2RNdyt3YVl_R-g1WV-nGrQoVOAfdZz7i0mDjcWr9kShYTczkp7qm07t-XlodXxurRAq2732Jd50xCOViUQ0WCWaXcl456NzxY8ch8d1IarBtfX0ju4if907iMVrOXssNElQ6s2bBnXxRN8F4CXt5wYrDW6hC_owGzJMLdBcSM20sPkyVhlzF4LOkulAvJfpcOt-wS1GvWt8Y-40s8hP9iQRxmaLBpTjaM9HjLB1Prx08BZzdPe64d-CpIWbPbl0P5xb29-jSMUlJmOmjGqY26aeBniNNpia0xwqNBToxx6_OnrSqew7bI92haxnSyEibEc0ZMFwE23CU8gDCCQ7sAZFqpaQfVqkZtOigYEfSQcLFB0OeESHRtfPsuAci13XTaaHAyeykHvbEAAPfVUfzAiT112e7InaibsgNoIYB9dpSpdkCTF79aB_ti-sm7lBpeQR3Ink1xg8RAE5Nm7jjT_GwK70YI6Gx7lBQbefQFg5jV582rCOymXP531BDXWcPLUIdvQx6SoRtpjlPl1S-nZK1mwdXLB3TLndUFhbUGVMcB2ah8RLuQA_x16kAOkrVN0upfu7r9tqV9XTZYDxPc8TyFKNdGJieklzvJLhtj07vicEFxl_XqEF_90FCZcXxGKfCyzjgKNu_-4-nzN5t2XQcTf-7OnieMq1etmIFKbbnb7harnqfc28ggcxiz1miiw7cXKNezQUwxc77nmssZI78WhKTCeZVD1GJ8Y0HSWrdh0YcWtQnZVNsw1ijKnxYyHSRDsGKioJxi3I8CZG_S47a_izSslL9buC5t5Hb5ruhjF_94aY-w8n2dzX2CQNG4FedwnOFi20KkuoHB-JuH9gwJeZWjWojZaoeejxtZYpp5JZQr5XnxI9BnUvgYh3qJ0hGfnQejRKzAuDWrGUsjVk_xoxd8c37QtNQchMMngMyVydqxw4elDRh1h2ORG1KOyvS3FxKY-mP-EkBzqQ34upM4brovZ8bZ83JkPurfeIfpz0T63xp8KeqbxQMdMrUdlzuIIH2GlsgZT-ggOiZGXEwtRrJ4L1yeU_JuSIquy9uM2r4pJ06kTJfMM5-MPWBDpaANHYesLxiKTy64wk312t2Ngk1AgHZIAyJv7sfvgiF76kkgEU0JBe36_wFfOhOMInWZrxaW70QVHVVs5wViJ8G8QKZPWZJ2UhpW38mvvOpJcmysSH6HecScmuda1iidlRwk9t8_IJpZQ9DHC57vv1WnC4r6cSWRdRdrp79VE_9kAvxfAgpYpraVD5e-cfXMMkeN0utRYVH2PwgsSTHkZBxPdn-Xs7CYMADDYDq3PFRUiKV6FcU4-PjUPKEyPmyDxzjallfp33XPEgsH1PLwI-tKE0JtiKsWAOv-fZssMbMTwaRsSD2GhDRO-2eaTIwJQ1ti6ACluLpjoB4pbtRWVc9_12JEzsHgpOa1WKL2-ninICujeLJ1KoIPQhWyiF6_vKXUGuXEkGMfyC7FIJyzGe7Q0NZcbx51HhJsyzoT93otb71Ip-zK8DrSwmOMDLSm0xx6ujfAJsTHpGzznGxtQY3YU_rEWSq51_GniJ23Nb6rxgP-CFcrQ-3QmaFGPFhMaAEN3LzLDZCOgJcu0PHjiF3uExt6k3un2ADNDK7soMhuMtIygr9NXJnnmFQuxFtuokFBP9vtQL2wp6iGzgd7SHqBbg58TluP78b2RnPvVU9CQmPPOIPKtHVhD8l08rCX7ElkePvDW1Kch_22vAr0J6I0dW2-L79Wna8VHW71ljG1JhLYoI6gtN65-wjAPtnAr_90gqs7B1yxf0fV_PBjGbiMq2aj8slD8UabnvagH_1KFpFPu3EJVtJHuNFoXxdcbi9rVwIsvpvbCknDcFSYiSb3iF5SJljmuNfv7e0FgDJrDn5RBFnVk67ch6_Z3hT1fh-6s7ZZ5tPLU0AZcJHKcwZUNT0TellhB4jMk2AhRW1AnYX5Kj3t3KIWBc1KDzgCv5fY8y-4irJnYMsWpe0u30TqBN-qyiN4CiO7lT8c3JI_0VfRKhFAy7vG8zX82tvt1kIeM0uanTSi3rZnzCRfHSc2NMqDHuZs2FC9lQCesZc6SEG2QhzkkD2UXdwuAe9v9KLYQ0n2YuzVXgqj19W3C587z4gchpgNPyiaBEYDeE3Ac59VcGauPiLfel4O6RjCpZIgDTOKdjx-iDoW-AfL41Jlj3VeTqmDjNkPwIenNJNt3ZflkGZdWGpABr4RGadQeqoO4UTd0Aupu07MLK389P8djx3IvQOK10ePICdJ4Ywj2JYPQlldJNPa1eo13ed_e7xREMDb7SxGEqDOV5NQiongcRxToKWUFxNmBCLN6BS2eVU9gKcZiuWtPekcET2DSmjRx__QSmC_wuYIsnJqOgmD8DQLueihuX183FtbC6488jUigNlUott8a35m-AbkvZJcU-dw3ztx0SjbjiWYGHa4zJJq9RAyLVCYjxPB4nJTOgsuF4qQWs5ClssY_JdGcly2O4bJDifLcZ0TeIJrC9YkTSlyts86sQbH4qzDFyFTIyCOP4dKPoH0u5nS5FewlJbdP6GVIQU3K8FqX1ae1ROan_H7CCc-aTC5OC7uz-NyMlRAVHog4Pw077_r4qOC8HARhBziiqvT_NWmS2zFXqamXckuczL0Y-gIosMvV_8sD9YbTx8peO8gTRC8BG5PMS5kgJ15wUnZf5kmwVlcjT4Vw-bNmxm2K_3WlxHiJW-0RLhNi6aBsYUCu8RUEFqk9TFKmrqgl0AS1MSfe_aTI6fd72p1eGAYY53zDJAcf9JvNxUsumHwmTWuiFil0jImj8Lw4BZZSslpbQYCrEd5ogYneltqHQhuVWTgjDbxBScW-vOj1U4l1nMsI4x&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&dv3_ver=m202309260101&rfl=http%3A%2F%2Fultrasurfing.com%2F&ds=l&xdt=1&iif=1&cor=11179823133224598000&adk=1033480540&idt=97&cac=0&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 15:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26750
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 15:24:44 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame A70B 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355366
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTQ0NTQzNDA5NDYyMAogIHNlcnZlcl9pcDogMTM5Nzk5MjcwCiAgcHJvY2Vzc19pZDogNTg3MjQxMzgxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDU4NTk3NzQK...
ad.doubleclick.net/ddm/activity/ Frame A70B 0
22 B 54ms
53ms Image
image/png 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTQ0NTQzNDA5NDYyMAogIHNlcnZlcl9pcDogMTM5Nzk5MjcwCiAgcHJvY2Vzc19pZDogNTg3MjQxMzgxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDU4NTk3NzQKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3ZvZGFmb25lLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDgKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTY1MzE3NDIwOTc3Mjc5MjA5OTIKZGVidWdfa2V5OiA0Nzk2ODM0ODkzNDEwMTE2ODcwCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMS0xNiIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDU4NTk3NzQKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzNzgxMDU2NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDEyMTA5MTQ4ODcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjA1NjMzNjM5MDcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1MjQyOTc0NzUKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vdm9kYWZvbmUuZGUiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9vdGVsby5kZSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x8a75d66caf1958b80000000000000000","13":"0x9193df623103dce40000000000000000","14":"0x96064d7725a7da890000000000000000","15":"0xdce68c20270188560000000000000000"},"debug_key":"4796834893410116870","debug_reporting":true,"destination":"https://vodafone.de","event_report_window":"345600","expiry":"691200","filter_data":{"14":[],"21":[],"8":["5859774"]},"priority":"0","source_event_id":"16531742097727920992"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 26ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.316&type=usage&msg=New_CTA-event-1705445434316&llvl=2&id=4345&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~6978705504079323520~~kVNjd_1lHUePO%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 27ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.316&type=usage&msg=New_CTA-event-1705445434316&llvl=2&id=9361&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-available%22%2C%22itemId%22%3A%22~~V1~~6978705504079323520~~kVNjd_1lHUePO%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 26ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.318&type=usage&msg=New_CTA-event-1705445434318&llvl=2&id=3824&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~-3336548942344638469~~My2idKafjDGO%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 26ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.318&type=usage&msg=New_CTA-event-1705445434318&llvl=2&id=8555&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-available%22%2C%22itemId%22%3A%22~~V1~~-3336548942344638469~~My2idKafjDGO%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 26ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.319&type=usage&msg=New_CTA-event-1705445434319&llvl=2&id=6876&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22event-has_cta%22%2C%22itemId%22%3A%22~~V1~~-2100824355682295435~~GWi-cm-o99IN%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 debug
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/ 0
89 B 26ms
26ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/2/debug?tim=23%3A50%3A34.319&type=usage&msg=New_CTA-event-1705445434319&llvl=2&id=9539&cv=20240116-10-RELEASE&lt=deflated&file=new-cta-manager&method=&position=&extraData=%7B%22eventName%22%3A%22filter-item_in_reco_reel_story_widget%22%2C%22itemId%22%3A%22~~V1~~-2100824355682295435~~GWi-cm-o99IN%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 30558

GET
H2 204 abtests
am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/ 0
230 B 27ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-ultrasurf/log/3/abtests?route=AM:AM:V&tvi48=14791&lti=deflated&ri=7436de4035ef50fc869f0a6c9af5c121&sd=v2_9cddc90828df1f3064d48b19683987c7_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445433_1705445433_CIi3jgYQ8-NDGJa-4KPRMSABKAEwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=-1709852854480885386&pt=home&vi=1705445433110&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1705445434321%7D&tim=23%3A50%3A34.321&id=3859&llvl=2&cv=20240116-10-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 c0e72f9146cd04eb5b5adcb69170c145.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 82 KB
83 KB 27ms
26ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c0e72f9146cd04eb5b5adcb69170c145.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2908b32af38f1179ac8a21904561a9611b1bf2f5b05f86762718126eb0f96031

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c0e72f9146cd04eb5b5adcb69170c145.jpg
age: 1480779
edge-cache-tag: 393472694442982774730554374829756880411,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 393472694442982774730554374829756880411,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 214
expiration: expiry-date="Thu, 28 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.nbcnews.com/
content-length: 84178
x-served-by: cache-iad-kcgs7200176-IAD, cache-iad-kjyo7100020-IAD, cache-iad-kcgs7200026-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 28 Aug 2023 15:38:08 GMT
server: nginx
surrogate-reporting: width=1600,height=800,owidth=1600,oheight=900,obytes=543687
x-timer: S1705445434.335505,VS0,VE2
etag: "696218d725af5833b00db1f1f1313528"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 66, 1

GET
H2 200 9bdd1e6ffc7e7781f63a24272458fba4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 22 KB
23 KB 21ms
20ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9bdd1e6ffc7e7781f63a24272458fba4.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 594b8502358c9dd3e6b638be9683e97283f1f40ce5c577895948b33b67865311

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9bdd1e6ffc7e7781f63a24272458fba4.jpg
age: 2391434
edge-cache-tag: 630770987720074874774246095262411355979,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 630770987720074874774246095262411355979,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 543
req-referer: https://www.sport1.de/news/reiten/galopp/2023/09/in-welch-einer-kranken-welt-leben-wir-deutschlands-grosstes-rennen-endet-im-tumult
content-length: 22154
x-request-id: 1231c4e2c2ca2117af10d16c86ccc1b3
x-served-by: cache-iad-kiad7000040-IAD, cache-iad-kiad7000146-IAD, cache-lga21945-LGA, cache-iad-kjyo7100057-IAD, cache-fra-eddf8230059-FRA
last-modified: Sat, 09 Dec 2023 12:13:43 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=38645,owidth=1000,oheight=560,obytes=654097
x-timer: S1705445434.335441,VS0,VE0
etag: "744c89e63f1ef2987ea02bcfae7bb05a"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

GET
H2 200 0da55bc880d58b5c276569ba82a52dd6.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 11 KB
11 KB 22ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0da55bc880d58b5c276569ba82a52dd6.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7ccfdce834a74da2333b8129505be400e6f99105035c4144b8aba725aefed438

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0da55bc880d58b5c276569ba82a52dd6.png
age: 114487
edge-cache-tag: 402884050670973346420276355616976550767,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 402884050670973346420276355616976550767,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 450
req-referer: https://ads.taboola.com/
content-length: 11108
x-request-id: 310439dbdf4ceec31005a94f9d668d61
x-served-by: cache-iad-kiad7000084-IAD, cache-iad-kcgs7200150-IAD, cache-lga21962-LGA, cache-iad-kjyo7100029-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 15 Jan 2024 15:02:26 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=17341,owidth=1000,oheight=600,obytes=696661,ef=(1,13,17,23,30)
x-timer: S1705445434.335694,VS0,VE1
etag: "e5f57c1f073998bb3f4552dd0fbe8196"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2 200 88eb64fd8ed5bd88a5cfd7ff523329da.jpg
images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2%2Cw_600%2Cx_0%2Cy_0/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 18 KB
19 KB 26ms
25ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2%2Cw_600%2Cx_0%2Cy_0/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88eb64fd8ed5bd88a5cfd7ff523329da.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ecf67dab7a65bddf784d19aef6cf92d15e42533dea1f911fe013b94abb5f94a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2%2Cw_600%2Cx_0%2Cy_0/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88eb64fd8ed5bd88a5cfd7ff523329da.jpg
age: 2527499
edge-cache-tag: 567766536699562057147751141635820698524,420617943796659505657211235459483051925,29ecf9b93bbf306179626feeda1fab70
cache-tag: 567766536699562057147751141635820698524,420617943796659505657211235459483051925,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 446
req-referer: https://www.t-online.de/
content-length: 18762
x-request-id: 18bd46e0ab442007ac42fad2c5ba9d8a
x-served-by: cache-iad-kiad7000091-IAD, cache-iad-kiad7000106-IAD, cache-lga21980-LGA, cache-iad-kjyo7100174-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 18 Dec 2023 15:33:00 GMT
server: nginx
surrogate-reporting: width=600,height=300,bytes=29121,owidth=600,oheight=400,obytes=153307,ef=(1,13,17,23,30)
x-timer: S1705445434.336182,VS0,VE1
etag: "c936798621aa5c27b833ab10c81402bb"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 ba540064bc35e750229a86e0137db1ca.jpg
images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 32 KB
33 KB 26ms
26ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba540064bc35e750229a86e0137db1ca.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d2a1eb75cb12f487db4bfc7e6a8333445d6f6d45a4d4ad3c50fd8e5aac97af39

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba540064bc35e750229a86e0137db1ca.jpg
age: 809846
edge-cache-tag: 605155752503379416501050841951386167645,305499717495500220604497488616507148735,29ecf9b93bbf306179626feeda1fab70
cache-tag: 605155752503379416501050841951386167645,305499717495500220604497488616507148735,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 518
req-referer: https://ads.taboola.com/
content-length: 32378
x-request-id: da1f11f2d98636500551110bd3b61074
x-served-by: cache-iad-kcgs7200149-IAD, cache-iad-kiad7000155-IAD, cache-lga21921-LGA, cache-iad-kjyo7100035-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 12 Oct 2023 09:14:52 GMT
server: nginx
surrogate-reporting: width=800,height=450,bytes=51120,owidth=800,oheight=800,obytes=117194
x-timer: S1705445434.336175,VS0,VE1
etag: "ef33680719ce82dbdae098d508f6bb54"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2 200 4e2bc80be2c3429db184f496dd5b499d.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 18 KB
18 KB 26ms
26ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e2bc80be2c3429db184f496dd5b499d.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 787ae6f994540c58549dbf1031186a77411688b395af1ecd1491176243935b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e2bc80be2c3429db184f496dd5b499d.png
age: 1071359
edge-cache-tag: 423380029218975344331059772619224455818,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 423380029218975344331059772619224455818,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 96
req-referer: https://mundogastronomico.online/?p=214
content-length: 18166
x-request-id: 53a7e9603e5301bfb0adb4845e8818f9
x-served-by: cache-iad-kiad7000122-IAD, cache-iad-kjyo7100126-IAD, cache-iad-kjyo7100033-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 03 Sep 2023 19:14:39 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=29511,owidth=1200,oheight=800,obytes=1855155
x-timer: S1705445434.336173,VS0,VE1
etag: "1504bfd5719b2e62c780ec3934efc3f8"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 27, 1

GET
H2 200 e874e2051d2fb2979285c6f9c4d9c204.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 42 KB
43 KB 27ms
22ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e874e2051d2fb2979285c6f9c4d9c204.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bf89e1e11f54e253ba4590830d0f4c4624d952a34e7861526d70d9565c38021

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e874e2051d2fb2979285c6f9c4d9c204.png
age: 1258575
edge-cache-tag: 554885977389195057601389873777983101175,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 554885977389195057601389873777983101175,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, MISS, HIT, MISS, HIT
x-envoy-upstream-service-time: 176
expiration: expiry-date="Fri, 02 Feb 2024 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.lecker.de/
content-length: 43434
x-served-by: cache-iad-kiad7000172-IAD, cache-iad-kiad7000126-IAD, cache-lga21950-LGA, cache-iad-kcgs7200088-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 02 Jan 2024 09:05:51 GMT
server: nginx
surrogate-reporting: width=1000,height=500,bytes=85041,owidth=1000,oheight=600,obytes=1130510,ef=(1,13,17,23,30)
x-timer: S1705445434.364873,VS0,VE1
etag: "5b839a1b41ae228fea986962ea9578b2"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 0, 1

GET
H2 200 225ac8178e01d02c9544635181d11e27.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 24ms
20ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/225ac8178e01d02c9544635181d11e27.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4a7217cf2d2c7aba86c5576afc224994cc9256815ec519267e088c451980c5f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/225ac8178e01d02c9544635181d11e27.jpg
age: 1246712
edge-cache-tag: 602328860012357606151299032710582386322,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 602328860012357606151299032710582386322,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 94
expiration: expiry-date="Wed, 25 Oct 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://food.ndtv.com/
content-length: 8894
x-served-by: cache-iad-kjyo7100113-IAD, cache-iad-kjyo7100113-IAD, cache-chi-kigq8000167-CHI, cache-iad-kiad7000136-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 24 Sep 2023 21:57:05 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=15116,owidth=2139,oheight=1197,obytes=122388
x-timer: S1705445434.364873,VS0,VE1
etag: "c64de5afe6c88990dc4e3d4d7d879f65"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 0, 144, 1

GET
H2 200 6740acabb3b1d0743e0b540a85210e48.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 21ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6740acabb3b1d0743e0b540a85210e48.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 49dd0771df4e1f406c319ed777dcf66b25b6c16dff5ab2247f6931edc3a79067

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6740acabb3b1d0743e0b540a85210e48.jpg
age: 2663475
edge-cache-tag: 404558988614948926469752625586755848111,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 404558988614948926469752625586755848111,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 413
req-referer: https://tvmag.lefigaro.fr/
content-length: 9198
x-request-id: f8fcf6b5bbbcd23304d4926faf17e79c
x-served-by: cache-iad-kiad7000043-IAD, cache-iad-kjyo7100123-IAD, cache-iad-kiad7000131-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 03 Sep 2023 15:21:15 GMT
server: nginx
x-timer: S1705445434.367117,VS0,VE1
etag: "4f40613b0ea698f33759bb64c47e6ccd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 25, 1

GET
H2 200 a5dfe90c8c2fec92f54ff7d19eca86ab.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 21 KB
22 KB 22ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a5dfe90c8c2fec92f54ff7d19eca86ab.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c1d6f22645ce955768c18e3817ef28506b3f65a3d145331309b91566e826184a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a5dfe90c8c2fec92f54ff7d19eca86ab.png
age: 2379457
edge-cache-tag: 538234786908926124763118220216629194340,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 538234786908926124763118220216629194340,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, MISS, HIT
x-envoy-upstream-service-time: 133
req-referer: https://as.com/
content-length: 21638
x-request-id: be1525893888e56a29a83ab5601ccacd
x-served-by: cache-iad-kjyo7100118-IAD, cache-iad-kcgs7200120-IAD, cache-lga21974-LGA, cache-iad-kjyo7100106-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 20 Dec 2023 09:24:25 GMT
server: nginx
surrogate-reporting: width=1456,height=728,bytes=85026,owidth=1456,oheight=816,obytes=1601475,ef=(1,13,17,23,30)
x-timer: S1705445434.367103,VS0,VE1
etag: "1db2b68e6bcce5378802a6e47a174bdd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 0, 1

GET
H2 200 32dbb5d53d34c0edd2b7f06a959db4b8.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 86 KB
87 KB 23ms
22ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/32dbb5d53d34c0edd2b7f06a959db4b8.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d451a5186906868b9d028355f2d05dcdd466557634a44e81a242c55a744e0e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/32dbb5d53d34c0edd2b7f06a959db4b8.jpeg
age: 2426615
edge-cache-tag: 476980585283032880168901924511576965013,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 476980585283032880168901924511576965013,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 918
req-referer: https://happyhunde.de/
content-length: 88284
x-request-id: 5530c25d91487cc8818a001941cf1e99
x-served-by: cache-iad-kiad7000178-IAD, cache-iad-kjyo7100153-IAD, cache-lga21959-LGA, cache-iad-kiad7000174-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 08 Nov 2023 10:05:54 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=113022,owidth=2121,oheight=1414,obytes=3145153
x-timer: S1705445434.367089,VS0,VE1
etag: "d7d47c6884663daa25d1d1885a9f62c4"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 1

GET
H2 200 65298122adbc205f15aa2f1df04ca372.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 35 KB
36 KB 23ms
23ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65298122adbc205f15aa2f1df04ca372.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 15afbb62570fa1405f25871014ad7b2037b3da2171404291c637e37903057171

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65298122adbc205f15aa2f1df04ca372.png
age: 1180344
edge-cache-tag: 492844040531328819733840448403620521743,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 492844040531328819733840448403620521743,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, MISS, HIT
x-envoy-upstream-service-time: 257
req-referer: https://www.tvdigital.de/
content-length: 35764
x-request-id: 6991a98911f081906505b810cb6b874c
x-served-by: cache-iad-kjyo7100088-IAD, cache-iad-kcgs7200171-IAD, cache-chi-klot8100133-CHI, cache-iad-kiad7000078-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 20 Nov 2023 07:47:00 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=71562,owidth=1000,oheight=600,obytes=871641
x-timer: S1705445434.367246,VS0,VE1
etag: "ac44eed1bb7c42a16e3918a6cef495c3"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3, 1, 0, 1

GET
H2 200 90924334-ad10-4f02-825c-ecf64bb9bf43__uFy95InN.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/STABLE_DIFFUSION_OUTCROP/ESD/ 21 KB
22 KB 24ms
19ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/STABLE_DIFFUSION_OUTCROP/ESD/90924334-ad10-4f02-825c-ecf64bb9bf43__uFy95InN.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 92d94f26a71260f876596c0cde67a5e16574914ac767017e57d86eae94bf2933

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/STABLE_DIFFUSION_OUTCROP/ESD/90924334-ad10-4f02-825c-ecf64bb9bf43__uFy95InN.jpg
age: 353402
edge-cache-tag: 538577482758670559330075051147909637405,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 538577482758670559330075051147909637405,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 876
req-referer: https://www.wn.de/
content-length: 21270
x-request-id: 997193608be2e5e23a11abe17bd26b80
x-served-by: cache-iad-kcgs7200158-IAD, cache-iad-kiad7000092-IAD, cache-lax-kwhp1940112-LAX, cache-iad-kcgs7200042-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 12 Jan 2024 12:02:23 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=34037,owidth=2650,oheight=1491,obytes=803751,ef=(1,13,17,23,30)
x-timer: S1705445434.389728,VS0,VE1
etag: "75951a92598b2a7f037c24fd433ab70e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2 200 1423157453__8brW0CpU.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/ 32 KB
33 KB 24ms
19ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1423157453__8brW0CpU.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9b865a2acfac38f253ac707b7594c61f107324d222d7ed62023e6e36d3fc64e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1423157453__8brW0CpU.jpg
age: 1730831
edge-cache-tag: 483998751682395725952657145745031256798,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 483998751682395725952657145745031256798,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 647
req-referer: https://lifestyleguroz.com/
content-length: 33038
x-request-id: beba000f69fe381e8d68f35c95221251
x-served-by: cache-iad-kcgs7200071-IAD, cache-iad-kjyo7100028-IAD, cache-lga21930-LGA, cache-iad-kjyo7100179-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 19 Dec 2023 07:32:18 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=53362,owidth=2121,oheight=1414,obytes=1506070,ef=(1,13,17,23,30)
x-timer: S1705445434.391013,VS0,VE1
etag: "dba9350532e327290bf8adbe0aca9133"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 8, 1

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame CB60 39 KB
15 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/630/s1.adform.net/ Frame A70B 37 KB
17 KB 146ms
31ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=68651521;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=20563363907&extPm=20563363907&extCr=524297475&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CqJMWOQinZfLXC7iH7_UP7rKWqA2Vlrftc67trp72EfvV9P0IEAEguoTAM2CVgoCAsAegAYbHmLcpyAEJqQJE4XrXqjqyPqgDAcgDmwSqBK8CT9BPNoWdGp46EZT45A-Kq5eaFo2tQd4q-zvA72G77U216I1Y5HlWC297O30TAQlZVBDTka-Njt0CTrgpAEGpr60LzERiiS5I6WdcyvQsbb_1ObRRRYkxj4K25h7s3aLBkY-NmZA77gGabEA9Ll50fLfyvriTwWo5_zOA9-fdo5iWWwiKoMKvlPwNziOm3tDe2qMfzXaSpIGZUfJkJn_XyULjVrK64MWb0bQCSWN7kv7OO6FagwnfVvlc89UFpLmOcTnl6cLiP2c_a04pbTwxp-LYFGBI_ZY2slhtpOsem6R8jqxNMHhB2JIAEO-CYSurRqMkk5K7msxEVAmf3CwxWYr4UvHyZCPj8YSuz5d8mBpmxiIdrGqM4LnSqte3BaUoXT01FWxAEx2ZY9LYVKdywAS6mvXlugTgBAOIBcOQsM1MkAYBoAZNgAeG_-iWBKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WLzv6Kn_4oMDgAoDmAsByAsBgAwBqg0CREXiDRMItaXpqf_igwMVuMO7CB1umQXVsBPwvZQW2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&sig=AOD64_3hAeEVPGXxdM-Kv0zHuo1uL25XJA&client=ca-pub-8933329999391104&dbm_c=AKAmf-Cy3htbXSBwOwa-1YZ8Y-XIjan42tVyMLE_SIrAWFNZo5Tj6U-fstter_VQnsaCWHVYgI9hx6oVIOrvVuuWVVPXNc0O_jeLOeDtBZrtBQSLOevtrBoQLDzKsvjoKyz58ZYzpNlNrpyf3CzPYvxVqVbTNcBZlamEMYUtJlM_sOriIlEv6_A&cry=1&dbm_d=AKAmf-AkMEX3FfW725xH94XzziHssC0Tw3C301fBsRHy52NAy_V01B3yjC1CE8Ok3u10K0A719xvKcaMuIG6Xy7FK3OKlW-nue-5LPzl64NUhxqSmo0AoMKpLSoTaWKZ2uA1xvBIit5-PKVA_DyzCc27aCqotWjeyGglBoeWt9RKNhuOh9PSHRaCu1NCb4DfMDRd3n5ndlNaUIgxidAb0QjosvVcG4q2qe38Whxhydg3IWzkhOFwk4LbUzgr-wooZdLXVeYrIsOFYHj7n2u5qyQS7jVFB7Qbbrjq8knz3d8Ruk2NAeYrs7tlBuaY78w33ZMTJmGKZuz-8hz4ab3LEDk6b---cRcP54QB1RUcB6HIBcUeolgnoohDu1LSQN1qnz0abCy0s3uHXON8NFmM6NyN4ihlAZNG5r13mlOch0Je1U1ton6CKay423wXK1EfNmp8UATR0aXcStJl8isNNVHnMkcXTc_SdGflm7F-wP8GGG4ot_5fXU2n4t3k4CJ0kvp1ipElfMS1oY4OK8MEp5_-GnT0sjN-v4FFDUKH36zDMSNBo1cnKRv0NWRU47zAcXhh1NWf5HyR&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 294c654fb3f1e0a0ddd534a1581185ad9482112c5ce7b9a3d08313fcf2ee1106

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
last-modified: Tue, 19 Dec 2023 10:28:27 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 05 Jan 2024 17:45:08 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1878143/77320179/ 60 KB
15 KB 49ms
44ms Script
application/javascript 54.73.100.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433723-0
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.73.100.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-73-100-143.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f26906b008d7b9516278fcecd8345df6ab9bed304a329b01c6a95ef09442b0f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

POST
H2 204 required-viewability-available Show response
trc.taboola.com/ultrasurf-ultrasurf/log/3/ 0
319 B 34ms
30ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/log/3/required-viewability-available?tvi48=14791&route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 8
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7370
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
pragma: no-cache
server: nginx
x-timer: S1705445434.364885,VS0,VE8
content-type: image/gif
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 event
skydeutschland.demdex.net/ 42 B
492 B 51ms
47ms Image
image/gif 54.74.69.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.74.69.97 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-69-97.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-0e377c1af.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: fEGVR9ROSBo=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
x-error: 315
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ 43 B
1 KB 110ms
31ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=8&extPu=sky-dcm&extLi=31090180&extPm=383820185&extCr=206985712&subid=ADGapID_026_800138_550762062-550762062&rnd=[Timestamp]&gdpr=1&gdpr_consent=

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.91 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Tue, 16 Jan 2024 22:50:34 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Di, 16 Jan 2024 10:50:34 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B31090180.383820185;dc_pre=CIq-sqr_4oMDFQChgwcdp10P-A;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc...
ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatm...
https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CIq-sqr_4oMDFQChgwcdp10P-A;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_r...

43 B
64 B

34ms
34ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CIq-sqr_4oMDFQChgwcdp10P-A;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1111979.2621703TABOOLAGERMANYGM/B31090180.383820185;dc_pre=CIq-sqr_4oMDFQChgwcdp10P-A;dc_trk_aid=575149027;dc_trk_cid=206985712;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;gdpr_consent=;ltd=;dc_tdv=1?;dc_ref=ultrasurfing.com
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1CA5 40 KB
11 KB 28ms
27ms Script
text/html 104.119.110.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.119.110.47 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-119-110-47.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: df4e046af88eb6c5d3c6ba6cc9f90e64ce53a1cdd55b9d0c8ec1a9f7e476fb75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Jan 2024 02:25:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12948
Connection: keep-alive
Content-Length: 10964
Expires: Wed, 17 Jan 2024 02:26:22 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CAC 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 24E1 0
0 54ms
54ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssAkP2aU_8KV09rWECvFXCguzTQ6jk5r8WjKFKF4NkWAHvAJ1u5ZgsxOMWoWS9hRT2b_p9YPX1EdnzzY1ah7ZJr1HhHbAKrQpAhXpoazecXssAur-yq8KzhUiDblqTnA1DT0_H_0s0a9YyExPUTuAKh3xfMq9-I9Na6_8gx-NGnajMMPevJP46840Yzb3h4kLbtmJB2iQtGkoiUh9O5z8FawVWHb0htTvBixDWlOgvQivB8B5HjDS6_EMciwlfd-biERryI2Guz08KZmHoSR6l8rr_I3c-C8xL5mgfMBbXUNlZKDmRJqp8R8hnskOiCeVzmmKyd8yiAhtCfMbkKjwHt1n7fmTiRlzen7pGH1qmPPjfkxIxe--jSWs0fPWpNnF-ZR90wb1390hurwj05sq1uzpE6qxVhm5ZG4X1Idb0m-Z1j4ZOIQbPe5fw_wfBZxuw4mmPZKmqzli65IBsszZfYpdu2TwuolRaJ8oxWLibFKnOhtfmZ8a1uok30i26ZDYctft0dH_3Pj9kwNvqgC7rJR2G-na80r-1vutbuDv8VwmnGK1ZaGT8t52ClGRyqlo1zI2MKd9RwvlfpSaavnwFRO0jdNOJlenlsnOult1KHCnC-oPKu0aMB2AF5tSE5HO6CurU3ZmECbjf5ayKsctyQxfRbl1eWWZlKmcuD-FrFJFLJmRUqIyJdZSL7SOkoTAWdyVsRBv5BdyiZDLxqZa0O9solvSfW0tL5YaCH1qyBVznllmx6DM0miIrWfO_Tt9XEffiFWhOpPGFVRZb5R_Lf9SVNtOps32Qq1zA8ZMetXuf-TFda6oJ291qX7EEIuG0JD9GurOAizXcv3-KgsMx7tIzbLz90Hhlib5g6fNaTdvDAxcfIoVHEXCcNkYztl8Kmj26NkDdyGo5707U4v8gIiYdXkAibCMM8kk1_yL2ZGNhC4vbIpTugYOdp9hKVjEWE4nudxUr0Qxq6GpFTX_PykefLWZBE-8ZJDokW5wMxGRIpeGzbuu-5zDXCpbeCmExQdxGtlga1syyk7bGjaQ-lcBiCDGZqlveCLG8U3MZW-rTHEm_VhlGEpL61KFGEdQ8no1tBgpyxOxxbGXOFank-4uxzXONPRBXaAwNQtitWXVBYR6oQf3zk8eg6qx-hLFskDm8C6sIHpqrr9cbp8MXC3xlusKvg9T6r0m5JM3WE_LJg3wqLsQ4LGTUNuIm-sp_qQ4L-zVDgdwPxMT_NhRKLu2aVElID_q60cRMC4_Jan55Kd0GPmLVfwlEWBF-R1m3OoVeiQo4d_hfgprtZOylhrZ3JEqmmyXtIHV2YVrseK6fRnL4LBbsj9of3bJAEbZuMcHgCjPpF23p1uGHJ-af6Q01SuYB7Ec1-aWtuC2rqn0clMO2L3CVzAbpCmT49OqZGVKzYsq2zLSU884lY-jrgXd7mgSsXXAcmY5OQB3msSxepe0UJfEWF7wNEnLT1QqI&sai=AMfl-YSeqHDgTfyJaLO6zsFn6Bx1gwk_uoq2RbwlWd_Kf-t8feJvxe3STB9xx_D1lIYuN0wKdemieHvkIuUteOY-u0BRx15YWQSlXIlvdgHnTsym5U9UBj4RqyZTB9hd9IBJT-0-mxiRBKpyC7zMHTp75rQStLGbTBRlOH9yu2WF9CupEJLiy1xjtOz-HPd7jETOK9gtWpYhSS8TjvNgk8Tt91mWU8i05Ryi5iWRAOUYcEtJEq7ayYc-MeIC3GEnRN_JWK9pWRiQ8yTzH0n2AczOChJFBLou8Zhn2x3hqZ3KgBaJ6LzqFl11vOcxpUTkLdCztz5IqlaAFWUxQCXACnhWr4Ueld9FYNvFL2XbZANafzRTEhaxUwIhD7b5l8NW7z3MgvdDR7Vk4CsCxwpD_KgNUPeKwUnL5OHnvC1ZEQVTRmzpYfYjw8_enhtd6BLTlpgB3jobJT1g4XGLELG1mOK5OpI_Ed_mEH-35_-lLKHhDZy17ZpYIJlh-cEXquMNzicZiG8c6Q&sig=Cg0ArKJSzBDul7Qbze4qEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=454&vt=11&dtpt=326&dett=3&cstd=121&cisv=r20240111.69835&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433612-pl1-0&adsafe_url=http%3A%2F%2Fultrasurfing.com%2F&adsafe_ty...
https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433612-pl1-0

17 B
465 B

28ms
27ms

Script
application/javascript

2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433612-pl1-0
Protocol: H2
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 01:45:55 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 16491880
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: UBvFpXOveQtjUqs1DFG7u_DR14bb6TPsnuLzg8hYmo6ed6QG9FT_AA==

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433612-pl1-0
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame C528 91 KB
23 KB 30ms
30ms Script
application/javascript 2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 12235406
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: IUAk-fcZF6a29q0G4GW7xtklw2IFSK9-ywjU9kYbqLsioSo-XQYqcw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9bdd1e6ffc7e7781f63a24272458fba4.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 594b8502358c9dd3e6b638be9683e97283f1f40ce5c577895948b33b67865311

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9bdd1e6ffc7e7781f63a24272458fba4.jpg
age: 2391434
edge-cache-tag: 630770987720074874774246095262411355979,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 630770987720074874774246095262411355979,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 543
req-referer: https://www.sport1.de/news/reiten/galopp/2023/09/in-welch-einer-kranken-welt-leben-wir-deutschlands-grosstes-rennen-endet-im-tumult
content-length: 22154
x-request-id: 1231c4e2c2ca2117af10d16c86ccc1b3
x-served-by: cache-iad-kiad7000040-IAD, cache-iad-kiad7000146-IAD, cache-lga21945-LGA, cache-iad-kjyo7100057-IAD, cache-fra-eddf8230059-FRA
last-modified: Sat, 09 Dec 2023 12:13:43 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=38645,owidth=1000,oheight=560,obytes=654097
x-timer: S1705445434.405287,VS0,VE0
etag: "744c89e63f1ef2987ea02bcfae7bb05a"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0da55bc880d58b5c276569ba82a52dd6.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7ccfdce834a74da2333b8129505be400e6f99105035c4144b8aba725aefed438

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0da55bc880d58b5c276569ba82a52dd6.png
age: 114487
edge-cache-tag: 402884050670973346420276355616976550767,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 402884050670973346420276355616976550767,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 450
req-referer: https://ads.taboola.com/
content-length: 11108
x-request-id: 310439dbdf4ceec31005a94f9d668d61
x-served-by: cache-iad-kiad7000084-IAD, cache-iad-kcgs7200150-IAD, cache-lga21962-LGA, cache-iad-kjyo7100029-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 15 Jan 2024 15:02:26 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=17341,owidth=1000,oheight=600,obytes=696661,ef=(1,13,17,23,30)
x-timer: S1705445434.414508,VS0,VE0
etag: "e5f57c1f073998bb3f4552dd0fbe8196"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c0e72f9146cd04eb5b5adcb69170c145.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2908b32af38f1179ac8a21904561a9611b1bf2f5b05f86762718126eb0f96031

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c0e72f9146cd04eb5b5adcb69170c145.jpg
age: 1480779
edge-cache-tag: 393472694442982774730554374829756880411,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 393472694442982774730554374829756880411,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 214
expiration: expiry-date="Thu, 28 Sep 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.nbcnews.com/
content-length: 84178
x-served-by: cache-iad-kcgs7200176-IAD, cache-iad-kjyo7100020-IAD, cache-iad-kcgs7200026-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 28 Aug 2023 15:38:08 GMT
server: nginx
surrogate-reporting: width=1600,height=800,owidth=1600,oheight=900,obytes=543687
x-timer: S1705445434.414833,VS0,VE0
etag: "696218d725af5833b00db1f1f1313528"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 66, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2%2Cw_600%2Cx_0%2Cy_0/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88eb64fd8ed5bd88a5cfd7ff523329da.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ecf67dab7a65bddf784d19aef6cf92d15e42533dea1f911fe013b94abb5f94a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2%2Cw_600%2Cx_0%2Cy_0/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88eb64fd8ed5bd88a5cfd7ff523329da.jpg
age: 2527499
edge-cache-tag: 567766536699562057147751141635820698524,420617943796659505657211235459483051925,29ecf9b93bbf306179626feeda1fab70
cache-tag: 567766536699562057147751141635820698524,420617943796659505657211235459483051925,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 446
req-referer: https://www.t-online.de/
content-length: 18762
x-request-id: 18bd46e0ab442007ac42fad2c5ba9d8a
x-served-by: cache-iad-kiad7000091-IAD, cache-iad-kiad7000106-IAD, cache-lga21980-LGA, cache-iad-kjyo7100174-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 18 Dec 2023 15:33:00 GMT
server: nginx
surrogate-reporting: width=600,height=300,bytes=29121,owidth=600,oheight=400,obytes=153307,ef=(1,13,17,23,30)
x-timer: S1705445434.414801,VS0,VE0
etag: "c936798621aa5c27b833ab10c81402bb"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 2

GET
H2 200 ba540064bc35e750229a86e0137db1ca.jpg
images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 32 KB
32 KB 24ms
23ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba540064bc35e750229a86e0137db1ca.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d2a1eb75cb12f487db4bfc7e6a8333445d6f6d45a4d4ad3c50fd8e5aac97af39

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.7778%2Cw_800%2Cx_0%2Cy_175/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ba540064bc35e750229a86e0137db1ca.jpg
age: 809846
edge-cache-tag: 605155752503379416501050841951386167645,305499717495500220604497488616507148735,29ecf9b93bbf306179626feeda1fab70
cache-tag: 605155752503379416501050841951386167645,305499717495500220604497488616507148735,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 518
req-referer: https://ads.taboola.com/
content-length: 32378
x-request-id: da1f11f2d98636500551110bd3b61074
x-served-by: cache-iad-kcgs7200149-IAD, cache-iad-kiad7000155-IAD, cache-lga21921-LGA, cache-iad-kjyo7100035-IAD, cache-fra-eddf8230059-FRA
last-modified: Thu, 12 Oct 2023 09:14:52 GMT
server: nginx
surrogate-reporting: width=800,height=450,bytes=51120,owidth=800,oheight=800,obytes=117194
x-timer: S1705445434.414833,VS0,VE0
etag: "ef33680719ce82dbdae098d508f6bb54"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

GET
H2 200 4e2bc80be2c3429db184f496dd5b499d.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 18 KB
19 KB 21ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e2bc80be2c3429db184f496dd5b499d.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 787ae6f994540c58549dbf1031186a77411688b395af1ecd1491176243935b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4e2bc80be2c3429db184f496dd5b499d.png
age: 1071359
edge-cache-tag: 423380029218975344331059772619224455818,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 423380029218975344331059772619224455818,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 96
req-referer: https://mundogastronomico.online/?p=214
content-length: 18166
x-request-id: 53a7e9603e5301bfb0adb4845e8818f9
x-served-by: cache-iad-kiad7000122-IAD, cache-iad-kjyo7100126-IAD, cache-iad-kjyo7100033-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 03 Sep 2023 19:14:39 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=29511,owidth=1200,oheight=800,obytes=1855155
x-timer: S1705445434.414782,VS0,VE0
etag: "1504bfd5719b2e62c780ec3934efc3f8"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 27, 2

GET
H/1.1 200
OK content_v3.js Show response
vidstat.taboola.com/ 16 KB
6 KB 22ms
20ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/content_v3.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmTagFEED_MANAGER.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 12af7975664854ca36da674714083fa05297940fce71e42dabf688e2eb19a0f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P1
Age: 1609081
X-Cache: Hit from cloudfront, HIT
Connection: keep-alive
Content-Length: 4839
X-Served-By: cache-fra-etou8220074-FRA
Last-Modified: Wed, 20 Jul 2022 13:23:50 GMT
Server: AmazonS3
X-Timer: S1705445434.438934,VS0,VE0
ETag: "f7533e747bb02a8eb527ada4f2749620"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: WPQDSHjI0-yBKHiRyp0A6R83yvp_1Crbueri-3T9dZgaMPkT7wTTlA==
X-Cache-Hits: 9357

GET
H/1.1 200
OK OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v15.8.9/ 429 KB
101 KB 22ms
22ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v15.8.9/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmTagFEED_MANAGER.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0ce49c63580738406cf9dde96aca7fd4590b863d0206d274178765078ba47049

Request headers

Referer: http://ultrasurfing.com/
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-meta-mtime: 1705312862
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 eb99f1f32a184a8c9c9c920381a7576a.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P5
Age: 131432
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront, HIT
x-amz-meta-ctime: 1705312862
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Length: 102402
X-Served-By: cache-fra-etou8220095-FRA
Last-Modified: Mon, 15 Jan 2024 10:01:03 GMT
Server: AmazonS3
X-Timer: S1705445434.446119,VS0,VE0
ETag: "86abdccfcbcf98a3362495d6b79d33d3"
x-amz-meta-uid: 0
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: application/javascript
x-amz-meta-gid: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 1lyKH_gmummk_Tt9y5LsqkWE6JQIB9gu4Ozly8xjpy8cy55fwwThOg==
X-Cache-Hits: 816

GET
H2 200 sync Show response
am-match.taboola.com/ Frame ECE6 439 B
524 B 28ms
28ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: eeb4df351ca75ce2925ca9ddd959d51ad20444ee88c0feec245493021519657d

Request headers

Referer: http://ultrasurfing.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 16 Jan 2024 22:50:34 GMT
machineid: 3401
server: nginx

GET
H/1.1 200 st
am-vid-events.taboola.com/ 0
112 B 510ms
510ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66361655&crid=-1&dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&cmcv=&pix=31579697&cb=1705445434436&uv=3373&tms=1705445434436&su=3&abt=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vG&ft=0&unm=FEED_MANAGER&su=3&
Protocol: HTTP/1.1
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e874e2051d2fb2979285c6f9c4d9c204.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bf89e1e11f54e253ba4590830d0f4c4624d952a34e7861526d70d9565c38021

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e874e2051d2fb2979285c6f9c4d9c204.png
age: 1258575
edge-cache-tag: 554885977389195057601389873777983101175,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 554885977389195057601389873777983101175,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, MISS, HIT, MISS, HIT
x-envoy-upstream-service-time: 176
expiration: expiry-date="Fri, 02 Feb 2024 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.lecker.de/
content-length: 43434
x-served-by: cache-iad-kiad7000172-IAD, cache-iad-kiad7000126-IAD, cache-lga21950-LGA, cache-iad-kcgs7200088-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 02 Jan 2024 09:05:51 GMT
server: nginx
surrogate-reporting: width=1000,height=500,bytes=85041,owidth=1000,oheight=600,obytes=1130510,ef=(1,13,17,23,30)
x-timer: S1705445434.459491,VS0,VE0
etag: "5b839a1b41ae228fea986962ea9578b2"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 0, 2

GET
H2 200 225ac8178e01d02c9544635181d11e27.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
9 KB 23ms
21ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/225ac8178e01d02c9544635181d11e27.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4a7217cf2d2c7aba86c5576afc224994cc9256815ec519267e088c451980c5f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/225ac8178e01d02c9544635181d11e27.jpg
age: 1246712
edge-cache-tag: 602328860012357606151299032710582386322,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 602328860012357606151299032710582386322,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 94
expiration: expiry-date="Wed, 25 Oct 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://food.ndtv.com/
content-length: 8894
x-served-by: cache-iad-kjyo7100113-IAD, cache-iad-kjyo7100113-IAD, cache-chi-kigq8000167-CHI, cache-iad-kiad7000136-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 24 Sep 2023 21:57:05 GMT
server: nginx
surrogate-reporting: width=360,height=200,bytes=15116,owidth=2139,oheight=1197,obytes=122388
x-timer: S1705445434.459994,VS0,VE0
etag: "c64de5afe6c88990dc4e3d4d7d879f65"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 0, 144, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6740acabb3b1d0743e0b540a85210e48.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 49dd0771df4e1f406c319ed777dcf66b25b6c16dff5ab2247f6931edc3a79067

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6740acabb3b1d0743e0b540a85210e48.jpg
age: 2663475
edge-cache-tag: 404558988614948926469752625586755848111,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
cache-tag: 404558988614948926469752625586755848111,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 413
req-referer: https://tvmag.lefigaro.fr/
content-length: 9198
x-request-id: f8fcf6b5bbbcd23304d4926faf17e79c
x-served-by: cache-iad-kiad7000043-IAD, cache-iad-kjyo7100123-IAD, cache-iad-kiad7000131-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 03 Sep 2023 15:21:15 GMT
server: nginx
x-timer: S1705445434.459995,VS0,VE0
etag: "4f40613b0ea698f33759bb64c47e6ccd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 25, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a5dfe90c8c2fec92f54ff7d19eca86ab.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c1d6f22645ce955768c18e3817ef28506b3f65a3d145331309b91566e826184a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_370%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a5dfe90c8c2fec92f54ff7d19eca86ab.png
age: 2379457
edge-cache-tag: 538234786908926124763118220216629194340,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 538234786908926124763118220216629194340,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, MISS, HIT
x-envoy-upstream-service-time: 133
req-referer: https://as.com/
content-length: 21638
x-request-id: be1525893888e56a29a83ab5601ccacd
x-served-by: cache-iad-kjyo7100118-IAD, cache-iad-kcgs7200120-IAD, cache-lga21974-LGA, cache-iad-kjyo7100106-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 20 Dec 2023 09:24:25 GMT
server: nginx
surrogate-reporting: width=1456,height=728,bytes=85026,owidth=1456,oheight=816,obytes=1601475,ef=(1,13,17,23,30)
x-timer: S1705445434.459971,VS0,VE0
etag: "1db2b68e6bcce5378802a6e47a174bdd"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/32dbb5d53d34c0edd2b7f06a959db4b8.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d451a5186906868b9d028355f2d05dcdd466557634a44e81a242c55a744e0e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/32dbb5d53d34c0edd2b7f06a959db4b8.jpeg
age: 2426615
edge-cache-tag: 476980585283032880168901924511576965013,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 476980585283032880168901924511576965013,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 918
req-referer: https://happyhunde.de/
content-length: 88284
x-request-id: 5530c25d91487cc8818a001941cf1e99
x-served-by: cache-iad-kiad7000178-IAD, cache-iad-kjyo7100153-IAD, cache-lga21959-LGA, cache-iad-kiad7000174-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 08 Nov 2023 10:05:54 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=113022,owidth=2121,oheight=1414,obytes=3145153
x-timer: S1705445434.459952,VS0,VE0
etag: "d7d47c6884663daa25d1d1885a9f62c4"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65298122adbc205f15aa2f1df04ca372.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 15afbb62570fa1405f25871014ad7b2037b3da2171404291c637e37903057171

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65298122adbc205f15aa2f1df04ca372.png
age: 1180344
edge-cache-tag: 492844040531328819733840448403620521743,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 492844040531328819733840448403620521743,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, MISS, HIT
x-envoy-upstream-service-time: 257
req-referer: https://www.tvdigital.de/
content-length: 35764
x-request-id: 6991a98911f081906505b810cb6b874c
x-served-by: cache-iad-kjyo7100088-IAD, cache-iad-kcgs7200171-IAD, cache-chi-klot8100133-CHI, cache-iad-kiad7000078-IAD, cache-fra-eddf8230059-FRA
last-modified: Mon, 20 Nov 2023 07:47:00 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=71562,owidth=1000,oheight=600,obytes=871641
x-timer: S1705445434.460262,VS0,VE0
etag: "ac44eed1bb7c42a16e3918a6cef495c3"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3, 1, 0, 2

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 6B0E 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/STABLE_DIFFUSION_OUTCROP/ESD/90924334-ad10-4f02-825c-ecf64bb9bf43__uFy95InN.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 92d94f26a71260f876596c0cde67a5e16574914ac767017e57d86eae94bf2933

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/STABLE_DIFFUSION_OUTCROP/ESD/90924334-ad10-4f02-825c-ecf64bb9bf43__uFy95InN.jpg
age: 353402
edge-cache-tag: 538577482758670559330075051147909637405,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 538577482758670559330075051147909637405,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 876
req-referer: https://www.wn.de/
content-length: 21270
x-request-id: 997193608be2e5e23a11abe17bd26b80
x-served-by: cache-iad-kcgs7200158-IAD, cache-iad-kiad7000092-IAD, cache-lax-kwhp1940112-LAX, cache-iad-kcgs7200042-IAD, cache-fra-eddf8230059-FRA
last-modified: Fri, 12 Jan 2024 12:02:23 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=34037,owidth=2650,oheight=1491,obytes=803751,ef=(1,13,17,23,30)
x-timer: S1705445434.485336,VS0,VE0
etag: "75951a92598b2a7f037c24fd433ab70e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

GET
H/1.1 206
Partial Content blackScreen5.mp4
vidstatb.taboola.com/vid/ 89 KB
90 KB 50ms
22ms Media
video/mp4 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstatb.taboola.com/vid/blackScreen5.mp4
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-mtime: 1497790207
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 795296520f6c881b9bc43c02feb87e9a.cloudfront.net (CloudFront), 1.1 varnish
X-Amz-Cf-Pop: WAW51-P3
Age: 1264283
X-Cache: Hit from cloudfront, HIT
Content-Range: bytes 0-90783/90784
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Length: 90784
X-Served-By: cache-fra-etou8220075-FRA
Last-Modified: Sun, 02 Jul 2017 20:40:57 GMT
Server: AmazonS3
X-Timer: S1705445435.501221,VS0,VE0
ETag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-uid: 0
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: xtvdtXdg65Tse6z_ZJhus8xqGCETujMuNl_HaJqQ-1vnBjJJMisxCQ==
X-Cache-Hits: 385192

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1423157453__8brW0CpU.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9b865a2acfac38f253ac707b7594c61f107324d222d7ed62023e6e36d3fc64e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_412%2Cw_740%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1423157453__8brW0CpU.jpg
age: 1730831
edge-cache-tag: 483998751682395725952657145745031256798,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
cache-tag: 483998751682395725952657145745031256798,344084207907225147675794535276677417900,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 647
req-referer: https://lifestyleguroz.com/
content-length: 33038
x-request-id: beba000f69fe381e8d68f35c95221251
x-served-by: cache-iad-kcgs7200071-IAD, cache-iad-kjyo7100028-IAD, cache-lga21930-LGA, cache-iad-kjyo7100179-IAD, cache-fra-eddf8230059-FRA
last-modified: Tue, 19 Dec 2023 07:32:18 GMT
server: nginx
surrogate-reporting: width=740,height=412,bytes=53362,owidth=2121,oheight=1414,obytes=1506070,ef=(1,13,17,23,30)
x-timer: S1705445434.485318,VS0,VE0
etag: "dba9350532e327290bf8adbe0aca9133"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 8, 2

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 1CA5 7 B
380 B 100ms
20ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=1&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: b71bced807741b20dd93dce6c2d26405
Expires: 0

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 375ms
113ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=56cf2adf-2e46-1bb3-e917-944482a1fcad&tv=%7Bc:1vw2gP,pingTime:-2,time:469,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:2775,bdZ:3063,beA:3128,beZ:3129,mfA:3488,cmA:3489,inA:3489,inZ:3492,prA:3492,prZ:3500,si:3504,poA:3504,poZ:3514,cmZ:3514,mfZ:3514,loA:3568,loZ:3569,ltA:3596,ltZ:3596,mdA:3129,mdZ:3271%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:48,vs:o,r:l,w:299,h:248,t:375%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:0,o:469,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:375,wc:0.0.1600.1200,ac:325.1082.299.248,am:sp,cc:313.1082.622.0,piv:48,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B107~30%5D,as:%5B107~299.248%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:0,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1d1%7C1d2%7C1d3%7C1e1%7C1e2%7C1e3%7C1f%7C1g1%7C1h,idMap:1*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:VIDEO.qs,siq:376,slid:%5Bscript-tracking-span-3496,internal_trc_23500,rbox-h2v,outer_23500,trc_wrapper_23500,tbl_1705445433612-pl1,tbl_1705445433612,main,body,container%5D,sinceFw:92,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: dt24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 56BA 0
0 54ms
54ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsve37RJsrpH8mx1m7YQTjvvORW9HiLsgh5GSrR1YtDWA-8KBcEFjzgQd6V2pX75Su-Mvb0Mcayeiu5uMjoP88miaw0cBnOhLdjZlEVfQP1gPA0tUkp7VY9uO7urJ0b6YIXkXXiqLHYv0kQsnN7b1hl3apPTvhIdkcaKiweWh4kgam6-PuxsTJEErqM3iByCmVUxjcj0IirdmPqkhb8vHLdIpyj25pERnQ-N-oXp2Eq80s_eJsDKcvGvO_rBLqtsf-LRKxgu6AtR_nyeclvbFGBoBf3e8g_Rwbiiv-LtI1X51WC3HDi4rIGJuvQd-oqFdHNjPJuUAjZNLmHqwB2RI4Dy3sxtXUMkAvFdFiZcd9zcBj_uZp9yUD5m874-HUTcUmDnGRyVNUEljOfvZFK16IRpCTWK1hbiJI5Q1PlOgB3JVOL3HcwzCHos1x18o57Av_OeOxMSAwsOaLmLDHv4tsLqqSZjIiVOaU-YF1q6CtpnuyhDciZEtGlWOBX8utDUS1lCCUiq4T9OsYEocq-mgpo_XQK54fKNj0v76oaG9_nlvo_F2tLYRa4Vm6Gmi9FkA1tfW41WTk8weD78bG59INno-464r54s2AOf82nPVmskSv3lZaU8RjP6a2R4lj0kZ6swlbHXHlk5ydn9NJyA5duhruMW8nh-F-lLmAt5jIUkTKH9okDYm3XMv_eugaMG49XFfFLJz5T-kgU9Af34jNX49AvAbbSe3VPcxgaeKkUXPTdF3X4WN5DRCwWFizcHbFpvGvv7QJO3gVUEUsqbltzPw43myYaIfbkgO4Sei_v34RRa6dyFU5YH1lXRm0paNYx3fA5aUmFZTeCGptwrdMZavnU4sTZIUxu-RFGhqTifThGnmCLHhcc4mv5iZrsHyTe3gd9ZjOHb4DPMPIKm8fViqiWHPPReZtKciioD1IuifJ8o-BjwZd3E9vvvMNSp6SBkUeVK5xM4kz4ZEcFfyCK11Jv6RG5LIcY1zsA-7vRDWeW53r8PCgoLHSiAz4t7snPw0HRgbfcipNY0I4vAlpcGaPdngRMWVJ30rRQDj0UYA675t9EJBRNmCpgVIoCwJ4iiFD1Wwt3Yez_5HkYl6kYVPxDWqqoAen0xYeLHHzZntXG147iL9FSdMaKLdFueSx9Fs7XLzuxIr_o36FByN8LO7njY7Fdtosd6py1sIm4zNa0JBj_CF_Ibiqmcvo8OWM2dhZWcziUiRosGceRk6kdY5emIeUZDQoggS3vysfpEf0F3NMouY6_pTm-1wIVAG9pjTlbk1Q6KWjUaSy1Ols-mC5QlJq0fU_Qjor-suPi4H4ES3Fa8T9E3KkQ1dphxQp3j4emrNSXW-AoY7PgmGV498xdtxF2o6w80FYd1iNBDedMbK1NnFwIE_Z4blvEheZPf4ziKA_u0lZsUmS2HXLarVG-DquaGST16FhymLlW6GcJqgU7RID2xuJ66NA&sai=AMfl-YRkwjis1ogKC2nWNacxstXoPlOLMIMVBxbhFidlRgj2CGIJojNu_yMNKbuPTYS_hyhzgG2CAHgP1048zdLLH3ivBJNeJTw0aMDqaiCPrHv-YIr1vy2iM7k9v0auvXSGK_6PV08XEvJWB1sdzEnkBAXotI-9ENXTRXkTpfW5xsr2wPt5BbbwY-vOzDFXuVMbo8vXYJ-xSm7lSGgCnQrQy0didNbWAQsnsiN4hG0P4WLfQ3_3Dv-gNH8jVT_6iF5Mjp_ZRZbgMRKCUPKMtr7V2YTVok1uCgpfr2h-NETbsOzMVImU584Eb5LzHTWTrXp1TCHnQus13aIlOqnhp8vaYTNfG6kqroB5sP4GDVtTGRoUPUh9bRdLKSYdQ_moTNwM3bm6YVJzqqO3weDzy9yUZuc1Bz4yuDILbatcp8XQ7Sqv2X5yX5R0RqUqLE_EdkdBLOUwHycBC21BmCAfcJwTey28baDelsu-ALFrgRmpVKc5chFapq9ZdYnDAMsftUkXl0w2cg&sig=Cg0ArKJSzDJ7yBcqafRoEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ydGwuZGU&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=567&vt=11&dtpt=364&dett=3&cstd=200&cisv=r20240111.67574&arae=0&ftch=1&adurl=

Requested by

Host: ultrasurfing.com
URL: http://ultrasurfing.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 main_00005.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 287 KB
288 KB 22ms
22ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00005.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: df2162738404820ca6bbe5528647556436553cf0ab8a44aab50bb1c70301dcd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 910705
x-77-cache: HIT
x-accel-date: 1704534729
content-length: 294220
x-77-nzt: EQwBnJIhiwH3ceUNAA
x-accel-expires: @1705571529
x-77-age: 910705
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-47d4c"
x-77-nzt-ray: cf878727ef4785ca3a08a7657efeda1d
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4BB8 8 KB
6 KB 62ms
58ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d0c31b31e0600e6f718dfba9a54a4e7e1863a69e258e8bc8de7a9eff0fb59f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6030
x-xss-protection: 0

GET
H3 200 _4BlocksLogo.png
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 4 KB
4 KB 23ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/_4BlocksLogo.png?1702992590230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7523187bcb26150afded1115a2dfa44693532bbffafc915a812ff0e60d396182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 07:45:08 GMT
date: Sat, 13 Jan 2024 07:45:08 GMT
x-content-type-options: nosniff
age: 313526
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3662
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame ECE6 70 B
148 B 44ms
43ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9
pr-bh.ybp.yahoo.com/sync/taboola/ Frame ECE6 43 B
425 B 48ms
47ms Image
image/gif 2a05:d018:d29:3605:da2e:7cf5:bf7c:fec
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/taboola/82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9?gdpr=1&us_privacy=1---

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:da2e:7cf5:bf7c:fec Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58785/ Frame ECE6 0
15 B 27ms
27ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 main.19.8.473.js Show response
static.adsafeprotected.com/ 214 KB
66 KB 30ms
30ms Script
application/javascript 2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.473.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433723-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68687158d2c493d42ae6dee2f15fc2c761da3abf8d92c4474e1dbc527b6930d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 17:05:29 GMT
x-amz-version-id: TozINgEWWkvQmqDfTCTq3yrdeWW.56xS
content-encoding: gzip
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 366306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 11 Jan 2024 21:47:36 GMT
server: AmazonS3
etag: W/"38edfb290172e1aef8532f19eb4cbbe4"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Bd1Hd3OwhydJ7W1pDIBjOQ9tzCU_zFuVf8tqrM6_z-jFp1ZTd3Vrew==

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 47 KB
47 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/bg.jpg?1702992590230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7cb781f79688ff293d3daec52eb422190976e62b1f5dfced11a3e2a380068e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 21:28:26 GMT
date: Fri, 12 Jan 2024 21:28:26 GMT
x-content-type-options: nosniff
age: 350528
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47803
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F896 8 KB
6 KB 59ms
59ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42e29f850eef7e59c00bcf7e5acef55510f70b516cc9be14111a6907e97c9132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5957
x-xss-protection: 0

GET
H3 200 _img.jpg
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 30 KB
30 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/_img.jpg?1700219186408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70d1e57aaf0a120a33590426738590cd1fca5a148cda33453a1b3bef7f1824b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 04:59:14 GMT
date: Sat, 13 Jan 2024 04:59:14 GMT
x-content-type-options: nosniff
age: 323480
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30654
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame A70B 2 KB
1 KB 142ms
25ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
CORE-BACKBONE COR...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=1623176&plc=68651521&sid=1366186&dvregion=0&unit=160x600&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=1623176&auorder=2010169&aucrtv=60894997&auadid=1366186&c6=1447160&c8=&auplc=6994694&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_M_G_F_cic-215-fix----per-fng-dive-DSL_all_funnel_Tracking_PER&c3=RT_PD_F-215-dsl-all-PRE-Tracking&c4=dsl100_pre_gigazuhause_231005_tf173a_320x1200&c5=Doubleclick+DBM&c7=Doubleclick+DBM+(Media)&c9=&c10=DV360_AO_AL_1st_BNR_CM_dsl-100-tracking
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE),
Reverse DNS
Software: UploadServer /
Resource Hash: e55c01e3ca797dbf8af251c9d68755f6039f7792afe6866e46269e4036697d3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 15:12:34 GMT
Server: UploadServer
ETag: "a8006a511aee2e57196f5e8bee81dde8"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Wed, 17 Jan 2024 22:50:34 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4BB8 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1878143/77320179/skeleton.js?bidurl=https%3A%2F%2Fultrasurfing.com&ias_adpath=.tbl_1705445433723-0&adsafe_url=http%3A%2F%2Fultrasurfing.com%2F&adsafe_type=a...
https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433723-0

17 B
467 B

27ms
27ms

Script
application/javascript

2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433723-0
Protocol: H2
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 01:45:55 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 16491880
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: 4vjoF-RjDRHpVNsGSB56vFmtLMXN_KUKyHeqjtYH0Xy4BOGRTZDtFA==

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?ias_adpath=.tbl_1705445433723-0
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 4051 91 KB
23 KB 29ms
29ms Script
application/javascript 2600:9000:20ab:7800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:7800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 d2ed865b959a3c3010f1d4b906b56eb4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 12235406
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: NgL7ZrnTSbvhH9kM3-k-QJmib8m-r8Tfkv01CrlQRxUflU1xnkVBiA==

GET
H3 200 end.jpg
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 36 KB
36 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/end.jpg?1702992590230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6169e3b5e89aafe805bf489c4b7a124e21b1166f3ec4895ee26943f5a1778731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 07:45:08 GMT
date: Sat, 13 Jan 2024 07:45:08 GMT
x-content-type-options: nosniff
age: 313526
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36737
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 korn.jpg
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 28 KB
28 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/korn.jpg?1700219186408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e23383fb0e9a8667850cb0b239e9f0b86a1f6c6ee5f09eed44d5a8abbcb7edc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 16:14:11 GMT
date: Tue, 16 Jan 2024 16:14:11 GMT
x-content-type-options: nosniff
age: 23783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28894
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B0E 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 245ms
115ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2iY,pingTime:0,time:83,type:pf,clog:%5B%7Bpiv:100,vs:i,r:,w:390,h:131,t:62%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:83,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B26~100%5D,as:%5B26~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:0,fm:u1zleXP+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F896 17 KB
6 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 22:50:34 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 221ms
114ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2jl,pingTime:-2,time:106,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:3471,bdZ:3522,beA:3647,beZ:3648,mfA:3703,cmA:3704,inA:3704,inZ:3704,prA:3704,prZ:3707,si:3709,poA:3709,poZ:3714,cmZ:3714,mfZ:3714,loA:3732,loZ:3732,ltA:3753,ltZ:3753,mdA:3648,mdZ:3691%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:390,h:131,t:62%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:106,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B49~100%5D,as:%5B49~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:0,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62,slid:%5Bscript-tracking-span-1306,internal_trc_63381,rbox-h2v,outer_63381,trc_wrapper_63381,tbl_1705445433723,tbl-next-up-inner,tbl-next-up%5D,sinceFw:44,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 plus.png
s0.2mdn.net/sadbundle/2843508170428681710/ Frame 4BB8 137 B
173 B 21ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2843508170428681710/plus.png?1702992590230

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f83d57c4d06966676c266a3195b7ff0e8561ab8f2f61383951cdb22f4adbad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2843508170428681710/300x250.html?e=69&leftOffset=0&topOffset=0&c=XrVlXLAXej&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sat, 11 Jan 2025 18:30:37 GMT
date: Fri, 12 Jan 2024 18:30:37 GMT
x-content-type-options: nosniff
age: 361197
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137
x-xss-protection: 0
last-modified: Wed, 20 Dec 2023 10:24:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 11 KB
11 KB 20ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/logo.png?1700219186408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e37d0123c6db2e4f396b839703916e1555b267225ccc9d6876c74ce0f47c9f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 22:03:41 GMT
date: Tue, 16 Jan 2024 22:03:41 GMT
x-content-type-options: nosniff
age: 2813
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11615
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 main_00006.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 296 KB
297 KB 22ms
21ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00006.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 81652a2d8259077076cc5da7facc148bfeb5178518f53c2a6dd471aa1ee8533d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 527645
x-77-cache: HIT
x-accel-date: 1704917789
content-length: 303056
x-77-nzt: EgwBnJIhiwH3HQ0IAAwB1GY4AQH3XDoNAA
x-accel-expires: @1705952081
x-77-age: 1394553
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-49fd0"
x-77-nzt-ray: cf878727ef4785ca3a08a765efedf827
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

POST
H2 204 bulk Show response
trc.taboola.com/ultrasurf-ultrasurf/log/3/ 0
320 B 50ms
50ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/log/3/bulk?tvi48=14791&route=AM%3AAM%3AV&lti=deflated&bulkSize=14
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 30
date: Tue, 16 Jan 2024 22:50:34 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7376
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
pragma: no-cache
server: nginx
x-timer: S1705445435.706048,VS0,VE30
content-type: image/gif
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3 200 plus.png
s0.2mdn.net/sadbundle/2031909457271134757/ Frame F896 137 B
173 B 20ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2031909457271134757/plus.png?1700219186408

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f83d57c4d06966676c266a3195b7ff0e8561ab8f2f61383951cdb22f4adbad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2031909457271134757/300x250.html?e=69&leftOffset=0&topOffset=0&c=y8AF4JBrl9&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 14:47:58 GMT
date: Tue, 16 Jan 2024 14:47:58 GMT
x-content-type-options: nosniff
age: 28956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 16:37:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1356 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H/1.1 200
OK f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
1 KB 21ms
21ms Image
image/png 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 varnish
x-amz-request-id: 1V3H9VCVPBG1B2M0
Age: 10436
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 254
x-amz-id-2: ecEkqIT2UiXx3kNvrYZW8vzeO4j3+ukvjDCTHGC9cb5Y1awQ9zHumBitHqhNLm54Y/VcUMLqVJ0=
X-Served-By: cache-fra-eddf8230061-FRA
Last-Modified: Wed, 24 Jun 2015 07:14:11 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
X-Timer: S1705445435.746292,VS0,VE0
ETag: "dfa7b52c86e56bd67fa4002f6ed19854"
Content-Type: image/png
abp: 15
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 3377

GET
H/1.1 200
OK dvbs_src_internal125.js Show response
cdn.doubleverify.com/ Frame A70B 60 KB
20 KB 25ms
25ms Script
application/javascript 2a01:4a0:1338:28::c38a:ff18
CORE-BACKBONE COR...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal125.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=1623176&plc=68651521&sid=1366186&dvregion=0&unit=160x600&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=1623176&auorder=2010169&aucrtv=60894997&auadid=1366186&c6=1447160&c8=&auplc=6994694&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_M_G_F_cic-215-fix----per-fng-dive-DSL_all_funnel_Tracking_PER&c3=RT_PD_F-215-dsl-all-PRE-Tracking&c4=dsl100_pre_gigazuhause_231005_tf173a_320x1200&c5=Doubleclick+DBM&c7=Doubleclick+DBM+(Media)&c9=&c10=DV360_AO_AL_1st_BNR_CM_dsl-100-tracking
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE),
Reverse DNS
Software: UploadServer /
Resource Hash: a7e081ac2862a2c9fe794a716293c201eb0cc90623edfe349438c3af8f58ca6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 15:12:36 GMT
Server: UploadServer
ETag: "8188d451e0a669939fa9ed400c00d127"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19695
Expires: Wed, 15 Jan 2025 22:50:34 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CAC 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BkXzVOQinZfTXC7iH7_UP7rKWqA0AAAAAOAHgBAI&bg=!GxilGFfNAAaumcC-jpk7ADQBe5WfOAH4SvM0pQauDF_ib0IFoioqxbghRyKgbWgrCrfTNxMJpzbY-8Zd0JuatQtUWUhtAgAAANBSAAAAAWgBB5kC_QrLIEzezmtX6JNh9EqIx8_h7hKAScmZMKe_ugRpo_MvX95IestyceDhvvsLF1sHrMuIBNhzQwEm8SwnIbKxK4IwTuE3Jq3533eZ0N4D6IleRS8nxNVdcZHFstv-UKtZGLkBivTULKclVywTKkApEYEfjOR1-XzM7o1mPfSJvlrMb8JSOrsbzpTxHR9LM7hf3Ip9XjwaBvjkuingyrDRuMkVagiKgCqAA4LHzzBkh6SflOrqIT9SYSisUsgjTdaKhRzZVp7z9T1y8ezOQWpjd4G435vLlHLNrPzaI8g6l8SVjQYSh6BAZqlDPlsLYzWL33n8ZHl17WVx5AWAhRCimjbSoE29goqyDr1fgdtbBp57R6BKBa87cRFCUoTKeFyXdAwuRMKG4fpc-BLE594mRvG75gtcQo5gI64c8CrGNAYpDTuEVIgiCyGi_7nVGtuKgoFXthp8Afj6gxZwsvQ8JM21MU_r1JLXPsQtsoywBG0zKmKGix2lOh7SBrdt-oGF-zJoH6nys0wv0WhDjR71v4Kko1lKTR5GZu0bhy03HZIgUtVB7x_UBCE7Y34Xcjswfzn2Flx4SDN-GCrQx1tzVq6Y1VV-iTo-GdZutNT0cyTC8Xf4Gu_fMgHLqUC1LAEyhY1sYbjPwizQvXpH9AohQD63bqfZcv59d8G-b6axsUCnStzo9dh_RHWnf8f6535i1jwA_h-9QeHGP6Qlzo89441KwEGgoAtpLFF_1U1qlNIP00lbIBMLA1wkm4HtSvTz1eXFQLb6VDCDGvTDXmT-qcRsKknx8Zj1KPUmEkbcCsmRpgzGPmj7Q76KUJl8u4uk8OxwPQu1TkJKuAUfrmKXnAxIMycgeiVCTqC6K-w2wLtYGgveQdaZF5CLgJRHHTZYa6JymIR5aJ4aaFLXqm1oXDV-_uW6soIQSPraMKlNI89w6kTV5OL_39zlUwfBERQqByPQdUl5JgX2qHjb1XzuOYPOHbfk_aqodBdvGYGppzpqgIUyXhr5D59QsgGNIQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB60 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B8pzPOQinZfPXC7iH7_UP7rKWqA0AAAAAOAHgBAI&bg=!m5ilmNfNAAaumcC-jpk7ADQBe5WfOBVwdJoquFs7KIoz9lws6WANCVDiKJNgyM6iwpmCKX1DyEiuOitcOIWKGDT-f_SvAgAAAOhSAAAAAWgBB5kDBI3lCOvyhs1e5CVJmCGYuIwiiiUoePdW3sTiIdxPExpbh3MJy3JnRiRICCkokacDlYrMoaXrpJo55FhicntLxTYw2XdNronvMml8zVQBzCKsBqzdoJzp38VlO59r-YlVl-yRzLUov3B3S5DZu0k90gYJGvE7XBuN44QUBa6vUsFGdiOD31L0M3iimsoAjA8Ap467WzcqAE9rdQU0t5NoaBCmpqVKxWjNpr79pUy_lwcvO0G9lXkLIrwjMIAcYZfuFXEvNF99bt_mfSRgKlkavzOlM-kx4cbYz383k4cARVv0ivGACYZOTr_QdmF4WLbNt9PfplEHmm4siVM4IWSqSR_mpaRg834Vj7OM-2B0LYnsYCWNTqieM1PWQbvc6SsttAXkhe7JXcN77uj0pamZVlBJdeWpgYqLcVJLE-lfjlb84lua1AfJshdwzZgoJZ1qfIU28MoEkMtUSoa-fForurPZU5zsUa2enKXhhqp_Tvk5jxw3Qd0TaIRCudwyaJGRk0c2xd18PDs-P1h7-a_7K5pFmT_nsUp7vwF3V1LLuHCBd01uFPP-Dkql2msAq3UWT0uMXlTnbJ1JDZsAyL34D0ku5UTSQNNvTurNJDL8vIEV9nd1gJOICBUcABKPnYrr6XW_9Cp_uk1DbOlbpWfd-VTwc7CTVMK42RZmSFcgBQ7LvZOS0RLAYkBRde6WxwHlB1AhizLv7nwvz-ffq4y0h-ULqB9LsFWBOcolkmnHt_mNRoab_yLL-orZxZwIRCgVCebX02y9GMZMqBeaJUJDM1BYpVd3kgekjAMnkTuohR_JNdK3yhMT_tX-5oCnCWzPWk4jrg5gWAUUiZPTtillpEmxtRks2lRD5tBUutdFSON0CYaTg60812ONaSXoF976i7vZ2w4rTzH8gXfneJSkYSd0rssd6TrQGYW9eeQDHswC88A8KuStdRzeevWxFna4MtpZ8U2WzjIh2JpiL4hv0eintvtTCIh6HlPocaRVMfqTqsNKOxSHF5rGofiF4q88WdcMOi0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame B5CA 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H/1.1 200
OK cmAdService.js Show response
vidstat.taboola.com/vpaid/units/33_7_3/infra/ 46 KB
12 KB 32ms
32ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmAdService.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/33_7_3/infra/cmTagFEED_MANAGER.js
Protocol: HTTP/1.1
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7a4da18e8baeea4d9b2f6efa2cf38b32db7d139feb7a5b6d1a2045278f44d425

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-meta-mtime: 1704535345
Date: Tue, 16 Jan 2024 22:50:34 GMT
Via: 1.1 98559aba51e0c88c6e74c88152fb63ae.cloudfront.net (CloudFront), 1.1 varnish
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA60-P5
Age: 910011
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront, HIT
x-amz-meta-ctime: 1704535345
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Length: 11556
X-Served-By: cache-fra-etou8220074-FRA
Last-Modified: Sat, 06 Jan 2024 10:02:26 GMT
Server: AmazonS3
X-Timer: S1705445435.860580,VS0,VE0
ETag: "395c2d3a29b53f05f31fcb3046a9dd43"
x-amz-meta-uid: 0
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
Content-Type: application/javascript
x-amz-meta-gid: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: LSpxDgW8A_hZJ5Z9l1dsPchg2ABAbsUZLlTOpr0o2wxfJRgcDXJ2Ow==
X-Cache-Hits: 71202

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 112ms
112ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=56cf2adf-2e46-1bb3-e917-944482a1fcad&tv=%7Bc:1vw2mY,pingTime:-10,time:850,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjIxNiBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002022202222222000020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1705445434856%7C%7Cff9132d3735a63934ce21f0f9cca7720%7C%7Cacc8ce73e974315fdfcc4ebb5f3c527d%7C%7Ccdf02ab00baaddfc693c484a5b3471ac%7C%7C5db3d49616109f6975cfa99cb1852497%7C%7C37d19b106f4d73ae82d80ad46562b408%7C%7C572c03f0da85875cfd1311ffac5ad0e2%7C%7Cb26a5fdae4c87168dbd0cc22f11920f5%7C%7C1663701684,im:%7Bimprf:%7Bttecl:926,ecd:115,tsecr:81%7D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame A70B 1 KB
945 B 147ms
34ms Script
text/javascript 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_20295056418&jsTagObjCallback=__tagObject_callback_20295056418&num=6&ctx=11655933&cmp=1623176&plc=68651521&sid=1366186&advid=&adsrv=&unit=160x600&isdvvid=&uid=20295056418&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.10&dvpx_strhd=0.10&brid=3&brver=120&bridua=3&dup=null&ppid=111&auevent=0&auadv=165376&aucmp=1623176&aucrtv=60894997&auorder=2010169&auplc=6994694&auadid=1366186&aufilter1=165376&autt=1&c1=VF-DE+Deutschland&c2=DE_23_AO_P_M_G_F_cic-215-fix----per-fng-dive-DSL_all_funnel_Tracking_PER&c3=RT_PD_F-215-dsl-all-PRE-Tracking&c4=dsl100_pre_gigazuhause_231005_tf173a_320x1200&c5=Doubleclick+DBM&c6=1447160&c7=Doubleclick+DBM+(Media)&c10=DV360_AO_AL_1st_BNR_CM_dsl-100-tracking&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&prr=1&m1=13&noc=4&fcifrms=20&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=172&eparams=DC4FC%3Dl9EEATbpTauTauF%3DEC2DFC7%3A%3F8%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEATbpTauTauF%3DEC2DFC7%3A%3F8%5D4%40%3ETar9EEADTbpTauTaube_heghccf_7ha23h7bf6d5heffdg65e%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=3.20&aubndl=&audeal=&c8=&turl=&c9=&callbackName=__verify_callback_20295056418
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal125.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: b672aa282cfcdc0be657fe84065b73f600d95e88dd7a4070ded150ec31dcf197

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:35 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 01/15/2024 22:50:35

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C9CC 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5lEGgTAetyMDscKC7V5A1UNkllOVSdzfr3GtILdSYU56AK1W7-5RlKBfYnCW2F4h5R7D3WJYqgg_XOw8UhXMLom7Vm1gxuPgh0TjH-hVb_V4MXWfdJpdiZVda_93crZQ6B6ypOyoeWThMSWeR7W1wcEnR&sai=AMfl-YQqjZRrjUelzmn-j8Rumke7xXZdvj-aPQWAo3sIl8xEWeNCPQPXBzebTaSxyZ7m7KNIzuzUofdo263uKA1U6gi1eZsO5f1LTIKR1A4ceEmAfQlvWRIyljUmbvwZm7oeRIe-eOQ82mI6aeH4_EC75w&sig=Cg0ArKJSzFL3Y2QFrc_wEAE&cid=CAQSTwAvHhf_GPyMffTqC2gAyduvWoUjaZx8FecvIxUSQlvGyrtA97tsK7Wd6yE2iWqIC3Kd0lE28YXBDS2QdJcyYveRPcugmBmmrZ3NfX9V3LAYAQ&id=lidar2&mcvt=1038&p=370,588,620,888&mtos=1038,1038,1038,1038,1038&tos=1038,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2329818728&rs=4&la=0&cr=0&vs=4&r=v&rst=1705445433514&rpt=321&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main_00007.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 298 KB
299 KB 23ms
22ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00007.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f8d1f72f2ae2dcfef40eff969315c4f07e0d277d6978c36401240afd196cb235

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 312791
x-77-cache: HIT
x-accel-date: 1705132643
content-length: 304936
x-77-nzt: EgwBnJIhiwH318UEAAwBnJIhJwH3MAEAAA
x-accel-expires: @1706169139
x-77-age: 313095
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-4a728"
x-77-nzt-ray: cf878727ef4785ca3a08a765063ca937
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H2 200 main_00009.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 21ms
21ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00009.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 589c4f2ac5f4b837b92b7bb5dddd7e6b0e15662eb4cc8963c1152ca651dc830a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 124604
x-77-cache: HIT
x-accel-date: 1705320830
content-length: 2584
x-77-nzt: EgwBnJIhiwHXvOYBAAwB1GY4EQH3Wc8CAA
x-accel-expires: @1705922786
x-77-age: 308757
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a18"
x-77-nzt-ray: cf878727ef4785ca3a08a7654e72ee39
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6B0E 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BisiQOginZZzjBebV1PIPpa-CmAIAAAAAOAHgBAI&bg=!8POl87zNAAaumcC-jpk7ADQBe5WfOLb17NoQIg_3KzVYyvT4mA7jLom9r3OsdZMl_Jh-FdZL4OTjlRmPqlgAAtg8LnmKAgAAAN9SAAAAAmgBBwoAJZ2_Y918vB7gTVzUykzI2UGiMFh8m7qnBITN2p0nM4gjn4GATUaZAvouoHK69P_E8o0HmD24YmXWSRLrRJj0Hy49oudTgGkWDZTJtx744fmDv3jAGKPdO1QCrhVOUTtONK6Whza4hwlKWEIHiVrTC0SO2XFKKSpz4EKjJcoEQrl2EPjM2xdun86r7TpGpGJdMbbGhhJXDOEQ1i4T47wZElwNOxjTiQoAreGPkc9sCw54tHL2-g9aAOpH1kMm8jTqXtox-xiKxQD3JD3sWoX_5jg98Lga84bduTfJxQodf2Iu8I_VHbFEu8FKd_bLFMCBwBYBMOLiDUvdX2lHQ45yHoHNju5qRijydSkzefrLUSk6vHpNcdNl6p_qy1I9L7qpiEm1vUXG0aJz5v_IYyj93KiM7V7pJTS3CKBRN7L6SGCbJnvDRrwufRgHIdJ0WUYzg9LH13G08kL9i8XT5nBjYSrD_1wUN6ZcUeWOc6-LjMudp4Fg242o8TTR9CKIxjWRkR1rinyd6bhW1QYvuFRpv0OopQASO3XOfTinEJpoVkXTJ7Xvpq-UoudPTXOapdLv7dPo1-aBRogQxQaK2bCGgi5iEizHfuX7h-96esvmqi2ASBHhcMicDAdxS89p15DlEvAmo5MHqMDQMhOmiW6TmUFUWpJx3-JgwdlIVKfeRdB-v1Gkt6TtZewRFdMoQyy8IcEO4Sa-5n9RyWLIGHLtVXt0yrca5F9KXvon32GBnEA6ENQMJRyIM_pVcGzDxDbFy9skt4LZhw6RXUoArIUhYXHGUxDXHVAZwBeZKc1c1JlL1bdhlG-Yc5JqYIpjXSzQYEctXAJyzEb8v3A13GYihuZOqo_ixPViRN9cglzRngsQOOeIrsa2iqC8AbYvLhCOJJsharDoBchBAZYpRjXzFvNZXwaK6X7MNEhQSI_Es-x3YkRq3dL_bGnFf4QvnQz0DHTrRr56jh3KmzmcRAic19-04E1Pvia3ib_J48nommELNPleTwoWtl722JLXXGyHTWqV2FHq6lBc1vXisfcBAwotnKxtDVylU9dPyjchqSImj3w

Requested by

Host: 36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 113ms
113ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2oX,time:454,type:e,im:%7Bimprf:%7Bttecl:431,ecd:99,tsecr:94%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:454,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B397~100%5D,as:%5B397~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:283,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 main_00008.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 235 KB
236 KB 23ms
22ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00008.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5b4a13e409bf2904747e1b23f4d7db025c541ba2c62410b277c4fa035f449e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:34 GMT
x-age-lb: 397902
x-77-cache: HIT
x-accel-date: 1705047532
content-length: 240452
x-77-nzt: EgwBnJIhiwH3ThIGAAwBisclwQH3AQgAAA
x-accel-expires: @1706082283
x-77-age: 399951
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-3ab44"
x-77-nzt-ray: cf878727ef4785ca3a08a765cdc86b3b
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

POST
H/1.1 204
No Content bsevent.gif
rtbc-ew1.doubleverify.com/ Frame A70B 0
345 B 71ms
28ms Ping
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=ff09f7f372b2499aa177043187510bb0&vfdur=148&cbust=1705445435027468
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal125.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:35 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Expires: 2024-01-15T22:50:35

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame A70B 18 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal125.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:04:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7823
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 23:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 16 Jan 2024 23:04:54 GMT

GET
H2 200 main_00009.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 166 KB
167 KB 22ms
22ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00009.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 787c4cc00cb92b62e5cfc3d434e48c977abf1c3f0f787bbed6dea4882598f4f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:35 GMT
x-age-lb: 409299
x-77-cache: HIT
x-accel-date: 1705036136
content-length: 170328
x-77-nzt: EgwBnJIhiwHX0z4GAAwBisclwQH3d1UAAA
x-accel-expires: @1706051057
x-77-age: 431178
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-29958"
x-77-nzt-ray: cf878727ef4785ca3b08a76560934e03
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

GET
H3 200 impl_v99.js Show response
www.googletagservices.com/dcm/ Frame A70B 59 KB
23 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v99.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 23:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84316
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23872
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 14:22:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Jan 2025 23:25:19 GMT

GET
H3 200 B9689862.280626343;dc_ver=99.292;dc_eid=40004001;sz=160x600;u_sd=1;dc_adk=2913917845;ord=n1qejf;dc_rfl=1,http%3A%2F%2Fultrasurfing.com%2F$0;xdt=1;crlt=0Fbk)6AZAO;stc=1;sttr=30;prcl=s Show response
ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/ Frame E4DF 65 KB
29 KB 57ms
57ms Document
text/html 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=99.292;dc_eid=40004001;sz=160x600;u_sd=1;dc_adk=2913917845;ord=n1qejf;dc_rfl=1,http%3A%2F%2Fultrasurfing.com%2F$0;xdt=1;crlt=0Fbk)6AZAO;stc=1;sttr=30;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

d40f62f4ec5f02ec2920b605bc9580148ab14d7532540ffa458ffb8cdeefe288

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 29730
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 22:50:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 / Show response
track.adform.net/adfserve/ Frame A70B 0
456 B 36ms
35ms Script
text/plain 37.157.5.132
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=68651521;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=20563363907&extPm=20563363907&extCr=524297475&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CqJMWOQinZfLXC7iH7_UP7rKWqA2Vlrftc67trp72EfvV9P0IEAEguoTAM2CVgoCAsAegAYbHmLcpyAEJqQJE4XrXqjqyPqgDAcgDmwSqBK8CT9BPNoWdGp46EZT45A-Kq5eaFo2tQd4q-zvA72G77U216I1Y5HlWC297O30TAQlZVBDTka-Njt0CTrgpAEGpr60LzERiiS5I6WdcyvQsbb_1ObRRRYkxj4K25h7s3aLBkY-NmZA77gGabEA9Ll50fLfyvriTwWo5_zOA9-fdo5iWWwiKoMKvlPwNziOm3tDe2qMfzXaSpIGZUfJkJn_XyULjVrK64MWb0bQCSWN7kv7OO6FagwnfVvlc89UFpLmOcTnl6cLiP2c_a04pbTwxp-LYFGBI_ZY2slhtpOsem6R8jqxNMHhB2JIAEO-CYSurRqMkk5K7msxEVAmf3CwxWYr4UvHyZCPj8YSuz5d8mBpmxiIdrGqM4LnSqte3BaUoXT01FWxAEx2ZY9LYVKdywAS6mvXlugTgBAOIBcOQsM1MkAYBoAZNgAeG_-iWBKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WLzv6Kn_4oMDgAoDmAsByAsBgAwBqg0CREXiDRMItaXpqf_igwMVuMO7CB1umQXVsBPwvZQW2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&sig=AOD64_3hAeEVPGXxdM-Kv0zHuo1uL25XJA&client=ca-pub-8933329999391104&dbm_c=AKAmf-Cy3htbXSBwOwa-1YZ8Y-XIjan42tVyMLE_SIrAWFNZo5Tj6U-fstter_VQnsaCWHVYgI9hx6oVIOrvVuuWVVPXNc0O_jeLOeDtBZrtBQSLOevtrBoQLDzKsvjoKyz58ZYzpNlNrpyf3CzPYvxVqVbTNcBZlamEMYUtJlM_sOriIlEv6_A&cry=1&dbm_d=AKAmf-AkMEX3FfW725xH94XzziHssC0Tw3C301fBsRHy52NAy_V01B3yjC1CE8Ok3u10K0A719xvKcaMuIG6Xy7FK3OKlW-nue-5LPzl64NUhxqSmo0AoMKpLSoTaWKZ2uA1xvBIit5-PKVA_DyzCc27aCqotWjeyGglBoeWt9RKNhuOh9PSHRaCu1NCb4DfMDRd3n5ndlNaUIgxidAb0QjosvVcG4q2qe38Whxhydg3IWzkhOFwk4LbUzgr-wooZdLXVeYrIsOFYHj7n2u5qyQS7jVFB7Qbbrjq8knz3d8Ruk2NAeYrs7tlBuaY78w33ZMTJmGKZuz-8hz4ab3LEDk6b---cRcP54QB1RUcB6HIBcUeolgnoohDu1LSQN1qnz0abCy0s3uHXON8NFmM6NyN4ihlAZNG5r13mlOch0Je1U1ton6CKay423wXK1EfNmp8UATR0aXcStJl8isNNVHnMkcXTc_SdGflm7F-wP8GGG4ot_5fXU2n4t3k4CJ0kvp1ipElfMS1oY4OK8MEp5_-GnT0sjN-v4FFDUKH36zDMSNBo1cnKRv0NWRU47zAcXhh1NWf5HyR&adurl=;js=1;adfxid=1x;4830;set=en-US|en-US|1600X1200|0|150|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;cmpgpp=;cmpgpp_sid=;fd=0|0;bsdata=1&CREFURL=http%3A%2F%2Fultrasurfing.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.132 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
DATA 200
OK truncated
/ Frame A70B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26a64f48d5446395c47488d9d938bd0e849e30347bf4c224b6988adff535aca3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 2457098971912548461
s0.2mdn.net/simgad/ Frame E4DF 173 KB
173 KB 21ms
21ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2457098971912548461

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=99.292;dc_eid=40004001;sz=160x600;u_sd=1;dc_adk=2913917845;ord=n1qejf;dc_rfl=1,http%3A%2F%2Fultrasurfing.com%2F$0;xdt=1;crlt=0Fbk)6AZAO;stc=1;sttr=30;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4149f252125510e2732a827f921d6f6c01cc13c51f65b78fb37ced3fd205dcae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

expires: Sun, 12 Jan 2025 13:04:59 GMT
date: Sat, 13 Jan 2024 13:04:59 GMT
x-content-type-options: nosniff
age: 294336
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 176805
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 16:06:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/xfa/ Frame E4DF 10 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8850868d209c4c086eca4579b496846168800fe4ac4728162508e0dc35fa3537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 18:30:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4124
x-xss-protection: 0
server: cafe
etag: 9042593224187393105
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 18:30:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/ Frame E4DF 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 14:37:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29576
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Jan 2024 14:37:39 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame E4DF 205 KB
62 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c079199a5435fa99db800056db5eaf70effb0229c4440048016a325996678094

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 21:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3310
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63250
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Jan 2024 22:55:25 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E4DF 0
0 140ms
56ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4k6-XEVgTKyJOz3zHXBeV_qrki5zMDz8lnLDfFk1WeQyEEt1m8fLXTGMdNibkpALs4jClRnL7JqZ5NPn7wKAhZQ-wha8i8E8YYJJlqyIP3BL3Xi5abBEyWz0ev2KPCxUilsj69HgV9DrlNLKLJ2TFcg0z71cagv_APcSkdyQ&sai=AMfl-YT_xM19HQoKtvK1IyeYUWYALXWMMZd4m0O-REPrhgvucZeVEivKSm6ZW6BzpChil5hoDSn5fUGFFWKUegxESy4fO2ItgD_fvWJ0ow&sig=Cg0ArKJSzH4WH33PDYSsEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240111.67218&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E4DF 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 20:07:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355367
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 20:07:48 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E4DF 8 KB
6 KB 59ms
59ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79941c0c13fe9c267d09f274832fc470f54befaf61e99dd674addd1241b187ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E4DF 0
0 112ms
56ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4k6-XEVgTKyJOz3zHXBeV_qrki5zMDz8lnLDfFk1WeQyEEt1m8fLXTGMdNibkpALs4jClRnL7JqZ5NPn7wKAhZQ-wha8i8E8YYJJlqyIP3BL3Xi5abBEyWz0ev2KPCxUilsj69HgV9DrlNLKLJ2TFcg0z71cagv_APcSkdyQ&sai=AMfl-YT_xM19HQoKtvK1IyeYUWYALXWMMZd4m0O-REPrhgvucZeVEivKSm6ZW6BzpChil5hoDSn5fUGFFWKUegxESy4fO2ItgD_fvWJ0ow&sig=Cg0ArKJSzH4WH33PDYSsEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=28&vt=11&dtpt=27&dett=2&cstd=0&cisv=r20240111.67218&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 56BA 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHYEBsqz0TfXDKxOHcb1QCQNE_QV5BPRqUrS8h0UPevMS6l870xUaHdv0xL6qkH1dLhsUCznw3wpsvmEbBSrH6ntM7csAwLZKktNOvfgSkZfCWezt1NDXSyhX9P5xvRlwvU2TDvarCvhJoDlg3YTMiCKHq&sai=AMfl-YQ8wvz3bkvPQ05NIPL2BpBnkdgPJyldQcVgLwC3Y0H8t7smHTPyclFRo2K6GgUS5R-08DZfVuD5Osg3kZ3OfDbpvKB33MXccOt3RUuiviYIb5rqyXlB2xujGXAf2haM2yNgwJ2haPe98GHgSBBW&sig=Cg0ArKJSzHSthruD1c19EAE&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&id=lidar2&mcvt=1019&p=620,975,870,1275&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1406891478&rs=4&la=0&cr=0&vs=4&r=v&rst=1705445433761&rpt=418&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 24E1 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuxlfVdQTo8oJBJsip0J9p6bWrNLVcWtosTgRGoqGka_0MgPJbMNwJ6VRw-wuRVejS42O7jSGgfyP_WpTCpOXrxom9ZIgG8R0y450-VRfGs5CarRhhZ4BzyzHYsS5Ohatn_441IP4dkLK99zyxJ-jDvE2ab&sai=AMfl-YSYAEQmwcETeSY4frc09wJi8i4InPh1FNuRAdNO4IujaBa0finsPfHTZO00eaZsgiSUw1f2tFFtSVWviyxl1oAsMIEHMFo8Z-LjcmjAjDilmr-882kaVq8u5RNmNudh6TM8igLbxcnToHDaZkMS&sig=Cg0ArKJSzBdwQUuvdmAGEAE&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&id=lidar2&mcvt=1021&p=370,975,620,1275&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=385502301&rs=4&la=0&cr=0&vs=4&r=v&rst=1705445433755&rpt=407&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BB44 42 B
64 B 54ms
54ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssxp0Miy829HjCWX7FVAdYsqrXZp0sLlT4wjr5jvoytO8NczIeLBeJqwvz4oKdbUeMTKKeqFMwzRyDg83CPWlY3_PahVAEVV0VJSa9lG1npw33CuzgO5_i4WaxWmBxNWSWurckceSVD8-w7LmtW3FOuFukp&sai=AMfl-YT0Oun5ppB_RhQtE4JZYj8I7xI4kVHNNTOg4PdkVbyf5wZEtgQX_5QVOENVzocCQZnwogZI9UP7kKyMY2UrFLyEfBjhjP7JV1lZMYE2q8uqmY4Poh0floajvGNcmkGh4sYSanOFRi12nGrCgoj9&sig=Cg0ArKJSzLHFkfSTSiW_EAE&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&id=ampim&o=325,105&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1014&mtos=0,0,0,1014,1014&tos=0,0,0,1014,0&tfs=490&tls=1504&g=100&h=100&tt=1504&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=&uaw=&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1637 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Jan 2024 20:54:08 GMT
expires: Wed, 15 Jan 2025 20:54:08 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E4DF 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240111/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Jan 2024 22:50:35 GMT

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1637 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 19 B
865 B 30ms
30ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
an-x-request-uuid: 86930941-31fb-423b-9c32-1d17cca53a60
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 19
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 105 B
452 B 149ms
46ms XHR
application/json 52.19.77.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.19.77.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-77-216.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: cd7b88c5b943d97c99f9fd825f7da2ee1d8742cd3b0e67b880108471e60a75ed

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
server: istio-envoy
x-reason: maxmind hosting provider
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: http://ultrasurfing.com
content-type: application/json
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

GET
H/1.1 204
No Content / Show response
d.vidoomy.com/api/rtbserver/prebid/ 0
365 B 452ms
66ms XHR
text/plain 212.36.83.245
AS_ADAM Adam Data...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.vidoomy.com/api/rtbserver/prebid/?id=62066&adtype=video&auc=ultrasurfing-instream-unit&w=640&h=360&pos=1&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.216%20Safari%2F537.36&l=en&dt=1&pid=62297&requestId=6b50c4ab5f28c2&schain=1.0%2C1!adpushup.com%2Cd3a968baed143285b4c1d3a5eb89dcef%2C1%2C%2C%2C&bidfloor=0&d=ultrasurfing.com&sp=http%253A%252F%252Fultrasurfing.com%252F&usp=&coppa=false&videoContext=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.36.83.245 Sant Vicenç dels Horts, Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS: lb1.vdmy.dtic.es
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Jan 2024 22:50:35 GMT
Server: nginx
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: http://ultrasurfing.com
Access-Control-Expose-Headers: X-VD-C
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H3 200 MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 97C5 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:34:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15229
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 20:34:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1637 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BN7zoOwinZdrOBrX0x_APwLGzsAYAAAAAOAHgBAI&bg=!xMelx4jNAAaumcC-jpk7ADQBe5WfOOZ_2eIoLHFjSXMuF4w2359nel3_9-5Hg6_IX67YYylBZ9P-_8EAht7zBlWBhPoeAgAAAF9SAAAAAmgBBwoATqJ6ujUvPOgNsRe1RHDyAWMYzFGYFyxT6EoBaxZbMYBdcqfXcbmqOaa0pz73lja8cLtnwnULDnOUyXUoVat84wMu-8LEotpLI21tuLG76pkDGirqhVK8xbvkz8JFHgU0qAqs6fR_zkBjfW8y5BMy5E8_PlPBd7W0k2n1JTVj401pfzcfXc3XAerNFL23R5PoMBfRBpXkk-jjV5oocwvpJyOdEscV0cLPXnBrbjBnbzsWyQqJbrHuLX2aJF2gWFc07OoUFX-VSLg-Y7lpYQezQ8y1p2vTjnGBi0cZY9opm3b4Fm9oyetzd8wzqhsUdPZmQyVGcxwvSYCTdg9Vg6Cac5sRIwAVcXdk-YlZlvOx-ZfmIQDypuZPV8AheQuEMDgRKt8gxIa35l7bTXCUt2m1fQz2VqBFedtpp0WLxL-EzZYr0zxUtw8eHy0fiBo5ecM8W559sAHWkzXPohZDrnN2-b79yBMU1W9BwbDBn3RqJyIBpPC-TDjQEg53zznAWwMZI271vDPeDW5i64iS4khT-RXO4jSJOX-R36G8bgVtvzbFvhD51zF5CUvsXFrZWAdzMJ52PqWXcb1LnQErZ2cH4QZra1OLIUhdSgNi9T0wSDIMbaCeIEmucT3GuDA9jPd0BtcwaarXlhAc4qdZjTvoYlz1JC12PnvU2z8dx3H-6N7eFEcVcLIo8uz4uA0XcPxMENgNq4tgoQ8IeiKhCWGjsS7vsGThU3Z6lPFG4DpXxonVad5ZKLg9Ull3FCjKzy3OLRO9QoMo82umYwna_jlBADLV7aRsVaOGtLCX6KBFzErYoT6ZhCF-zKfD2yhnJpYEyg32yL46sDHQDkPQbfopK00DJfDaBQNU3HJvXlWcviEQs3W1XHLkrQqrLf6pSwU5cjJHjqShUWS9BF_TV32atAVckSy90zeKlfgazVarSbnWnsJljHgzOQaAy7Z_KOZfLzr_LcgYNDve8vJG-yCeYGIscc7fHJiJhQpahZvj-U8ap6BpstF547r2GzvmfDPgOxnRkH8s4gKb0VK6USjpX_7LKdoow2Mz0yJ6toBF0fd9q_WWoSDhpDRKnsk9PRMa3BITRTTDV1TEKywMx-wtvrW6zQS55Hy6OIAmRzzGPWyKlg89F87Fo4rjaGlWbw_6E4T1V7ScuhJpS3cr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 visible Show response
trc.taboola.com/ultrasurf-ultrasurf/log/3/ 0
95 B 28ms
28ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-ultrasurf/log/3/visible?tvi48=14791&route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 8
date: Tue, 16 Jan 2024 22:50:35 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7332
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
pragma: no-cache
server: nginx
x-timer: S1705445435.468442,VS0,VE8
content-type: image/gif
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 113ms
113ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2xp,pingTime:-10,time:978,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjIxNiBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002022202222222000020222222202022222220222202000022000220222220000000202202002222202222222220222222220000020022022200022222220200000222200022020002022022022222202002220222022222022220000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022220222200202222020002200002222022222202222000002002002222222202220022202200022002220202202,asp:1705445434856%7C%7Cff9132d3735a63934ce21f0f9cca7720%7C%7Cacc8ce73e974315fdfcc4ebb5f3c527d%7C%7Ccdf02ab00baaddfc693c484a5b3471ac%7C%7C5db3d49616109f6975cfa99cb1852497%7C%7C37d19b106f4d73ae82d80ad46562b408%7C%7C572c03f0da85875cfd1311ffac5ad0e2%7C%7Cb26a5fdae4c87168dbd0cc22f11920f5%7C%7C1663701684,sca:%7Bspg:56cf2adf-2e46-1bb3-e917-944482a1fcad%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 3 KB
2 KB 20ms
20ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: uLMchp7BESXZGZqPSJ8.FcfKBYdWFxIf
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:35 GMT
x-amz-request-id: 9T8G4R1J257WC6ZV
age: 2343
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1347
x-amz-id-2: EtXJZix6twxSRBOalXcDTYlF3ZXZJ0GOcu33LsL8+Qu9Bt435W8ywVX2VgQgr71/qWQ468QSryk=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Sun, 29 Oct 2023 14:06:32 GMT
server: AmazonS3
x-timer: S1705445436.622692,VS0,VE0
etag: "c52aa1ea682aef8ad5ebf7aff9662e35"
vary: Accept-Encoding
content-type: application/javascript
abp: 37
access-control-allow-origin: *
cache-control: private, max-age=3600
accept-ranges: bytes
x-cache-hits: 7182

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 113ms
112ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2zi,pingTime:1,time:1095,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:390,h:131,t:62%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:1095,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1038~100%5D,as:%5B1038~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:115,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 114ms
114ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw2zj,pingTime:1,time:1096,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:390,h:131,t:62%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:1096,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1039~100%5D,as:%5B1039~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:115,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62,sis:256,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:35 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 / Show response
pips.taboola.com/ 64 B
245 B 68ms
19ms XHR
text/plain 2a04:4e42:600::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: 8319cdd7d20a930a2fce947b00f02174ffe7bbc0a6db64f2b5c08b7a4ac3c4a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230090-FRA
date: Tue, 16 Jan 2024 22:50:35 GMT
via: 1.1 varnish
server: Varnish
access-control-allow-methods: GET
x-cache: HIT
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-store
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 204 / Show response
cds.taboola.com/ 0
82 B 822ms
107ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&uad=b7bab399e87338ff7e75ac15e592a194fce5a9bce2b7e899f6510af38c5c4177
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Jan 2024 22:50:36 GMT
cache-control: no-store
server: nginx

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 76ms
75ms XHR
text/javascript 18.173.159.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fultrasurfing.com%2F&pid=F0dqmEx8I0w5r&cb=2&ws=1600x1200&v=23.1211.1645&t=3000&slots=%5B%7B%22id%22%3A%22Adpushup_Instream%22%2C%22mt%22%3A%22v%22%2C%22s%22%3A%5B%22640x480%22%5D%7D%5D&schain=1.0%2C1!adpushup.com%2Cd3a968baed143285b4c1d3a5eb89dcef%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: http://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.159.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-159-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:35 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 bc8243121fd94c5b2714caac07caccde.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P3
x-amz-rid: YF09D4WHJ7G3A7GD08HS
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: ll4lDQSR3hZ2tl9WmAQnOfw6RVkszwENw0X95HcPMLBgBJWCgwoOIg==

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 156ms
156ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B922 49 KB
8 KB 283ms
283ms XHR
text/xml 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?env=instream&sz=1x1%7C640x480&iu=%2F103512698%2C21638617752%2Fap_45157_instream_desktop_p1&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&description_url=http%3A%2F%2Fultrasurfing.com%2F&tfcd=0&npa=0&nofb=1&correlator=288153263168325&ad_rule=0&cust_params=instream_variation%3D2.13.0%26instream_batch_requ%3Db1_r1%26adpushup_ran%3D1%26refreshcount%3D0%26control_reporting%3Dchrome_DESKTOP_14_0_pv%26instream_bvs_kv%3DBvs_Enabled_4_10_13%26vastDaisyChaining%3Denabled_23_10_16%26fp_engine_ran%3D0%26fp_engine_type%3DNone%26hb_only%3Dfalse%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&vpa=auto&vpmute=0&sdkv=h.3.612.0&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250&is_amp=0&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=889218030&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.612.0&media_url=blob%3Ahttp%253a%2F%2Fultrasurfing.com%2Fb9ea2a24-2b34-4d28-a11f-e90292b27145&sid=31B13486-1614-4FF0-BD9F-4D2F6092F9F1&nel=0&eid=44772139%2C44777649%2C44781409%2C44804291%2C44806631%2C44809548&url=http%3A%2F%2Fultrasurfing.com%2F&dlt=1705445431230&idt=2146&dt=1705445435887&cookie=ID%3D1777b82d27b7d53d%3AT%3D1705445433%3ART%3D1705445433%3AS%3DALNI_MZBeChYG7_c8tiZCgzZPF-zTTaSKQ&gpic=UID%3D00000d42be0049af%3AT%3D1705445433%3ART%3D1705445433%3AS%3DALNI_MYtrEmKBVYqMcHAWdIi04IbXkqRhA&scor=2675278711556454&ged=ve4_td5_tt3_pd5_la5000_er0.0.0.0_vi0.0.1200.1600_vp0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d98afb758b42e3def92d02970bcd70b1a5091e21330e26e670d8ddbfc00eb9cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8662
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: http://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A70B 42 B
64 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsumg8alY1XUHWJO1pDKZcUUXemkPtil_mdFodgS4fBqFiBxJ8rEs_7aHhVwH4m_jAsqIgGmT5R41JoJPKRCwTsl1txenyy-8qSY8Zj7k8VrSlWatO38ZD6A4ypFDqNBh1Lv9WNO_FAGglfqtnydpPRr8c8Y&sai=AMfl-YRDjSBel0UZw6ha_xwHgTbFaksugU8zNGgFTab1Jc4YpAiOBqdeQSmKK-btuRPUJ_sqqKNPR_0a9SkAs7umhHGVV835cRBlP9BZNHIdIIglijPr7pBTKvf3Cxl3ZVxLkwoE1aHq4KFWdaW0cTf8&sig=Cg0ArKJSzDFfEIti7l7CEAE&cid=CAQSTgAvHhf_eCnAia8q1QvT1mDMBdWvbh1bOa6p-UMOB5mhsm5oR1tuCobAXZxobWj6gpkpDx87sk8Cv4ePx_f-gPY6qgCZNNJECVQ4L0-tXxgB&id=lidar2&mcvt=1000&p=370,325,974,485&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=3752000678&rs=4&la=0&cr=0&vs=4&r=v&rst=1705445433740&rpt=1408&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame B922 0
225 B 160ms
35ms Ping
image/gif 2a00:1450:4007:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&puid=1~lrgy6ebz&c=1787043627238&slotId=893521813619&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&wta=1&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4007:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame B922 30 KB
17 KB 173ms
63ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-B9jJtE74mcQDhVlk8lh4rk7oLvmqJJaSonMJhS3IzjVjHloGWINkHg88Pi3v3HhcRDxvj_QrTGAey0IYqplGnaFLSy5g&cry=1&dbm_d=AKAmf-DzLplGlVJ2NCk8HwlO9fu6cmlM0kcH54XS_DRd4jWMvGeiGnWlxp-oaFNRs-gVlI4BL-0GT2jWOyjldEqdJUosp1YcKQBw4TCRD8mvJsZKnRldNvdK3AOg0h6MOspxadiZrKi-un7Q1IJpTwFpX-9MOpswnmhzrYpbh31YqsMqubBIYbTzC8T2llguk6xfYnaAOUDBaGwCpaw2tsPbs4RgTURmqbjgeh5bXhn1O8G33FhdZvKPiFZI4hOz5fvdk6L5mv4M_wfzY5GJG0PbspleHsPeCFdVP30499h6CKjaQDjKQ-GyEJ7qJsklKx8q5hlOqXcscFMjUeJFAf_C1usZofEOFqzXvwjW8DWe79y3_9w9F89yJCstZCmbtr84RQ2Q7c2tmKo5s6XlFTwLamu-sTTjee7Ae0m8M9JiRPeR0XuNs6Xx2OJBA1soQpeUOIIG-lYwPYkntFU8fJOJ1BvGaQCYWwZaQ0g438B83lT6ZsrhahbIC2j58XTxeCxEDSWvvjH7n8r7KoWRwjXxpLnl1LyhfIOrapBkw68QGAwX-7O-4QTYGEQUGAom2zclJtwiZ0nHH_v87yBbjEDqobmsWXOrt7_Lq9-aKc4yp-Gcywzw2U9XwoVoEuBu-Gd51KsjlA3tzT0zvT9zOIbgE7ru0P19orBUZnQbzOg6S_sVdIJGgVvUfYTwAJJPv7q8zt_b2Ykqh19MntLUjqR100gKpcSB5ArrL7J5I8Xqn7DP-AudQFUtUlDR9o-8QPVNJfLdOnZswFDTxRM-VBwB1XvrKlBrnkvehXwZgxN2ttfU4DAZP4xQDL3AcAugvbMf_uQ_PYE0yvIgoe-4B15rEuQl3UBhuMTg_DnbFeMpNrLE8k_YbZUSY8olO-LeATBC84B-YcBgi2J2E7NIT1jSLOX3GLkCaPB-RUxbiQRpDhOERMtd9vcCAfEHXwoN86ajGN3uhHYRsMiVFtIDKuhYKQ5TlYhAiEbMvfCUAum5l0WFSQ5VQw7wVncIr2ybIu_JHNjh6h1oH1XDYETiPfPosnZiMmcdeOXcV_KGpRHsB2O6VQcaOKjOGPI4H1eaGYcdhUb6OiPaX5L_2z_Tj2PV59J2b9w-Dr6OPaa89vGvVIph79o1ZP9p2UdWytTlTciDIMoGoknatEdxNK4KyTTNYLHV89sEru12OqnjTge4jnfGh0_WJkg70g4DymbKj7o3-G2STnvpHLtsZlOuifC157aWgPFwT_QsPFVdRdV4wXS0wljlc-4AEYRm28n6UhmL15J2PnRut6bqwmp4fREXFQIWKF1I7gZBU9qraidP4CWge3eZg1yZCKdvChr5VtRpBswiyNHI6aXPv56pOaKlKKWYish89ykFp7_UyzzCzvArfR8VRcMhDpoJZHyY72T3V-G5Hd87khuft6qlTcGbFmrwwpmKKrrRnQSfONKahsNBPaQsQ0dRysry2SwDAqRRXT5TebTyqfPhaWY6Eh7eyekw3HORQnTdgUHxKQZhEVdZoaGm4HFDjGxvOGJD9uI99CyX_DF5y8TrA7g7YtECizCUqV-QgYHkKlAM_25sSRfuDFDJSmw9Udd9iivLL7BtbGb9oJ61G79uqWbGnUCzH-OOodcge51A_fZd9zqwNi6JJwd4PDPPlkHOu5tGIdxVQovyWy75Nyx-EHwmOCqUTJV7SHF8Hvo3JF9ltTNar7BrrLUF8ouY2aKNDpotyGzj554CzfNQHhErNQaN_ifpwsfc6gkHkmBIqZI6pjrxIvSLAwQ5gF9-AnNr9JTolPdeN6qQdbAl3Tkc_82oAVqHJv5QJE_GMsASQH936V59c5_zp0BaSCcPp_OFc-xyj00ZYRCBsha2mHf3Wr3310rGTkjJPvBCHWCEvuAZgLTnbXOuHVtTw3JDyuPemYtONM1csuDGLqoODPMlJbBOa2urJ7eJW6fAsPBs24kFhyPf-Jd1tkwvIaM213_NNI6doVqrgo4guvcPavP5fkMqpFG4mV23x1GdEw33CQBIQZTpwM8CfIXuj-yV64IWX5TsXudM0tnHY-Jqkg3E9SULGHc5Qfrkba0Ea7ZzY2mnfl7CNfgB5NTqQ001sVqlV4s4rTqI_51Hk7-ednjvOnq306qY02KXa4e142NuyI1a0vMyHoT9m3VkucEjjtKVeostWz-W5WdCJa08zsn_2IGbiyyqZ2wOz8_BYTw6lWwZ_hoE0qK0P-LxJRq88WMi-lKS_5mi_dP5P6nw6VzQpZW_niUdnxb1cMn6XT9SqIX8mUp752qRX3kMwPsQiyY0L3Wlc0L03-6Xx5otDHPUjEhnNOiv26wFygeq_Oyvjf8lTxRm2hbOSP9-ZRnlPHhug1N1XmHBI1SDTIdXWZ2YAyF2ZIUCP1OIyQW5fNBCLyps7heP07OWdHNy762fGYvUxvE2X0Tmu9P1InCeM1OUERyl5V4BDUnI8iCtFI3uP3vYEHBWXTxvyC5QJtO7B6zrahv81mvW9jmj2VEmCs93_UoJ6m3qA2j8VSwMDoPQiEruM7Z3GVY2CdX9y0SDdeY9ddXAlOUymrl8Ry18Cp5n1NZVhsQ4YlvJM5Glk_j_TcVoLrPoiYLoqg2uM6IdMxRMuxi-Amq7e0GLp1rd9IIaO3rCOcXI-bjHoQ4SsZVb4dBSBUWXO8XOq2xcByZ-hKoeck_vPtXjbjZDi0M__jnciLgXB7QgGDRDmRlwUsBzS42yhZ7mzT9VHigWK3FeSLbAtfGHLGaSA_PmaG8V7RvdweKrGjBQqex6B6MGUfk_Y96IIsB4uVRwMltBoAGIZE1u4FqOAiV98TVu_98FVfLDTURM2LsCK82WnG76QHHOGPWqyydSMzx1hgnhmxXVcFoSJ_510KSBfj2OfMqPa85WjuIM82XJzgUWIjJ1qZSYfT9JARsXqMrgKbxpjNzlUt4a_0dexfGaU6y88JHQUjPpXUiNy-CFILOluMc_GAru7AaNexXYBZQVebdvdusBo_4jQjthqecHrTZLTJJdwtz-BBzG85eoKiMBcZmzoxDhnOjMUxh-up9PBsUOWx90OkoPQL3vqwRbvkITbgB79k09sTKsOJYf5bpjH46Hlw5mtPmxiFIEdt6ByXr7HbWkH5qA4-LdXGnIHbz3SPbq3hnyfkCN_9oETQtB7n1yA-UENYHSodG05m6iYYPQntJNXkd3fr0WyB_Iwfv7FIgsRT-uM-LlXLiiwL2ScNTdxcwlSiBOOA9xGVva9Xcpyx0ya7SljLhuZHImFLFq4PVKgQa1F-QDSAQkwKEz1qPoKR6zuVvKPtHT7F3ytIZ5_IkxTtp9B_pfNTuVLI3ixqMKY1OLFp5A1D5OegeiQY_XH0ZusJ2AgFtMoUyVSiveEoik2kysztIi5EoCXecpIKGk-gwYA2tlN50WSwbgx55RpCchfi55AF4_wToV0nU1IQ9XnMqOjBRIee-xYr6qVZZe0v5Ea3LEC1ZeVH-EII6BW4sTRRwGjxlc4eYEqShA6DDO7hv3fH3-we1E5DMilBdelHPbnJIskncQDpM32U3Tr-rB7kv3ZnNuCDgV8yU3sRFTLGkmRVBGaRruxMV4_yOCeKLDl6GjpjaHgJx4LzLvp_fdSAjorTSKExHkkSogxbJW8l7zucA1qCMHZXJ4z-4Sp5KkpMM8jP_-xB_1rTBEBgFfQzczF6mmU8bRJRGPIBfpfrptICDpENXgYjhLVb71NPr3tmM001CROuvMotK4UQecqFBy0SVpkwPsVVr6iC82WPidLyqFDHkk_D_HS65tCZQxrj0iOO8d5NJkUJzA0Q&cid=CAQSOwAvHhf_Qhb6cxyFil9j7NlcQj1rXie5BQqGyDZItj53Qa8NxeqEhS8kngUoAdLojqyI_GF2EOwfx5VyGAE&vpa=auto&vpmute=0&sdkv=h.3.612.0&osd=2&frm=0&vis=1&sdr=1&nel=0&unviewed_position_start=1&is_amp=0&hl=en&u_so=l&ctv=0&mpt=videojs-ima&mpv=1.11.0&sdki=445&ptt=20&adk=889218030&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.612.0&media_url=blob%3Ahttp%253a%2F%2Fultrasurfing.com%2Fb9ea2a24-2b34-4d28-a11f-e90292b27145&sid=31B13486-1614-4FF0-BD9F-4D2F6092F9F1&eid=44772139%2C44777649%2C44781409%2C44804291%2C44806631%2C44809548&afvsz=200x200%2C250x250%2C300x250&url=http%3A%2F%2Fultrasurfing.com%2F&dlt=1705445431230&idt=2146&dt=1705445436195&ged=ve4_td5_tt3_pd5_la5000_er0.0.0.0_vi0.0.1200.1600_vp0_ts0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

5b660ec44adfb5df051940e2ba607f33b87cd5c6ae3e1b8459f2dd5bfb8018e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17359
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: http://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E4DF 42 B
64 B 57ms
56ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvaBx7rHSaAUtgOYlkDU5c25sBuzMPromSDtHP4WpJ2kJBZXg8U-FnL5t75KH4yU6nUj-e3AUDh_dsbd3t6qGvmhp3s9fGBwGMstOPgZkwX5JZSNKx9NB1jyA&sig=Cg0ArKJSzDPxrHDxi6EEEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=33&adk=2913917845&rs=6&la=0&cr=0&vs=4&r=v&rst=1705445435087&rpt=132&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A70B 0
21 B 51ms
51ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3871432408760&version=m202309260101&ct=77&x=1&cor=11179823133224598000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame B922 0
45 B 35ms
35ms Ping
image/gif 2a00:1450:4007:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&puid=2~lrgy6gid&c=1787043627238&slotId=893521813619&ghmsh_eids=44772139%2C44777649%2C44781409%2C44804291%2C44806631%2C44809548
Requested by: Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4007:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/8/224477;7878462;208;xml;DV360;DV360FY24StockBEHInMarketDEDSKVID1920x1080/ Frame B922 9 KB
2 KB 160ms
64ms XHR
application/xml 23.197.128.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/imp/8/224477;7878462;208;xml;DV360;DV360FY24StockBEHInMarketDEDSKVID1920x1080/?gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=http://ultrasurfing.com/&pub_id=1&sup_platform=1&pbMethods=[PLAYBACKMETHODS]|[CONTINUOUSPLAY]|[TIMESINCEINTERACTION]&cachebuster=[CACHEBUSTER]

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.128.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-128-137.deploy.static.akamaitechnologies.com

Software

prod-xre-app15.frk11 /

Resource Hash

5575a685ebfc6eb935bdcc0cb89534786d6a370adcfaa31fc38a155cf64a502e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:36 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=86400
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 1930
Pragma: no-cache
Last-Modified: Tue, 09 Jan 2024 16:52:56 GMT
Server: prod-xre-app15.frk11
ETag: "d69523e100e17915250924e164a00d14"
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: http://imasdk.googleapis.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Expires: Tue, 16 Jan 2024 22:50:36 GMT

GET
H2 200 main_00010.aac Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/ 3 KB
3 KB 23ms
23ms XHR
application/octet-stream 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/eng/main_00010.aac
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8157e15814af7d7217ce3c6607f6b336f4ec5d1f9e7cad4cd5441418c33420fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:36 GMT
x-age-lb: 512395
x-77-cache: HIT
x-accel-date: 1704933041
content-length: 2597
x-77-nzt: EgwBnJIhiwHXi9EHAAwBJRPCLgH3UBcGAA
x-accel-expires: @1705570657
x-77-age: 911579
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-a25"
x-77-nzt-ray: cf878727ef4785ca3c08a7651b3a421e
vary: Origin
content-type: application/octet-stream
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

POST
H3 204 csi
csi.gstatic.com/ Frame B922 0
17 B 33ms
32ms Ping
image/gif 2a00:1450:4007:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&puid=3~lrgy6gny&c=1787043627238&slotId=893521813619&vast_v=2.0&vmfc=6&vhc=0&icp=FTPrivacy&icdi=16x16&ccc=0
Requested by: Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4007:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 150ms
150ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK consumer-privacy-logo-16.png
secure.flashtalking.com/oba/icon/ Frame B922 7 KB
7 KB 118ms
24ms Image
image/png 95.101.148.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.flashtalking.com/oba/icon/consumer-privacy-logo-16.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: ddfa452f752c05d749643b4221e6e18c92c0e8b6085b5ffa0ffe357935dbf60b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:36 GMT
Last-Modified: Thu, 06 May 2021 18:54:24 GMT
Server: Flashtalking (AKA)
ETag: W/"ea9218504eec09a337676178d9020356"
Content-Type: image/png
X-Varnish: 372043838 373936616
Cache-Control: max-age=770
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7281
Expires: Tue, 16 Jan 2024 23:03:26 GMT

GET
H2 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame B922 453 B
607 B 21ms
20ms Image
image/png 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-8933329999391104

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:37:38 GMT
x-content-type-options: nosniff
age: 778
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jan 2024 23:27:38 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 58ms
58ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=show_ad&sdkv=h.3.612.0&vci=CkIIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAIKOQgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AQptCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSIQiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25QABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B922 0
0 57ms
57ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVvNzOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMBmAQAqgS8Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L4tGDw2EAKTf57XBOqBS1QihEemxXCCvq8AmZXMYTAP2F-BjO8tl0y2P3murxjNOJoLhuX0IGmFAHuAAAf5gUzABJjS0avCBOAEA4gFza2gpEuSBQYIAxABGAGSBQYIGxABGAGSBQsIIhADGAFI17D7AZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGeYAHgpy8sASoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHChDwggcY3ZKggALSCB8IgOGAEBABGB0yAqoCOgKAQEi9_cE6WOO8kKv_4oMDgAoDyAsB4g0TCPnnkKv_4oMDFYiPdwodlMIAjbAT6M-jFsgT4O_04gPQEwDYEw2IFALYFAHQFQGAFwGyFx4KHAgAEhRwdWItMTMyNTM0MDQyOTgyMzUwMhjKqx4&sigh=_F0xyc4GttE&cmd=Ch1jYS12aWRlby1wdWItODkzMzMyOTk5OTM5MTEwNBAAGAI&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_Qhb6cxyFil9j7NlcQj1rXie5BQqGyDZItj53Qa8NxeqEhS8kngUoAdLojqyI_GF2EOwfx5VyGAE&vt=10&sdkv=h.3.612.0&vci=CkIIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAIKOQgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AQptCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSIQiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25QABgB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 135ms
135ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Referer
Origin: http://ultrasurfing.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 123ms
123ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 33ms
33ms Ping
image/gif 2a00:1450:4007:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&top=1&puid=1~lrgy6e6v&c=1787043627238&slotId=893521813619&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4007:80d::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main_00010.ts Show response
video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/ 159 KB
160 KB 23ms
23ms XHR
video/mp2t 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://video.adpushup.com/instream/content/travel/adgebra_exclusive2/hls/360p/main_00010.ts
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e6b9066154742b01e16c785f97139ba1619d27a5e48940913650926bfebbab3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 16 Jan 2024 22:50:36 GMT
x-age-lb: 910758
x-77-cache: HIT
x-accel-date: 1704534678
content-length: 163184
x-77-nzt: EgwBnJIhiwHXpuUNAAwBJRPCLgH3cOUHAA
x-accel-expires: @1705568539
x-77-age: 1428246
x-cache-lb: HIT
last-modified: Fri, 19 May 2023 19:47:13 GMT
server: CDN77-Turbo
etag: "6467d241-27d70"
x-77-nzt-ray: cf878727ef4785ca3c08a7657da36f24
vary: Origin
content-type: video/mp2t
access-control-allow-origin: http://ultrasurfing.com
accept-ranges: bytes
x-robots-tag: : noindex, nofollow

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 127ms
126ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 206
Partial Content FY23Q3_Stock_Stock_Stock_DE_DE_SpringSummerShowreel-6vids_VID_1920_1080_25000_3000.mp4
cdn.flashtalking.com/165457/ 44 MB
44 MB 188ms
101ms Media
video/mp4 95.101.148.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.flashtalking.com/165457/FY23Q3_Stock_Stock_Stock_DE_DE_SpringSummerShowreel-6vids_VID_1920_1080_25000_3000.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash

Request headers

Referer: http://ultrasurfing.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 16 Jan 2024 22:50:36 GMT
Last-Modified: Thu, 30 Nov 2023 23:22:53 GMT
Server: Flashtalking (AKA)
ETag: "c97b982e53a4d531a5d213da15bd2e80"
Content-Type: video/mp4
X-Varnish: 214150276
Content-Range: bytes 0-46629810/46629811
Cache-Control: max-age=30
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 46629811
Expires: Tue, 16 Jan 2024 22:51:06 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 60ms
59ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=video_ad_loaded&sdkv=h.3.612.0&vci=CmYIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAJaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8KVggCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AVobZG91YmxlY2xpY2tieWdvb2dsZS5jb20tZHNwCoMBCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSIQiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25QAFoUcHJvdGVjdGVkLm1lZGlhLW9taWQYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame B922 41 KB
16 KB 44ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Sat, 13 Jan 2024 20:29:23 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 267673
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 15407
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 20:15:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Vary: Accept-Encoding
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Sun, 12 Jan 2025 20:29:23 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B922 0
21 B 55ms
55ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B922 0
138 B 71ms
68ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvy4I50PGItQWDDncgD9b3nYClD-STsuKliR-_UglOWzl0b1o7bG6cxwSWI3h3_8MUDPupzS700pOZ-YAWt1S0BbMJZDBY3aeDGHiyaVxQ3Q1BAgg8SOE2JpCrghrEXzh2ruadUJUBGod7jNFVwbR4pIDSEaPhO8Y2yEEjjs0q7hiF3ydpF02x0tUyZLJDxLWdpqboVDnLfj1kEWotyJfqMdJ3lBwGSYWKLWlWtP1eoimjhMJhWL64Kp9bRMPJXD35S5CDNSLHomKvR6Na07W5AGyY3VwvSnivfGJtlDf2s-wWEJx33zoWYCXnAyIyPdiN3WrsEn-K9bsEJuHBNxrhkNsCtsp7f_M4wvqcst9Z3vaoSAdhToqOOBM5L1rVaVkYYVx9WxUb2aVkiiJNqpjrr_seFfGAhhNKtPUlPS_sZInzKVwgQmPQl-XhKOG6iMKYoG3tTzpcuvhlRzjvbDKed3IoPU9GiqyTjJhEteGBdXXE3HJ76VYq43Pc6Wxyihins2-cUfDVP-rayfuGJyNFX23lzQYZTn-6t5DSj_DuYDmyZFGT_xftzYbbCFwbOtMHrDBz7gWdv9YHbqVaG-jTsSPUHcIzkQ2PiGZiedlGa0Ud_QNNqIDESGEYinEiM3sPOvQcLmLzp7ihW8uLChJapxM-lF6GEqsG1txoYcPUDjLsbX3WWnzJM_a3n5cur5_fx6onzuyJKY9oj2FqI_f2QWwVj4eHYZcJU4JEEGbjX-_aiZk2OQRGTxUbY7Nwl4e4Z6yt_oYf_ZUT4Yu5GFatZ9xzSHYJpiQP6F72646gzrnyilblETTjP2yqPLNCbcqK6er4_VWPBCax7pRhdzpMiihPmihMHcueCX8HZGeJwwRBpXgW2GAZ-J29kasrDhrgw47jWznvIM6TziV_oATGZMUStdpt5646TI4FL4TT4x-yq10E5yB8OwsyaL2aNG3BehucZN3iC4Utdpqm6EKt88saMB6IpUcLM1X2iBsUOqi5aOFhl29Fpza3SJJKp4zGD7hOSbWc0jgBds4Ef5KPX11H9sCSy5xIUJc4SgRsGHTScMUhzsYkniZj9VvLHnxW8DfdOAN4yasVrujNSjq3G4vjH_RZx2DfAyKdCQ-HRAFaqOmZeyHPhiE7Rzrafy1GZ1a6d9f5ZSQ3GFLTAp6YJP1KummIsFVGZecJsI0ynLbhWvMYKeUg1rNXjLyaQrdpeLgF_EI5v-LyXX4lwEohEpqEm5qF9EZJX2j3EshaJG1EbJgNb2i7ozjfaMVYh0eXwenDpmxf0iFPfU-qC22iaQkJz3cqe0Bmy7Tmchdz7eAu_axisnza30eLztr0T_O4dlElEjU1Jv020tVA-eB9efuL_GuseMEEdGiqBtT3_csAAATn3ZNzg2EDIJy85BhE0BecStqpSvTcgBrbh1HATGu6Jtrv98GdUHhX5pTG9vBVQZ0mhaCJ_pLSsxjx5Yg&sai=AMfl-YSyZHbY5ODE2Sg0_Ce98FZU7C1V9yKRLsvXfFiZ8lyEQoFyY78JSNA2inaCs0dyKArLtTOKVt3wNLAXEvRULxTfFQPyaF-ZC0pR_9IVG3xAHWqjpvZY2gjXb_mttXwtpPVeYs1_nbM7nXPVdTRK2MBe8Fe7ybpI5e-1P_utwGdm6UfKgF4i1LXE4XDOWfE_BA_IZt4TlfrzAjrJTkAWNXUvCbNhjA59eDscKoDoe398kVGdWeHzMCjDT2IZ6QsSzkBslikPx9NdL_To2eidRaPK-zD36lw&sig=Cg0ArKJSzOmqra1nt-RUEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&sdkv=h.3.612.0&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame B922 0
0 65ms
63ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQt92T3QQY3ZKggAIgATAB&v=APEucNXRNlZ1ohTHx7nFumcnlrKs7Owb-QHCCXuXSAxY1Q1KVzCOtBh7I0pzYM_kr46rdbHpYwogALyu1pPNOKq5fDOuAKqyLQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

GET
H/1.1

200
OK

4438446.gif
cdn.flashtalking.com/xre/787/7878462/4438446/image/ Frame B922
Redirect Chain

https://servedby.flashtalking.com/imp/1/224477;7878462;201;gifimpid;DV360;DV360FY24StockBEHInMarketstreamingDEDSKVID1920x1080/?ft_impID=0F2AAA18-2924-0392-5E9B-2C2327944A7C&ft_custom=&ft_c1=&ft_c2=...
https://cdn.flashtalking.com/xre/787/7878462/4438446/image/4438446.gif

42 B
397 B

81ms
29ms

Image
image/gif

95.101.148.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.flashtalking.com/xre/787/7878462/4438446/image/4438446.gif
Protocol: HTTP/1.1
Server: 95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-38.deploy.static.akamaitechnologies.com
Software: Flashtalking (AKA) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Tue, 16 Jan 2024 22:50:37 GMT
Last-Modified: Fri, 01 Dec 2023 02:08:18 GMT
Server: Flashtalking (AKA)
ETag: W/"d89746888da2d9510b64a9f031eaecd5"
Content-Type: image/gif
X-Varnish: 439193123
Cache-Control: max-age=759
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42
Expires: Tue, 16 Jan 2024 23:03:16 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app6.frk11
Access-Control-Allow-Origin: *
Location: https://cdn.flashtalking.com/xre/787/7878462/4438446/image/4438446.gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Tue, 16 Jan 2024 22:50:37 GMT

GET
H2 200 img.png
d9.flashtalking.com/img/ Frame B922 70 B
367 B 242ms
47ms Image
image/png 34.250.108.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d9.flashtalking.com/img/img.png?D9r.DeviceID=true&D9v.CampID=3175&D9v.CCampID=224477&D9v.ImpID=0F2AAA18-2924-0392-5E9B-2C2327944A7C&D9c=ftVideo&D9c.placementId=7878462&D9c.creativeId=4438446&D9c.confId=0&D9c.privacy=t&D9v.gdpr=FT_GDPR&D9v.gdpr_consent=&D9v.us_privacy=!!US_PRIVACY!&cb=1568693309
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.108.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-108-164.eu-west-1.compute.amazonaws.com
Software: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8 /
Resource Hash: f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:37 GMT
server: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8
access-control-allow-methods: GET,POST,SERVER
p3p: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
access-control-allow-origin: d9.flashtalking.com
content-type: image/png
access-control-allow-credentials: true
content-length: 70

GET
H/1.1 200
OK img
data.ad-score.com/ Frame B922 35 B
633 B 680ms
130ms Image
image/gif 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.ad-score.com/img?pid=1000940&tid=15091&tt=g,vast_imgs&l1=224477&l2=DV360&l3=7878462&l4=4438446&l5=1&l6=1&utid=0F2AAA18-2924-0392-5E9B-2C2327944A7C&cb=1568693309&uadid=-1&pub_app=&pub_domain=http%3A%2F%2Fultrasurfing.com%2F&uid=&interact=[TIMESINCEINTERACTION]&pub_ts=1705445437&pm_session_data=impression
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
Last-Modified: Tue, 16 Jan 2024 22:50:37 UTC
Age: 0
Access-Control-Allow-Methods: GET,POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 62ms
60ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=vast_creativeview&ad_mt=0&sdkv=h.3.612.0&vci=CmYIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAJaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8KVggCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AVobZG91YmxlY2xpY2tieWdvb2dsZS5jb20tZHNwCoYBCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSJAiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25I3AJQAFoUcHJvdGVjdGVkLm1lZGlhLW9taWQYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
servedby.flashtalking.com/state/7878462;4438446;0;271;0F2AAA18-2924-0392-5E9B-2C2327944A7C/ Frame B922 42 B
343 B 95ms
36ms Image
image/gif 23.197.128.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://servedby.flashtalking.com/state/7878462;4438446;0;271;0F2AAA18-2924-0392-5E9B-2C2327944A7C/?ft_data=[PLAYBACKMETHODS]|[CONTINUOUSPLAY]|[TIMESINCEINTERACTION]&cachebuster=1568693309

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.128.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-128-137.deploy.static.akamaitechnologies.com

Software

prod-xre-app13.frk11 /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app13.frk11
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 42
Expires: Tue, 16 Jan 2024 22:50:37 GMT

GET
H2 200 ft.stat
ad-events.flashtalking.com/ Frame B922 0
67 B 215ms
20ms Image
text/plain 52.57.12.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-events.flashtalking.com/ft.stat?15091;224477;7878462;4438446;0;13;0F2AAA18-2924-0392-5E9B-2C2327944A7C;5859C2BF95A570;1568693309
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.12.140 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-12-140.eu-central-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:37 GMT
server: awselb/2.0
content-length: 0
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK img
data.ad-score.com/ Frame B922 35 B
633 B 547ms
137ms Image
image/gif 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.ad-score.com/img?pid=1000940&tid=15091&tt=g,vast_imgs&l1=224477&l2=DV360&l3=7878462&l4=4438446&utid=0F2AAA18-2924-0392-5E9B-2C2327944A7C&cb=1568693309&uadid=-1&interact=[TIMESINCEINTERACTION]&pub_ts=1705445437&pm_session_data=adstart
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
Last-Modified: Tue, 16 Jan 2024 22:50:37 UTC
Age: 0
Access-Control-Allow-Methods: GET,POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_oe=ChMInaiqq__igwMVrU8dCR3wwQdQEAAYACDyjJxiQhMIpNqRq__igwMViI93Ch2UwgCN;dc_eps=AHas8cAoUs7ObqPS_cBX29P6BiqhBgor4rmnsL312kRAFktzvIcswK1Tj-BLnUsMKExCgs9HDgEGFyI;met=1;ecn1=1;etm1=0;eid1=11;
ade.googlesyndication.com/ddm/activity/ Frame B922 42 B
401 B 253ms
58ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMInaiqq__igwMVrU8dCR3wwQdQEAAYACDyjJxiQhMIpNqRq__igwMViI93Ch2UwgCN;dc_eps=AHas8cAoUs7ObqPS_cBX29P6BiqhBgor4rmnsL312kRAFktzvIcswK1Tj-BLnUsMKExCgs9HDgEGFyI;met=1;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 63ms
62ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=part2viewed&ad_mt=0&sdkv=h.3.612.0&vci=CmYIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAJaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8KVggCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AVobZG91YmxlY2xpY2tieWdvb2dsZS5jb20tZHNwCoYBCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSJAiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25I3AJQAFoUcHJvdGVjdGVkLm1lZGlhLW9taWQYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ft.stat
ad-events.flashtalking.com/ Frame B922 0
66 B 215ms
21ms Image
text/plain 52.57.12.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-events.flashtalking.com/ft.stat?15091;224477;7878462;4438446;0;338;0F2AAA18-2924-0392-5E9B-2C2327944A7C;5859C2BF95A570;1568693309
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.12.140 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-12-140.eu-central-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:37 GMT
server: awselb/2.0
content-length: 0
content-type: text/plain; charset=utf-8

GET
H2 200 dc_oe=ChMInaiqq__igwMVrU8dCR3wwQdQEAAYACDyjJxiQhMIpNqRq__igwMViI93Ch2UwgCN;dc_eps=AHas8cAoUs7ObqPS_cBX29P6BiqhBgor4rmnsL312kRAFktzvIcswK1Tj-BLnUsMKExCgs9HDgEGFyI;met=1;ecn1=1;etm1=0;eid1=16;
ade.googlesyndication.com/ddm/activity/ Frame B922 42 B
107 B 253ms
58ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 61ms
60ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=admute&ad_mt=0&sdkv=h.3.612.0&vci=CmYIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAJaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8KVggCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AVobZG91YmxlY2xpY2tieWdvb2dsZS5jb20tZHNwCoYBCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSJAiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25I3AJQAFoUcHJvdGVjdGVkLm1lZGlhLW9taWQYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 2 KB
1 KB 109ms
108ms XHR
application/json 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1705445436936&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1589&pt=-881998769&tz=60&viewable=true&ddast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=1334675&dpubid=231135&abtst=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fultrasurfing.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b16a5ad86efcccdb9c95ed646a8f4b8184974e91b60ff0161cf4bc81ebb73a5d

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: text/plain

Response headers

X-Cache-Hits: 0
Date: Tue, 16 Jan 2024 22:50:37 GMT
Content-Encoding: gzip
Via: 1.1 varnish
MachineId: 1436
transfer-encoding: chunked
X-Cache: MISS
Connection: keep-alive
X-Served-By: cache-fra-eddf8230125-FRA
Pragma: no-cache
Server: nginx
X-Timer: S1705445437.948257,VS0,VE87
Vary: Accept-Encoding
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 158ms
158ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET dc_oe=ChMIjejrqf_igwMVCZH9Bx0zuAngEAEYACCI2KFj;dc_eps=AHas8cCEJgNb8my_HbX3TqUibuMarrIbaimV2yC3d4Cwn7dEHfpwRRnG989pTxsdluPB3Fcsyj7xGHc;met=1;&timestamp=1705445436938;eid1=871060;ecn1=1;etm1=0;eid2=2...
ade.googlesyndication.com/ddm/activity/ Frame C9CC 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame C9CC 0
0

POST
H2 202 logs
http-intake.logs.datadoghq.com/api/v2/ 0
0 147ms
147ms Ping
application/json 2600:1f18:24e6:b902:1c91:2b33:bb06:776e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=450db60c9e5108400bd9a6539552f87a&ddsource=nodejs&service=instream
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/45157/apInstreamBundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:1c91:2b33:bb06:776e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 1E4C 23 KB
9 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: http://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://imasdk.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 12084
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Content-Length: 8727
Content-Type: text/html
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 16 Jan 2024 19:29:13 GMT
Expires: Wed, 15 Jan 2025 19:29:13 GMT
Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Server: sffe
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0

GET
H/1.1 204
No Content gen_204
pagead2.googlesyndication.com/pagead/ Frame B922 0
459 B 308ms
287ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=34&d=1&s=1&f=0.01&li=v_h.3.612.0&bgai=BtgGnPAinZZ2aFK2f9fgP8IOfgAUAAAAAOAHgBAI

Protocol

HTTP/1.1

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Type: image/gif
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 0
X-XSS-Protection: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1E4C 39 KB
17 KB 50ms
27ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js

Requested by

Host: tpc.googlesyndication.com
URL: http://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Fri, 12 Jan 2024 14:22:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 376080
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 17083
X-XSS-Protection: 0
Last-Modified: Wed, 03 Jan 2024 11:18:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Vary: Accept-Encoding
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Sat, 11 Jan 2025 14:22:37 GMT

GET
H/1.1 204
No Content gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E4C 0
459 B 53ms
53ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.3.612.0&bgai=BtgGnPAinZZ2aFK2f9fgP8IOfgAUAAAAAOAHgBAI&bg=!JSalJmnNAAaumcC-jpk7ADQBe5WfOLgViKIyiVYP2c5v7IwoX8o6z55AJSnY1OLkMQ6DIDml745ZGAy4K2wMQ-EbtS7MAgAAADpSAAAAAWgBBwoABrDDhKJqH5kC4M7J7ELDkLF0kdQzaQvwO_9VDaT6yO1aIQzyEdOGA-ejxSY9EBrXcfGilOV6aaJvOKLcjmAMImjwyfums7BsdCgRU5jPu3P6zIMO9xnTKQ143qXd-eKzwriRhyzqG8zkzxuVs-pBNLurYWJ_7mqSQCHXRxKAQUmAcaip9RDmW6TxlztqkDmweGkih1s-EdG_ggyCoIzy3aF088AZlUaKdx95TfDXfNInH__D9DiU-CdrMon6VrFfnik5HKJswsd3jtxXvZb5oD2epvej8mMhWCEgE20B7Ih0qMRVLFWzaiLRjy6uDgu6vtCg5AiaaA0HsDANImlVWD3XKhJFVS2awWIHPzTeRQBfCaBIkKQ-WkJH6RAZ6fz6ffcUFVq0Zx_2TXuVE84wMcZgwhUg3QDCsTaQeG3U0PNRgMa6dEQGBzaoy8HCSFWZHImxWjxbXRbzmWZDjznRIcyCcUF4dnXSqpM8UYTrnKexr38RJqPcSdYT9NMZ502i1ahcEJXVPFB9sjJiEUK63IdfQ-kMGy6COEr-tMv3IPY5vt443eyaUuvZjf5Zvt20sGhLnE6CibGC9zJ41qCeq0P2HLB0uC8oDUP5aksx-n_PbfS8ws_z6diSViMjD0k_P9R7bIqe4W5QmyIQ6TVWWjSIimiB_hOUGdmAB02cLCfO0sezAExmSsix5oNTPgxBoFQ7QQRtkBcPcjvuQkz6y_9S5oC2lFWFv6POvZ0sm7M39zHGYYcbFBu7KtLqVN9V_yAMlhJZ9fpod6-8gN0jrZogAIW2NZLC2Fgbl97yPCW_OY8jApeJv5ZC3pwAy0qZdRrcWt--kznCalEdp1OcIHWfivJsEcbNa5ciSF_dpN6LK_EOAvdc7lz2XE3Rzu8xqUruepv37uSqOg26nRGuPfdx-ciJcO53tc0305Nq839dk3XZg0hHyx0hUm-9RBvJmRmeqx1G-sAKCR_yKOXHuV8bXwEi-Frck_Y

Protocol

HTTP/1.1

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:37 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Type: image/gif
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 0
X-XSS-Protection: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 27ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z0TZ7TDHS1&gtm=45je41a0v886690812&_p=1705445432291&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1817517829.1705445432&ul=en-us&sr=1600x1200&_eu=AAg&_s=3&sid=1705445432&sct=1&seg=0&dl=http%3A%2F%2Fultrasurfing.com%2F&dt=ultrasurfing.com%2F&en=ap_page_view&epn.siteid=45157&_et=1&tfd=6980
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z0TZ7TDHS1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ 0
187 B 130ms
36ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:37 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadf%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=&uid=8989862715861995851

86 B
634 B

342ms
65ms

Image
image/png

212.36.83.245
AS_ADAM Adam Data...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=&uid=8989862715861995851
Protocol: HTTP/1.1
Server: 212.36.83.245 Sant Vicenç dels Horts, Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS: lb1.vdmy.dtic.es
Software: nginx /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:39 GMT
Server: nginx
Vary: Accept-Encoding, Origin
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 86
Expires: 0

Redirect headers

location: https://a-prebid.vidoomy.com/setuid?bidder=adf&gdpr=0&gdpr_consent=&uid=8989862715861995851
date: Tue, 16 Jan 2024 22:50:38 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H2 200 sync
x.bidswitch.net/ 43 B
146 B 67ms
20ms Image
image/gif 18.158.157.189
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=vidoomy
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.157.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-157-189.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

setuid
a-prebid.vidoomy.com/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fa-prebid.vidoomy.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=1039231244461623907

86 B
634 B

408ms
57ms

Image
image/png

212.36.83.245
AS_ADAM Adam Data...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=1039231244461623907
Protocol: HTTP/1.1
Server: 212.36.83.245 Sant Vicenç dels Horts, Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS: lb1.vdmy.dtic.es
Software: nginx /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:39 GMT
Server: nginx
Vary: Accept-Encoding, Origin
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 86
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:38 GMT
an-x-request-uuid: cd392ca0-a70a-4e1f-9fb8-8b9b756270fd
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://a-prebid.vidoomy.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=1039231244461623907
x-proxy-origin: 217.114.218.19; 217.114.218.19; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58531/ 0
38 B 26ms
25ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58531/occ?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:38 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 113ms
113ms Image
image/gif 2600:1f18:1aca:4280:bc94:ac10:ec71:5975
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1878143&asId=b8fd32b0-5ee0-e2b5-e6d7-90a7ada75e77&tv=%7Bc:1vw3BD,pingTime:5,time:5084,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:390,h:131,t:62%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:1,cnod:1,gm:1,slTimes:%7Bi:5084,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:62,wc:0.0.1600.1200,ac:16.960.390.131,am:sp,cc:8.960.398.0,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5027~100%5D,as:%5B5027~390.131%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:,tt:rjss,dtt:120,fm:u1zlePs+1*.1878143-77320179%7C11%7C12%7C13%7C14%7C15%7C161%7C162%7C17%7C181%7C182%7C183%7C19%7C1a%7C1b%7C1c1%7C1c2%7C1d1%7C1d21%7C1d3%7C1e1%7C1e21%7C1e3%7C1f%7C1g1%7C1h%7C1i%7C1j,idMap:1*,rmeas:1,rend:1,renddet:SPAN.qs.sn,siq:62,sis:256%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:bc94:ac10:ec71:5975 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:39 GMT
server: nginx
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H/1.1 200 VideoBidRequestHandlerServlet Show response
am-wf.taboola.com/ 2 KB
1 KB 124ms
91ms XHR
application/json 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1705445439842&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=3&pv=1589&pt=-881998769&tz=60&viewable=true&ddast=V8DSECLAZArhxHUdV36ROAXDmOoqrv0i8AAABgYID-AEmuRoORY7hYC2fGzVq0mTjXEpPL4ZZNHMaNxzbb2CwjIyDJ1WgwcgwXa-HMuFmLNhPnWmJyOdyyicO48dhmG5tlZAUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPG2Sg6XT4XPd61dl0eXhel5vT7rNr_G6_HAAAAAA8-P___4cAAAAAEAEAAABAAgAAAACFgAr_FgQuAAAAAGD4____1wAAxcFgHZ7Py-wPAAAAACAAAAAASAAMGH6XAKDomjzx_________x9jgD7zRsb_____DYMeAA8-AB6EAAAAfAwJY9GOZmHG5SdSEFiEEQAAAIBsOe2JI5N0gopFlf___34rAFcAAAIaKfA-hLLoDkq8hQEAAAAYs0APi99vdtg1frfL_P________-b-T_zj0ao6cg1TdDFtYKaX0AAgDW_gAAAbMYNAMAbAThBJwBWJ4EGm81kMVsNZwcAAADgzv___78ekNyYTB7nYDgZjmyOmWcwG41Mw4ljORtulsPdxrc9Aqp-ANSbbph9QoRl9vsOCsrp6TG7DKKi622xO5xmz0F80DAsJ4NgfiZsMVpNJpvlcLZcTAbD0XA02p-BmAwGaCIGy-VkspjsVqPVaDPcjWaDBRKIwQRRtGgwWY1Gk8VkuBpNVrPlYrfbIIpWrWajzWC4mk1mu91qOBguRyM0YYvRajLZLIez5WIyGI6Go9EQweBksBhuRsO1wrXYrUUL43Ct8I1sa9FsYZzMfKvdxDdzi14f08dhGI4szi0SDEDZi-RpkU5ki4lhsNo4DKPRyLFZzlYb32xlclgGm-VyY7NYJmKJ5mSRTmSXfXNjMnmcg-FkOLI5Zp7BbDQyDSeO5Wy4WQ53G9--OBkshpvRcK1wLXZr0cI4XCt8I9taNFsYJzPfajfxzdyi18f0cRiGI4tz39gNVqPRarTZ7Bu7wWo0Wo02m32HyfRMfc5GcS0n8agMt2hLqLQ5DQqXweL9SUyLaXd2EJ18R6dOqlIWdUa_3-_3-_1-v9_vN2g9B7NB4Rv2XZ5hTCSzZXNjg9hgUMQSwUU6UZ1Nl4fndbm5VWfT5eF5XW4WsURpukgn-qLf7TI8fC5_RSwRnC7SidDvdlnUf-Qgi91csRjNJYvhXLFcJQAAAAAAAAAASzDNdBMAAAAAJwPZLBab1TodxGYzmu1WywUAET-v60cGzg3-DqRmF3pR2LiVXqpdscYem6iz6fLwvC43t-psujw8r8vNygAg4tmZbfYZQazValkDAAAQwAYAABDATTfeBJBFcf_____jAAAAyMihBwAAQL8P6IlWL_zIleIfgAqxVqvV7cZarVbAghmOJsMJ_P___wc!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=1334675&dpubid=231135&abtst=adxsub-out_vA!adxsub-out_vB!agqp4c_vC!smbs!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fultrasurfing.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/lite-unit/4.7.5/UnitFeedManagerDesktop.min.js
Protocol: HTTP/1.1
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 9141ad95e2ce20e639d32ed165c914518559489cfefe792c6c5bf606a7d9fdc2

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:39 GMT
Content-Encoding: gzip
Server: nginx
MachineId: 1469
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://ultrasurfing.com
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/ultrasurf-bcovery/ Frame 058B 160 KB
45 KB 23ms
22ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/ultrasurf-bcovery/loader.js
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e48f3d56a0f09cd02ca428f092676d895bde1fff0dd11e438282a548095caa20

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: WO1kIiGi4xQwoXWGqKyFbG4ZPvw3rXRR
Content-Encoding: gzip
Via: 1.1 varnish
Date: Tue, 16 Jan 2024 22:50:40 GMT
x-amz-request-id: 2GQBAH0RRBBBWYG1
Age: 22172
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-amz-replication-status: FAILED
Connection: keep-alive
Content-Length: 45266
x-amz-id-2: uw8EuQ92411EcwvjY9iZAE4h+zDUgPLzRQgX2iGDbLGlCjNxwRGLQisPD4zTHbmE1+GkvxLYcyI=
X-Served-By: cache-fra-eddf8230061-FRA
Last-Modified: Tue, 16 Jan 2024 11:19:30 GMT
Server: AmazonS3
X-Timer: S1705445440.077428,VS0,VE2
ETag: "1bf8f077f443370ba803d0c99d26392c"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
abp: 58
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H2 200 impl.20240116-10-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame 058B 835 KB
173 KB 20ms
19ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-bcovery/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 72afec3698db07b794eebd045a464c969c7e4a0fbbd7cacc64ea63a41c2554f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: ahsTRc8v7lZn4KaIkAvcEZ3Y7tqK1kIf
content-encoding: br
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:40 GMT
x-amz-request-id: 81T0MVTP66YYNE8F
age: 15346
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 176756
x-amz-id-2: V0h9yQK69NT8vsKksVVL/FAYtycwZJ9i3j94g1XLKHV2e1AXmntywTIToMbHuqBB0OJd0dKzahQ=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 10:34:55 GMT
server: AmazonS3-br
x-timer: S1705445440.112325,VS0,VE0
etag: "c6f23726d4c9c98b8637964ab9544d5c"
vary: Accept-Encoding
content-type: application/javascript
abp: 80
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 21349

GET
H2

200

sync Show response
gum.criteo.com/ Frame 058B
Redirect Chain

http://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

46 B
287 B

37ms
37ms

Script
text/javascript

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:39 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 374032
expires: 60

Redirect headers

Location: https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

POST
H2 200 hourlystat Show response
tempnextstat.bcovery.com/ 1 B
74 B 30ms
30ms XHR
text/plain 34.117.132.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tempnextstat.bcovery.com/hourlystat
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.132.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 248.132.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 16 Jan 2024 22:50:40 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=UTF-8

OPTIONS
H2 200 hourlystat
tempnextstat.bcovery.com/ Frame 0
0 128ms
30ms Preflight 34.117.132.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tempnextstat.bcovery.com/hourlystat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.132.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 248.132.117.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://ultrasurfing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 16 Jan 2024 22:50:40 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

GET
H2 200 json Show response
trc.taboola.com/ultrasurf-bcovery/trc/3/ Frame 058B 6 KB
3 KB 125ms
125ms XHR
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-bcovery/trc/3/json?tim=23%3A50%3A40.651&lti=deflated&data=%7B%22id%22%3A312%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3A%2282018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9%22%2C%22uifp%22%3A%2282018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9%22%2C%22lbt%22%3A1705403968857%2C%22vi%22%3A1705445433110%2C%22cv%22%3A%2220240116-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22http%3A%2F%2Fultrasurfing.com%2F%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22http%3A%2F%2Fultrasurfing.com%2F%22%2C%22vpi%22%3A%22%2F%22%2C%22e%22%3A%22http%3A%2F%2Fultrasurfing.com%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A728%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A90%2C%22dw%22%3A728%2C%22dh%22%3A90%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A2%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22Thumbnails-728x90%22%2C%22orig_uip%22%3A%22Thumbnails-728x90%22%2C%22cd%22%3A0%2C%22mw%22%3A728%7D%5D%2C%22cacheKey%22%3A%22text%3D%2F%2CThumbnails-728x90%3Dthumbnails-728x90%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 138a08a1fb22d495f476960de74676b2978dc7c8b53f72e06f6288a22e0d9110

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 105
date: Tue, 16 Jan 2024 22:50:40 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.47024999999999995
x-fastly-to-nlb-rtt: 7632
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1705445441.661933,VS0,VE105
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: http://ultrasurfing.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 userx.20240116-10-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 058B 18 KB
6 KB 21ms
20ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20240116-10-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/ultrasurf-bcovery/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c03c8c81ec732de22eef38a59be9d9eeee0416021f88d76934093e7ad6676255

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: pJvcTqz._lhRM4tJNJ.Nmzzz9ihx4E8W
content-encoding: gzip
via: 1.1 varnish
date: Tue, 16 Jan 2024 22:50:40 GMT
x-amz-request-id: 2GF1WB4C16VBJ7PP
age: 41045
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5540
x-amz-id-2: ySrpBjwrZhAZZH38mmkzE7NzbzBRQWRUAY06gxAX6GNEnN0qP+sNqbCG1/QvCHFpzHbdYVQhTKI=
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 16 Jan 2024 11:26:36 GMT
server: AmazonS3
x-timer: S1705445441.799670,VS0,VE0
etag: "ee2febaa6389dd91552eba295cce0e8c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 74
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 24881

GET
H2 204 abtests
am-trc-events.taboola.com/ultrasurf-bcovery/log/3/ Frame 058B 0
230 B 27ms
27ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/ultrasurf-bcovery/log/3/abtests?route=AM:AM:V&tvi48=14791&lti=deflated&ri=ce20e4f2a3d897befeefeef1683d0230&sd=v2_90f60973c36ea01406f9bb6cbb319c02_82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9_1705445440_1705445440_CIi3jgYQ1excGJa-4KPRMSABKAQwODib4wlAhIoQSNTJ2QNQ____________AVgAYABo0_Kg0LHL-6nXAXAA&ui=82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9&pi=/&wi=7029038949508388361&pt=text&vi=1705445433110&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1705445440786%7D&tim=23%3A50%3A40.786&id=7031&llvl=2&cv=20240116-10-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 16 Jan 2024 22:50:40 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 0a91a1fc313ce5808ad82adf9b91421c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 058B 5 KB
6 KB 166ms
166ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0a91a1fc313ce5808ad82adf9b91421c.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9f77f1ae4704c8afb9a13d3be3386d413638f49178abe3a228b002a278bace93

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 147
date: Tue, 16 Jan 2024 22:50:40 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0a91a1fc313ce5808ad82adf9b91421c.jpg
age: 754987
edge-cache-tag: 601039258183973830274846086185813884250,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
cache-tag: 601039258183973830274846086185813884250,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 479
req-referer: https://home.ultrasurfing.com/
content-length: 4998
x-request-id: 6a67c75e20f9da57088064287e752ace
x-served-by: cache-iad-kiad7000168-IAD, cache-iad-kiad7000101-IAD, cache-sna10722-LGB, cache-iad-kiad7000138-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 01 Oct 2023 07:01:54 GMT
server: nginx
surrogate-reporting: width=180,height=90,bytes=7081,owidth=997,oheight=493,obytes=155937
x-timer: S1705445441.807551,VS0,VE147
etag: "f26c5c85e9909f51b4eb0cb03d2d8108"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 1

GET
H2 200 0957cc089978ea6a806fe048f41947fe.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 058B 5 KB
6 KB 108ms
108ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0957cc089978ea6a806fe048f41947fe.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0de579afee3552b92f353e45c1be761ae6af343cff98e8597966b4051a7539b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 88
date: Tue, 16 Jan 2024 22:50:40 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0957cc089978ea6a806fe048f41947fe.png
age: 141675
edge-cache-tag: 349504634976895529617231425698854322772,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
cache-tag: 349504634976895529617231425698854322772,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, MISS
x-envoy-upstream-service-time: 999
expiration: expiry-date="Sat, 13 Jan 2024 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.ksta.de/
content-length: 4668
x-served-by: cache-iad-kjyo7100101-IAD, cache-iad-kcgs7200031-IAD, cache-lax-kwhp1940115-LAX, cache-iad-kcgs7200167-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 13 Dec 2023 10:29:57 GMT
server: nginx
surrogate-reporting: width=180,height=90,bytes=5232,owidth=827,oheight=621,obytes=548876,ef=(1,13,17,23,30)
x-timer: S1705445441.807814,VS0,VE88
etag: "91d64d82efbfb7d114a228cb886e70ab"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 0

GET
H2 200 0957cc089978ea6a806fe048f41947fe.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 058B 5 KB
5 KB 20ms
20ms Image
image/webp 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0957cc089978ea6a806fe048f41947fe.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0de579afee3552b92f353e45c1be761ae6af343cff98e8597966b4051a7539b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:40 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0957cc089978ea6a806fe048f41947fe.png
age: 141675
edge-cache-tag: 349504634976895529617231425698854322772,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
cache-tag: 349504634976895529617231425698854322772,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 999
expiration: expiry-date="Sat, 13 Jan 2024 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.ksta.de/
content-length: 4668
x-served-by: cache-iad-kjyo7100101-IAD, cache-iad-kcgs7200031-IAD, cache-lax-kwhp1940115-LAX, cache-iad-kcgs7200167-IAD, cache-fra-eddf8230059-FRA
last-modified: Wed, 13 Dec 2023 10:29:57 GMT
server: nginx
surrogate-reporting: width=180,height=90,bytes=5232,owidth=827,oheight=621,obytes=548876,ef=(1,13,17,23,30)
x-timer: S1705445441.959344,VS0,VE0
etag: "91d64d82efbfb7d114a228cb886e70ab"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 1, 1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0a91a1fc313ce5808ad82adf9b91421c.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9f77f1ae4704c8afb9a13d3be3386d413638f49178abe3a228b002a278bace93

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 16 Jan 2024 22:50:40 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0a91a1fc313ce5808ad82adf9b91421c.jpg
age: 754987
edge-cache-tag: 601039258183973830274846086185813884250,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
cache-tag: 601039258183973830274846086185813884250,347755193103894433903193064834391852909,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, HIT
x-envoy-upstream-service-time: 479
req-referer: https://home.ultrasurfing.com/
content-length: 4998
x-request-id: 6a67c75e20f9da57088064287e752ace
x-served-by: cache-iad-kiad7000168-IAD, cache-iad-kiad7000101-IAD, cache-sna10722-LGB, cache-iad-kiad7000138-IAD, cache-fra-eddf8230059-FRA
last-modified: Sun, 01 Oct 2023 07:01:54 GMT
server: nginx
surrogate-reporting: width=180,height=90,bytes=7081,owidth=997,oheight=493,obytes=155937
x-timer: S1705445441.994658,VS0,VE0
etag: "f26c5c85e9909f51b4eb0cb03d2d8108"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 2

GET
H2 200 ft.stat
ad-events.flashtalking.com/ Frame B922 0
66 B 22ms
21ms Image
text/plain 52.57.12.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-events.flashtalking.com/ft.stat?15091;224477;7878462;4438446;0;14;0F2AAA18-2924-0392-5E9B-2C2327944A7C;5859C2BF95A570;1568693309
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.12.140 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-12-140.eu-central-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 22:50:41 GMT
server: awselb/2.0
content-length: 0
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK img
data.ad-score.com/ Frame B922 35 B
633 B 135ms
134ms Image
image/gif 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.ad-score.com/img?pid=1000940&tid=15091&tt=g,vast_imgs&l1=224477&l2=DV360&l3=7878462&l4=4438446&utid=0F2AAA18-2924-0392-5E9B-2C2327944A7C&cb=1568693309&uadid=-1&interact=[TIMESINCEINTERACTION]&pub_ts=1705445437&pm_session_data=firstquartile
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Jan 2024 22:50:41 GMT
Last-Modified: Tue, 16 Jan 2024 22:50:41 UTC
Age: 0
Access-Control-Allow-Methods: GET,POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 35
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_oe=ChMInaiqq__igwMVrU8dCR3wwQdQEAAYACDyjJxiQhMIpNqRq__igwMViI93Ch2UwgCN;dc_eps=AHas8cAoUs7ObqPS_cBX29P6BiqhBgor4rmnsL312kRAFktzvIcswK1Tj-BLnUsMKExCgs9HDgEGFyI;met=1;ecn1=1;etm1=0;eid1=960584;
ade.googlesyndication.com/ddm/activity/ Frame B922 42 B
107 B 56ms
55ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame B922 42 B
64 B 57ms
57ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CCjhdOwinZeTQOIif3gOUhYPoCJubw-hwudeu8q0Sr4G649cCEAEgyt7XSGCVgoCAsAegAYLk69ApyAEFqAMByAMTmAQAqgS_Ak_QBpE5X1yqidxigt7BNo62-_GmqjfnrEvVmwztNr8UHvJ-nvaZkEBFq7uJ3Et__ssVwVhKvkL-65HVUtQ-6BI6YEvS-ZaxEGtMptCJZ38QMCLSfPyy5AuApiIPQNAMAPag41qDS11dsRkswiBciZIM7s4zg5qnDOg5rdWdnwmlbM9thbNWL6kEzkcTcVOw1vH5iWyA7I0Jeqg5QI-xSNza7MYoLc_CND33h43iwUiPHcCYzqn-bzZtIrvkOn1UrSMN26-RGmkeUgDn6Kqpmn6P58WlmCOWTKOU5vB-8IQFl2YmusLW3vXyuNF2qlK9vuoF2JMTSremY_rR6L51GabDg5DU7QVN19UKmCimYEMiIRUjRbulSjPBSTkmwOQAb_uITuOZEWF0DOTJvFzVrcnsucdOP_CmueosmMN6Vu7ABJjS0avCBOAEA4gFza2gpEuQBgGgBnmAB4KcvLAEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHTICqgI6AoBASL39wTpY47yQq__igwOACgPICwHgCwGADAGqDQJEReINEwj555Cr_-KDAxWIj3cKHZTCAI2wE-jPoxbQEwDYEw2IFALYFAHQFQH4FgGAFwE&sigh=77OvLrPQiwQ&label=videoplaytime25&ad_mt=3988&sdkv=h.3.612.0&vci=CmYIAhIec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw2ODMxMTQ5NjM3NTBAoAJaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8KVggCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk1NzM1NTE5NDIyCTIwNTk4MTI5OEC5AVobZG91YmxlY2xpY2tieWdvb2dsZS5jb20tZHNwCoYBCAESGXNlcnZlZGJ5LmZsYXNodGFsa2luZy5jb20aAkZUIAIqDzc4Nzg0NjItNDQzODQ0NjIRNzg3ODQ2Mi00NDM4NDQ2LTBAqwFSJAiowwEQDyUAAHBBKAE6B3Vua25vd25CB3Vua25vd25I3AJQAFoUcHJvdGVjdGVkLm1lZGlhLW9taWQYAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Jan 2024 22:50:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 hourlystat Show response
tempstat.bcovery.com/ 1 B
74 B 32ms
31ms XHR
text/plain 34.149.70.130

General

Check archive.org

Show headers Download Go to

Full URL: https://tempstat.bcovery.com/hourlystat
Requested by: Host: ultrasurfing.com
URL: http://ultrasurfing.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.70.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 16 Jan 2024 22:50:41 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=UTF-8

OPTIONS
H2 200 hourlystat
tempstat.bcovery.com/ Frame 0
0 242ms
29ms Preflight 34.149.70.130

General

Check archive.org

Show headers Download Go to

Full URL: https://tempstat.bcovery.com/hourlystat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.70.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://ultrasurfing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 16 Jan 2024 22:50:41 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

POST
H2 204 bulk Show response
trc.taboola.com/ultrasurf-bcovery/log/3/ Frame 058B 0
346 B 28ms
28ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/ultrasurf-bcovery/log/3/bulk?tvi48=14791&route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20240116-10-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://ultrasurfing.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Tue, 16 Jan 2024 22:50:41 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7307
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230059-FRA
pragma: no-cache
server: nginx
x-timer: S1705445442.802930,VS0,VE9
content-type: image/gif
access-control-allow-origin: http://ultrasurfing.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1 200
OK f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 058B 254 B
1 KB 21ms
21ms Image
image/png 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: HTTP/1.1
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ultrasurfing.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
Date: Tue, 16 Jan 2024 22:50:41 GMT
Via: 1.1 varnish
x-amz-request-id: 1V3H9VCVPBG1B2M0
Age: 10443
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 254
x-amz-id-2: ecEkqIT2UiXx3kNvrYZW8vzeO4j3+ukvjDCTHGC9cb5Y1awQ9zHumBitHqhNLm54Y/VcUMLqVJ0=
X-Served-By: cache-fra-eddf8230061-FRA
Last-Modified: Wed, 24 Jun 2015 07:14:11 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
X-Timer: S1705445442.822406,VS0,VE0
ETag: "dfa7b52c86e56bd67fa4002f6ed19854"
Content-Type: image/png
abp: 69
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 3379

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIjejrqf_igwMVCZH9Bx0zuAngEAEYACCI2KFj;dc_eps=AHas8cCEJgNb8my_HbX3TqUibuMarrIbaimV2yC3d4Cwn7dEHfpwRRnG989pTxsdluPB3Fcsyj7xGHc;met=1;&timestamp=1705445436938;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=2;

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5lEGgTAetyMDscKC7V5A1UNkllOVSdzfr3GtILdSYU56AK1W7-5RlKBfYnCW2F4h5R7D3WJYqgg_XOw8UhXMLom7Vm1gxuPgh0TjH-hVb_V4MXWfdJpdiZVda_93crZQ6B6ypOyoeWThMSWeR7W1wcEnR&sai=AMfl-YQqjZRrjUelzmn-j8Rumke7xXZdvj-aPQWAo3sIl8xEWeNCPQPXBzebTaSxyZ7m7KNIzuzUofdo263uKA1U6gi1eZsO5f1LTIKR1A4ceEmAfQlvWRIyljUmbvwZm7oeRIe-eOQ82mI6aeH4_EC75w&sig=Cg0ArKJSzFL3Y2QFrc_wEAE&cid=CAQSTwAvHhf_GPyMffTqC2gAyduvWoUjaZx8FecvIxUSQlvGyrtA97tsK7Wd6yE2iWqIC3Kd0lE28YXBDS2QdJcyYveRPcugmBmmrZ3NfX9V3LAYAQ&id=lidartos&mcvt=3096&p=370,588,620,888&mtos=3096,3096,3096,3096,3096&tos=3096,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2329818728&rs=4&la=0&cr=0&vs=4&r=b&rst=1705445433514&rpt=321&isd=0&lsd=0&ec=1&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Verdicts & Comments Add Verdict or Comment

499 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ultrasurfing.com/	1970-01-20 17:45:31	Name: _gid Value: GA1.2.1669368947.1705445432
.ultrasurfing.com/	1970-01-20 17:44:05	Name: _gat_adpushupClientTracker Value: 1
.quantserve.com/	1970-01-21 03:14:19	Name: mc Value: 65a70838-ac347-c8466-cbc0b
.ultrasurfing.com/	1970-01-21 03:08:34	Name: __qca Value: P0-380410647-1705445432514
.ultrasurfing.com/	1970-01-21 03:20:05	Name: _ga_Z0TZ7TDHS1 Value: GS1.1.1705445432.1.0.1705445432.0.0.0
.ultrasurfing.com/	1970-01-21 03:20:05	Name: _ga_Y4YW22RJ0K Value: GS1.1.1705445432.1.0.1705445432.60.0.0
.ultrasurfing.com/	1970-01-21 03:20:05	Name: _ga Value: GA1.1.1817517829.1705445432
ultrasurfing.com/	1970-01-20 18:27:17	Name: _pbjs_userid_consent_data Value: 3524755945110770
.ultrasurfing.com/	1970-01-20 18:27:17	Name: _pubcid Value: 4bea8b2f-0441-4ceb-8843-f7ed4ac9794f
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: olSQ41md6CQ
.youtube.com/	1970-01-20 22:03:17	Name: VISITOR_INFO1_LIVE Value: N3hA0-ytyKw
.ultrasurfing.com/	1970-01-21 02:29:41	Name: FCNEC Value: %5B%5B%22AKsRol-nNgIegJ9fgjF_Jd-Mhffl6aqZe6mWC0RyxBhTAl54AeJ8w5y0odAYwxgtS8-3LhdX7jJ2ESely8VAWmBCTR7d97UCKo1siw4U5SKIjOp8Qnv6YoHLheLFZFK3tjavkb3yvWEhSj1Z0fCbbLVd2e_zN5r07w%3D%3D%22%5D%5D
ultrasurfing.com/	1970-01-21 02:29:41	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3D82018348-a517-4a88-a7d6-46a82f757b7f-tuctca08db9
.doubleclick.net/	1970-01-21 03:05:41	Name: IDE Value: AHWqTUlJm4geZoyOhRCyKBKbpo9rWf2ra2049dsmFKvX4F267jj3ANrV-NwL0aqG
.ultrasurfing.com/	1970-01-21 03:05:41	Name: __gads Value: ID=1777b82d27b7d53d:T=1705445433:RT=1705445433:S=ALNI_MZBeChYG7_c8tiZCgzZPF-zTTaSKQ
.ultrasurfing.com/	1970-01-21 03:05:41	Name: __gpi Value: UID=00000d42be0049af:T=1705445433:RT=1705445433:S=ALNI_MYtrEmKBVYqMcHAWdIi04IbXkqRhA
m.exactag.com/	1970-01-20 19:53:41	Name: exactag_new_gk Value: cc71e7d1f4eb4d06a0c2579e6771ead3%7C16.03.2024%2022%3A50%3A33
m.exactag.com/	1970-01-20 22:03:17	Name: exactag_new_uk Value: a161a8136cb249cc96c6545ed1522e7f%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 8582b54e8acb4187bd9ee36f
.casalemedia.com/	1970-01-20 19:53:41	Name: CMPS Value: 1115
.casalemedia.com/	1970-01-21 02:29:41	Name: CMID Value: ZacIOcipzmC6pHkMEB5MbwAA
.casalemedia.com/	1970-01-20 19:53:41	Name: CMPRO Value: 1115
.adnxs.com/	1970-01-20 19:53:41	Name: uuid2 Value: 1039231244461623907
.adform.net/	1970-01-20 18:28:43	Name: C Value: 1
.adform.net/	1970-01-20 19:10:29	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 19:53:41	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilfd5ddc!]tbO8i_iqf!oN/@E'zz<Z0Q^SZgiI?+6]1P[V@x%L4.//A0Edf(h^)F_F0TD._PlZ[C[-kX-B'<B9
.doubleclick.net/	1970-01-20 22:03:17	Name: APC Value: AfxxVi7xrAqZxkfnce90PSUbi7yqQTUJWXhhKEHwnrELqD4CmefYtA
.doubleclick.net/	1970-01-20 18:27:17	Name: ar_debug Value: 1
.boadedshedisite.com/	1969-12-31 23:59:59	Name: 071ab26f-7129-4e9b-ad2d-e18a9143f72d-osz-v4 Value: w0bsSOoG0hVLEepx934hvH6rZTu5bxwK2Jxkx7QdV1ixK8PNHtadLCx2VN-LTm7YLH-WnX-BymiLkAZWIFVmFLdQVtOsdLNI-2aHciHfeNVePX06og-VraO2Tw-08w9wBR_Nn6M4mQ-Ib2YJtTqjgQIzPIDmiqcKKQhpC1JMkoK6w7QHGNQJhDj-muprpoYKChKe0U0w42C5HG1koNUFRES8O5gm12BpkAnZgdjocSamoZhdRgjwmCHHCEBoyexz1M2RzD995SRiG-XvdAAUA7B5EAkO8qh27-GF7_htxyyP7P5UCoqednNR4f-6rajjWQX33NSyAM5jR0R0BXbXpsIa7URvcBUf3MvPqBPpVfXPxNJHTocU3JHi_WbNF_oGgsPYOr_bhc7m2-Nqpv02-kgqFh9k8J7SgKLEqa9ZOUQmFY-zoDmkneiByjwbiY1HulXqHn0S-DO1DvkQNK8Wht8IZlFj0tYwIQ-aK3MBibsDls6JNL-2OpV8hWMq8HHAmU9ATb7AMEB_fqNBjPMHcsQK5CgWPpkUfNOhenwzVJGsyPo-WYn-Zl1RKJjRCLjeByJd1ufrfcSNq7RBimKWTisNTx-EXMttjPGo0nbDfbpYKIw1cYonCTr4LF7gcH_DoMogFUwJaDSoTsYIH1tTEPVt0fGGSg7Aiki3KSTpFe-9Vfp9c67PQtF42OAUht9wSHW42JFva3KxWOMdeJeZoyvmt-LJMS3sVBCKL1IygdswCJAMaNmPJfzHV6r7pGAJAOAMRh_6dQA3WW6B8WB-yMyX-EdsqWMd0LutJEF4XxxZR4LOFXudMecQaFZHiLl6RzwUKhMjwdYZb6evUyN5pC3g1BkUi5rBVjgL7qLVB0V-ehDOp22N9BolfGCozVoqjuskjGYrpXpl_-qPk36TL1YS8SVFOpoQ1bcp4Jt7BPr1acvKzSo2KGYWsMS_GBxUQyEDaP66kdom7ysPFsryAss1Yrb-uwgYq3G7ZxJrLd1TLC-ZjQuYDuxGABR0tFalAWqJ63vrVmEGNXUo5R53lCwCY_CuRK8mTc9tm5A8-v2b7vadqZDoCz-agZRbh8ZQpTZRZ8l-daPizdr4uW3duI8mLQSkR30D_W3V199aej4ADvxm6tZh4S3DNjtdmnV2IKqgRP0UzKK8doKoZqWTeFEb2tmhXVrlZ_hGgKNHKYjybvUIAT4SIDGke97g1SdW
.adform.net/	1970-01-20 19:10:29	Name: uid Value: 8989862715861995851
.adnxs.com/	1970-01-21 03:20:05	Name: XANDR_PANID Value: PqNaVByL4U8HqYmG-jEsyAd1PupWgU_dAJRnZYxFf-F3PSLkClAXNnoYYgNvLzypSVsSwSia9DCztdDKgNR-1bSNEXRGQu7jKgOoiEtyqTQ.
.vidoomy.com/	1970-01-20 19:53:41	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZGYiOnsidWlkIjoiODk4OTg2MjcxNTg2MTk5NTg1MSIsImV4cGlyZXMiOiIyMDI0LTAxLTMwVDIyOjUwOjM5LjIwNzcxNjA0M1oifX0sImJkYXkiOiIyMDI0LTAxLTE2VDIyOjUwOjM5LjIwNzY3MTk2M1oifQ==

25 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 507) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
other	error	URL: http://imasdk.googleapis.com/js/core/bridge3.612.0_en.html#goog_1855714782 Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
network	error	URL: https://s0.2mdn.net/sadbundle/8912310402203866721/null Message: Failed to load resource: the server responded with a status of 404 ()
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
other	warning	URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 104) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	error	URL: https://36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Message: Refused to execute script from 'https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=20563363907&extPm=20563363907&extCr=524297475&rnd=1705445433191474' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
other	error	URL: http://tpc.googlesyndication.com/sodar/H0ZEmIz7.html Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 14) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

36096894470f92ab9f37e5d967758ed6.safeframe.googlesyndication.com
a-prebid.vidoomy.com
aax.amazon-adsystem.com
ad-events.flashtalking.com
ad.doubleclick.net
ade.googlesyndication.com
am-match.taboola.com
am-trc-events.taboola.com
am-vid-events.taboola.com
am-wf.taboola.com
bcp.crwdcntrl.net
bid.g.doubleclick.net
boadedshedisite.com
c.amazon-adsystem.com
cdn.adpushup.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.flashtalking.com
cdn.jsdelivr.net
cdn.taboola.com
cds.taboola.com
cm.adform.net
cm.g.doubleclick.net
code.jquery.com
config.aps.amazon-adsystem.com
csi.gstatic.com
d.vidoomy.com
d9.flashtalking.com
data.ad-score.com
delivery.adrecover.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e3.adpushup.com
edge.quantserve.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.yellowblue.io
http-intake.logs.datadoghq.com
http-intake.logs.us5.datadoghq.com
ib.adnxs.com
images.taboola.com
imasdk.googleapis.com
imprammp.taboola.com
m.exactag.com
match.adsrvr.org
pagead2.googlesyndication.com
pips.taboola.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
proc.ad.cpe.dotomi.com
region1.analytics.google.com
region1.google-analytics.com
rtb0.doubleverify.com
rtbc-ew1.doubleverify.com
rules.quantcount.com
s0.2mdn.net
s1.adform.net
secure.cdn.fastclick.net
secure.flashtalking.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
skydeutschland.demdex.net
static.adsafeprotected.com
stats.g.doubleclick.net
tags.crwdcntrl.net
tempnextstat.bcovery.com
tempstat.bcovery.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
trc-events.taboola.com
trc.taboola.com
ultrasurfing.com
ups.analytics.yahoo.com
video.adpushup.com
videos.taboola.com
vidstat.taboola.com
vidstatb.taboola.com
wf.taboola.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.youtube.com
x.bidswitch.net
ade.googlesyndication.com
pagead2.googlesyndication.com
104.119.110.47
104.18.36.155
108.138.36.27
108.138.36.78
108.138.37.209
130.211.115.4
130.211.44.5
141.226.224.32
141.226.228.48
142.250.181.230
142.250.185.226
142.250.186.66
142.250.186.98
151.101.1.44
151.101.129.44
151.101.193.44
151.101.65.44
152.199.21.70
18.158.157.189
18.173.159.32
2001:4860:4802:32::36
212.36.83.245
23.197.128.137
23.67.137.210
23.97.225.52
2600:1901:0:8a8e::
2600:1f18:1aca:4280:bc94:ac10:ec71:5975
2600:1f18:24e6:b902:1c91:2b33:bb06:776e
2600:9000:20ab:7800:8:48e:53c0:93a1
2600:9000:223c:2800:6:44e3:f8c0:93a1
2600:9000:223c:d000:6:44e3:f8c0:93a1
2606:4700::6810:5614
2606:4700:e2::ac40:8103
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:801::200a
2a00:1450:4001:802::2001
2a00:1450:4001:806::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2008
2a00:1450:4001:811::2003
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a00:1450:4007:80d::2003
2a00:1450:400c:c06::9b
2a01:4a0:1338:28::c38a:ff18
2a02:2638:3::c
2a02:6ea0:c700::18
2a02:fa8:8806:12::1460
2a04:4e42:200::649
2a04:4e42:400::649
2a04:4e42:600::300
2a05:d018:d29:3605:da2e:7cf5:bf7c:fec
3.33.220.150
3.71.149.231
34.117.132.248
34.149.70.130
34.250.108.164
37.157.2.249
37.157.5.132
37.157.5.133
37.252.172.123
52.19.77.216
52.57.12.140
54.230.112.10
54.73.100.143
54.74.69.97
54.76.97.196
69.173.144.139
74.125.133.156
85.14.248.91
95.101.148.38
98.98.134.241
008a70c27959c17d83d2db9900979a1748ac72eb97145a455783d2869b571a88
012836af0a51bc628cc3eb10b36ac2b6a1dc5c6b118f95c6e5c0a66bb2c14966
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01e5a02533746095ddf786ba3f5e16c3ddf881af2845115ce514f1ad07a0f542
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b870888288fdc85577e8f8f7ca0eb724c54d5f0d98b50f407207aebd3839d88
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0cdcfa51bf7c0951161cf2e242a6ebfda64367f3aabce61b9a3a92b68baa0b49
0ce49c63580738406cf9dde96aca7fd4590b863d0206d274178765078ba47049
0d7a9eca0dc508e03e3850b602097e6d6b5d53841197849a51f45930c0e76e99
0de579afee3552b92f353e45c1be761ae6af343cff98e8597966b4051a7539b0
0e23383fb0e9a8667850cb0b239e9f0b86a1f6c6ee5f09eed44d5a8abbcb7edc
115a875f01746c303ef8e91d6da322bb7929b9ca0e57b099d82142845cd962f3
12af7975664854ca36da674714083fa05297940fce71e42dabf688e2eb19a0f1
12f9df9b07229382b461a7000afacaaafd8307b2539c11b2667835d423f924f2
138a08a1fb22d495f476960de74676b2978dc7c8b53f72e06f6288a22e0d9110
13a31108add44acedecde5907c49a00cf55cd83f4d02c0e70fb7f6f2efb03caa
147c7a6312303aec7481f9f54ba329f3edf77754f3b1a38a9bd277f8a88ca89d
150f363c4a6a83920c643313c2a6969f8f289da52dffbe8cbfd51fa0b97c428f
152c3b0628903eeadc360e7077fef2ff7fe31c5c32d5f444b4d883f2721b7fd8
15afbb62570fa1405f25871014ad7b2037b3da2171404291c637e37903057171
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
190a5a5fe1727f2d2368050b7ebd4ef27d114b22ae7f65e7d50095d79d6a377c
1c2a748bb658865c74db59a1d940681f892e5fd6fc3a246b3be7573bb0596c31
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e002b499d94aec6c4e37f9ae3843053ec35104cf25fbabbc78b680ef44e899a
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1f83d57c4d06966676c266a3195b7ff0e8561ab8f2f61383951cdb22f4adbad9
219d553d5a34a735b36c32ba0a083b8ed8a60758a9655544b7f0f67cbc5d48cb
244ee33d64e9a890d2011b5c7092c98032c2265a152e8a2d510ad7ae0bd7697e
26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16
26a64f48d5446395c47488d9d938bd0e849e30347bf4c224b6988adff535aca3
2837f6ca078df412ee3579d4c13a65b8203ef1e47830bae1366d0b540492458a
2908b32af38f1179ac8a21904561a9611b1bf2f5b05f86762718126eb0f96031
291ad59350731069a43cb924ae03eba4174c9157dbb1434679298877141e1fbb
292db287ad5f6f3365c0d0f0632cec1d3d93052df4c36c070bdb879b8967c0a5
294c654fb3f1e0a0ddd534a1581185ad9482112c5ce7b9a3d08313fcf2ee1106
2b25623e741968f2ebf681e62d7493503936947a57229fc347d755e615216b04
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
306933f88fe33271cb5c31207d65753523ccc2f6f3af8574e26d57cf66d17458
313864d8b59cae58f81aa5d2aa30eaffab90576200da5e1c8c32428c2d2d5c43
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
337d1faf3071a595281b4aa1576dfb816077055db421988197191e999a15ed5e
350a187040720b4ab9d137273560bd4e29ac415e6c7df7e867555529c38f4ca8
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
38f6d5e179f945f14121dc1f5d5b19e91358bc47212f77212b03ffa1171f9a8e
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
3e7ef45e2bd7b402fb8e5b1e3fc9e87a9f647ae661caf403c1d2d31eb70de2ba
3e9db21f3937eef9299b90bfe799d8874869affeb8c9fccbad7fb2f56b1b64fb
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4149f252125510e2732a827f921d6f6c01cc13c51f65b78fb37ced3fd205dcae
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
42e29f850eef7e59c00bcf7e5acef55510f70b516cc9be14111a6907e97c9132
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45a4c240a17a4d5f925ef0e125b86d882c6ad7549028d9cbf6f4f06fd1dd897d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49dd0771df4e1f406c319ed777dcf66b25b6c16dff5ab2247f6931edc3a79067
49f75eb91a94ab0b271b604c66904b856fea265442c0eb68423ba7ba6088740c
4a22a285f4b33ee0625fd971bc53ee27c3c43748bba6e2116487eb118e11f446
4a7217cf2d2c7aba86c5576afc224994cc9256815ec519267e088c451980c5f2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d3c300c1cd89393c7f945c06656981e3ac1c034f59996affcd1062a3092f40c
51d50e35fef162329c65f20917c771ddefd3fd26d7662d2332e119d9181353f3
526e28126d245c325f4616348304baae91c5ff41084e34d8367b22fd2415668b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54f5276a2a8507407032e42e6941b6a43cd12d88b2f5e3de94c411a945ef95e8
5575a685ebfc6eb935bdcc0cb89534786d6a370adcfaa31fc38a155cf64a502e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
589c4f2ac5f4b837b92b7bb5dddd7e6b0e15662eb4cc8963c1152ca651dc830a
58aa4d5b632232bbd5addaba386abb47aef836c32d73458c3995365a09200164
5910fa2b14f49be0ebad39542c1bf8405b12ceea073230cc788aa770cd673ad6
594b8502358c9dd3e6b638be9683e97283f1f40ce5c577895948b33b67865311
5b4a13e409bf2904747e1b23f4d7db025c541ba2c62410b277c4fa035f449e11
5b660ec44adfb5df051940e2ba607f33b87cd5c6ae3e1b8459f2dd5bfb8018e9
5bf89e1e11f54e253ba4590830d0f4c4624d952a34e7861526d70d9565c38021
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5ec245a0c0bff86ad50722921bd78ac3bd49ab8bf75cb8dbff4a012e36448f2e
5f689a26dae9b3d64d05a61dafe9a94f7e05e9a949dfe2330b879d532b441843
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
6169e3b5e89aafe805bf489c4b7a124e21b1166f3ec4895ee26943f5a1778731
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6298a36117d8182dd38f93d32cb9ba045754bbdae49b7f260054fd4700973df2
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
645c58677e2bfe285d26f92ad76260b7e17c1099970fb4833dd338230ddb2a64
64d96640ca5d904dff5b241914849bd4d5ee2d9dd2cfcf74a2d9fae934135a9d
67e9e342551d333f3de4d6ccf1cf43068fc590108b16e9fcf8ed9c2fc8885961
688cc00d0684dabd2be6c15e016a4b9d92d90a3e94d183a3eb0f60ef2c8db920
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
6b3da89922d333d106b84fefeebd7b16bfebf4cfbd7bef37fa10a47c471ae64c
6b64c80b04cff2dc73a2bd8e0eae63e60e4c0168cb01f431f5031edeec71a2fb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b99961cfdda662da2bb3895da9f0a3f33c35ba0aafa7e2497718ab6c8a4266d
6bc350db8340876bf1c6e9ccb692fea5818f4285597246b482ed908e0c55b88d
6cb1a1d782b8e747b08665c378a8a54bdadc078290e24dcd878216f5bbf28858
6d0c31b31e0600e6f718dfba9a54a4e7e1863a69e258e8bc8de7a9eff0fb59f6
6df16b9d1f923f1c810f639b4338f7f518909b3e7dd84a82590604b75e3f9933
7075edd92871d719495ae342e056de8892186bdb6c17427cbcefd3bbe60661fc
70d1e57aaf0a120a33590426738590cd1fca5a148cda33453a1b3bef7f1824b3
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36
72afec3698db07b794eebd045a464c969c7e4a0fbbd7cacc64ea63a41c2554f4
72e6013277164f63654fc121b2cbe90bb6056c4fc6f778a439e23acbfd2cc512
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7492a43f0aeb26c7740bfa1c284011b183ddc83b4d4ce07cdc93cebfc357f8c6
7523187bcb26150afded1115a2dfa44693532bbffafc915a812ff0e60d396182
7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59
77d3e03faf0ffbb11ad0c0592db709cb01a92ce2a2501d50466479e2ccc68931
787ae6f994540c58549dbf1031186a77411688b395af1ecd1491176243935b92
787c4cc00cb92b62e5cfc3d434e48c977abf1c3f0f787bbed6dea4882598f4f9
79843e768129bc54db15739806c3d973e3d7b3e97c9ac58100c657d071f56fc0
79941c0c13fe9c267d09f274832fc470f54befaf61e99dd674addd1241b187ee
7a4da18e8baeea4d9b2f6efa2cf38b32db7d139feb7a5b6d1a2045278f44d425
7cb558b096de43381ea12cbb5835a8ad210205e0e189e65bc4343ec23de06fb6
7ccfdce834a74da2333b8129505be400e6f99105035c4144b8aba725aefed438
7e7827217a94d1d1020058638a3ebc7d637615bbe0696879d60dd75ca50a07f8
7e800289f4c239b49594fc0466a323afb2e2d7f3f4afa9368b34fc24b07968e0
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8157e15814af7d7217ce3c6607f6b336f4ec5d1f9e7cad4cd5441418c33420fb
81652a2d8259077076cc5da7facc148bfeb5178518f53c2a6dd471aa1ee8533d
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e
830f9b2b1e7cef76f805e9a1e77458e158b766d79e59031459699b161222de59
8319cdd7d20a930a2fce947b00f02174ffe7bbc0a6db64f2b5c08b7a4ac3c4a3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8850868d209c4c086eca4579b496846168800fe4ac4728162508e0dc35fa3537
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8b1cba1e286f53d6cb248988afd025754de401e28af971ef20d34f0f4ecbce80
8c51deff7b41f9341f91db6aff3e6af8cf80fe6eb8c7cd69d7fc65de3929aa54
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9141ad95e2ce20e639d32ed165c914518559489cfefe792c6c5bf606a7d9fdc2
9284d948e86d2e99f31483b5f4b3a4c3e65e0a6fbca9a8d2db8c6095f82ac3f5
92d94f26a71260f876596c0cde67a5e16574914ac767017e57d86eae94bf2933
938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb
95e5a319697c15e14cf55990edf01fceb7f6ae792789a7d12c8a3d0d621ddb49
993b6c12ec96c3b5ed2b09656c8d6299c508bcbc43449a8540f0104f2473eeea
99d0eb5c20ac169666b38dabd24cb95f70d30baa6ddd92ed5f8cd4ea1b33678b
9a77b3dff91c6d3da502d97c1c8c9ade20baea4a343240537ad8bf65ef4b0c3c
9b865a2acfac38f253ac707b7594c61f107324d222d7ed62023e6e36d3fc64e0
9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0
9d32b85697d2a1d21860a855d0a9bdf3aeddfd5fe39000ca12cfaa4539cf3311
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9e60a38ea366e3ad00c1a7e965be634dbba419a3d38895e26845da6ed698d4a4
9f77f1ae4704c8afb9a13d3be3386d413638f49178abe3a228b002a278bace93
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a252e6979d9c0ea6ed9625aa1a7f230ff4d23309eba498bb9074118cebfadce0
a2a7e7bb3d0cfa13363d5160acea45601f1502fdc117e386cbcefd5775996f38
a611239b0171e932d983c83ed344b300a539371827c8773d3fee7e914f84359c
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7cb781f79688ff293d3daec52eb422190976e62b1f5dfced11a3e2a380068e0
a7e081ac2862a2c9fe794a716293c201eb0cc90623edfe349438c3af8f58ca6a
ab91220da5046e0f4af885bc1026d79fb2ed9d8d1cfaf0cc42126ebffe1f77a5
aba29df57554f20f3835fa3e453df6c0e7b394defa7e4c95be9633ebf89997ba
ac67c4c64459f243337fd1acd0f9f5884407755db33357382446eccff49080ef
ac98ee91299f984d51aa0dbdb1212d69361998cec64cb157021a805b2e7a5ed1
aea54c9c6e29069b5637d457358a4055f0bd9581165d5c501bed15ace94ff9b1
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
af46fa63cc62df18108888ede9e2b590eac12502ec3a594299ef39e1ac4c92ec
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b09ba6e0f2ea66dc1597d8154b0f46f3f8c3ee4f6b2eb1e584d6957908df1ad4
b1172bec47999d4ea9a5b20fa7bd6a5a8183cfc77834cd9c229753a909a6eacb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16a5ad86efcccdb9c95ed646a8f4b8184974e91b60ff0161cf4bc81ebb73a5d
b28c3181c149b11260684c4f1fab1f5e3c0e287313f09c2c8ca28aa9ae4ab9b1
b2957b4f8c84f766ac63fc7f0b774f04d8a92f49e7fab7572990170fd6843135
b3409135c873363cb5d0f8ec17e1e32d0b81b8a98acc26388d6323527364c293
b490f6138d7d9c066318706709b29cbe94a091d5676fc0833e014c4e862468b6
b672aa282cfcdc0be657fe84065b73f600d95e88dd7a4070ded150ec31dcf197
b7f80935106390ce68b498562c40c39863298cf9edd85faa71d35fcdf848a6c7
b9c08786bc5c4fe68b2b618db69f28ee6163b239778cc1dbb93d5a274dd3060e
b9deac08511b98fa127fcf0d07e132b58d85b56662aabeafd82029d6257cdd2f
ba215ba34df598608a897a1378c5c68d337ae0b7cc5d3dd6aff569c5c2779826
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be99d6c83405ea295f49cc0d412e73b9ed95a16381c141b4db2c27a758fa6f82
bf352f346efc41f1e0e69355115e19cf269d6855e586dc4727dea04c2034499c
bf461dd3069046a73726a2db69d26ba1d39fa0804e207a92bb0635fa4341da92
c03c8c81ec732de22eef38a59be9d9eeee0416021f88d76934093e7ad6676255
c079199a5435fa99db800056db5eaf70effb0229c4440048016a325996678094
c1ca98de7b01e6d3290b192e891e8b978c35d0220d8da56efbb6c672ab74455d
c1d6f22645ce955768c18e3817ef28506b3f65a3d145331309b91566e826184a
c1fd178704274f44bbf9ae308e617a1759fe6c4dbd862be4fccc278d05a5a314
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c3b7f86d2445e61c082c1307d400456e75e89ff7469ce1ec10500453ff4f2282
c426fcce7a59ac1567dd6cab45c40c4d0837edcde561346b6b1869bfb9fbcdd0
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c4f07d9f433bf67dc3ce09c826a618f2b0405887f448b11afa19bcfab848407a
c57e30f3e3440754bfd9c14304db0781d0d1226d5a3b093a4ed015f5007d5c62
c61902f54255238f30b59f46a3687e46ccdd93a945b9f106a5f4dfdaccc623cd
c632140a3fec8fa6713bdfa4b177a3b004946df0c82e66ac6239ba4a0abbf4b8
c70a2a33110d3dc9a178226e2280707fbadf70a289bf48de8e8f64710a652a2e
ca5a691ea0a5a7485c48827ef56c36cb4414693c72ef5f6a0067e5c9d3e00261
ca848bb459064d2d0a527bd0840ec4cbdea5545ab07b8dc7ebb61c8d0cb1a954
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd7b88c5b943d97c99f9fd825f7da2ee1d8742cd3b0e67b880108471e60a75ed
cdc3864d80194bc26de78834e1037981f2b1655d5591f163c75f1d7898a68615
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1112f3fc2a8b234715236a7efa22d5335c1c6267466031df7c2bc8d44de8f4d
d2716d1e5bd1c48702ac5f95a2afc4d0911162f0522d2e93da308bcea5c56643
d279a8f3340240ea270cd06bf0a845a4e83671a924833fb7cdb7f9d115d8860d
d2a1eb75cb12f487db4bfc7e6a8333445d6f6d45a4d4ad3c50fd8e5aac97af39
d2b555ba4a6687747c117903d3e01ef59af7bf1f484111550c949c250fde48ef
d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f
d3f71afc776255e6f474324ee27a263e723253c0a287309dcd16450b943cbe19
d40f62f4ec5f02ec2920b605bc9580148ab14d7532540ffa458ffb8cdeefe288
d451a5186906868b9d028355f2d05dcdd466557634a44e81a242c55a744e0e85
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d5ef37381138e5c82aba1b09a5e9cb76a193c998e80f09e9ec9cdb8c0eac8e17
d7e1852e847464aa848dff2855855f2581f7e8e0acba9772af1f2d2043f9a6e0
d98afb758b42e3def92d02970bcd70b1a5091e21330e26e670d8ddbfc00eb9cc
da50891ffc42d4c1579660f8495c39f0120342c869a96f7fa265333e131745d0
dc75858fd013068888958fc55b37ec3abff8b6189adc9276052817a607435c0d
ddfa452f752c05d749643b4221e6e18c92c0e8b6085b5ffa0ffe357935dbf60b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df2162738404820ca6bbe5528647556436553cf0ab8a44aab50bb1c70301dcd9
df4e046af88eb6c5d3c6ba6cc9f90e64ce53a1cdd55b9d0c8ec1a9f7e476fb75
df730e6582661cd11a990903a329825a15e825572d3ddaf1472be9caeb998cdd
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32
e0a3f45317ab3f3de302667a12739c6d68b6524002ef471d943e87596328c6a6
e1b55cad9ed4bc5fa17dce35251b15c2864dbda83b148d3eb8c2a2afaf71be47
e2618c8c103f14a7a5a25557d493d1a49232c36c1c660ac6719060683ecd64e0
e37d0123c6db2e4f396b839703916e1555b267225ccc9d6876c74ce0f47c9f79
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48f3d56a0f09cd02ca428f092676d895bde1fff0dd11e438282a548095caa20
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e55c01e3ca797dbf8af251c9d68755f6039f7792afe6866e46269e4036697d3d
e607d08076b9cdc2c3f973f3a2dd96884fd878c643b8c49212b9e823f590833a
e6b9066154742b01e16c785f97139ba1619d27a5e48940913650926bfebbab3e
e726f11d86820c2dd7671822e14a1dbebb1a2074cdfa2b7c949c49803dcf0e95
e7bd96688cbb98c39cc3c0dc22f09cbfd22d353d77b651ebc255cfaedfecdbc5
e8d1bab343171df11d991cf095665ff115609383d2fd48bd028f2472972cdd15
e9e05cd85d3088530453443f83b7258a668d25ca53d5555db0fab38ba6cb154c
ea51f498a2e11e522503ca4033674ae7233a3d2a5e5fe9c07491f5fbe5883ac7
eae76cb616003cb3e918dfd9f58d63cc8e832aa9d11a9eda64b1476af57e746a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce
ecf67dab7a65bddf784d19aef6cf92d15e42533dea1f911fe013b94abb5f94a3
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
edc30a0e05622f71d52d07a0b7b5e94e654ee06854f893be1954336730eb0db6
eeb4df351ca75ce2925ca9ddd959d51ad20444ee88c0feec245493021519657d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efaf4ad41f657cd1dc07408a59160cafa496db36c8ed259bff15ab87d80643d5
f0cd3732ca0e287e964e94a3635317a3c6c494906163013a24fb88b316e5270a
f26906b008d7b9516278fcecd8345df6ab9bed304a329b01c6a95ef09442b0f3
f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9
f4d84a5ec6a1d15b9ff25d814e4f54800f02fb8a0500eb4ac91ad237608ca3d4
f5be51a67acabdbde95cf4929031ebf7c071358a56c465c626c1b8053a79ea7e
f621f61617e2773f4d17084367e220df078b203bfab308c11808d005c4d2810b
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f68687158d2c493d42ae6dee2f15fc2c761da3abf8d92c4474e1dbc527b6930d
f6bb910d654e55f0965a16c0480e7a8bfd435ced42af50392720ea446f0cff84
f712e16e9b6277bdd02bd84f03cbf4623a875dbdb718bc1711e81003e75b0a2f
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f8d1f72f2ae2dcfef40eff969315c4f07e0d277d6978c36401240afd196cb235
f9002aaa6bb534761e09a262e44a64f34ace9135535eab711319ca14e1ff6973
fbb8abdfa438031112d280c087de15ebf1566221bb4577facc6dcfed36853818
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
febaf4a1ace567d9e1c2a64b9721eaa47cb418db39c8869b38ecd480bdfde322
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

ultrasurfing.com Open in urlscan Pro 2606:4700:e2::ac40:8103 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

521 Requests

83 %HTTPS

46 %IPv6

44 Domains

93 Subdomains

81 IPs

10 Countries

56899 kBTransfer

68590 kBSize

32 Cookies

41 Outgoing links

Redirected requests

521 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

ultrasurfing.com Open in urlscan Pro
2606:4700:e2::ac40:8103 Public Scan

Screenshot
Live screenshot

Full Image

521
Requests

83 %
HTTPS

46 %
IPv6

44
Domains

93
Subdomains

81
IPs

10
Countries

56899 kB
Transfer

68590 kB
Size

32
Cookies

521 HTTP transactions
16 data transactions